Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Search
Splunk Community
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
30,000 results
Sort by:
11-11-2024
03:38 AM
...d displayClient location_Name problem_detail detail bookmarkableLink status priority techGroupId techGroupLevel tech_Name reportDateUtc lastUpdated closeDate | stats values(problem_detail) as p...
03-03-2025
07:17 AM
I have this search to see logins to our splunk environment: index = _audit user="*" action="login attempt" info=succeeded | stats count by user mgmt is asking to see the same data but i...
Labels
- Labels:
-
count
-
field extraction
-
stats
-
table
12-18-2024
08:40 AM
...ield) is max. How can I use eval in stats to have this? something like this: | stats values(eval(title4 where value is max)) AS title4 BY title1 How can I do it? Ciao....
Labels
- Labels:
-
stats
Show results in replies (5)
-
...alue) as max_val by title1 | stats values(eval(if(value=max_val, title4, null()))) as title4 max(m...
-
Yup. +1 on eventstats. Stats will aggregate all data leaving you with just max value. Appendpipe w...
-
...s max_val BY title1 | stats values(eval(if(alert_level=max_val,t...
-
...lert_level) as selector by title1 | where selector=1 | stats values(title4) as title4s by title1 Don't get m...
-
...ventstats max(value) as max_val | where value == max_val | stats values(title4) as title4 by title1 &n...
01-02-2025
06:45 PM
With the assistance of this forum, I managed to combine the events of two sourcetypes and run stats to correlate the fields on a single shared field between the two sourcetypes. The problem is, w...
Labels
- Labels:
-
stats
09-06-2024
09:13 AM
...ut how to add the values function. | stats count as attack_number by FQDN,uri
| stats values(attack_type) as "Types of attack" For each FQDN/uri I want to have the number of attacks, and all t...
Labels
- Labels:
-
table
01-07-2025
10:46 AM
...eed to filter out name that contain "2" and stats count name based on location. I came up with this search, but the problem is it did not include location A (because the count is zero) P...
01-09-2024
07:49 AM
...trftime(_time,"%Y/%m/%d %H:%M:%S")
| rex "^.+transactType:\s(?P<transactType>(.\w+)+)"
| stats values(Fecha) as Fecha, values(transactType) as transactType by ID
This is Ok, if i want count t...
Labels
- Labels:
-
stats
01-05-2024
04:11 AM
Hi Splunk Team I am having issues while fetching data from 2 stats count fields together. Below is the query: index=test_index | rex "\.(?<TestMQ>.*)\@" | eval Priority_Level=case(P...
Show results in replies (9)
-
...]+)" | rex "RCV\.FROM\.(?<TestMQ>.*)\@" | stats count(eval(Priority=="Low")) as L...
-
...hile fetching data from 2 stats (TestMQ and Priority_Level) count fields together. Below is the q...
-
TestMQ doesn't appear in the same events as priority which is why the stats are coming out as zero
-
...val()) by creating a temporary field. | stats count(eval(condition)) is equivalent to | eval t...
-
...est_index | rex "\.(?<TestMQ>.*)\@" | stats count AS TotalCount count(eval(Priority="Low")) A...
-
...".key2 | stats count(eval(Priority="Low")) as Low, count(eval(Priority="Medium")) as Medium, count(e...
-
...nchor for the TestMQ field. That means that most of the events doesn't have the field. So if you do stats...
-
...edium & High columns - which is not correct. I want to combine both the stats and show the group by r...
-
...able _raw TestMQ key priority ```| stats values(TestMQ) AS TestMQ count(eval(Priority="Low")) as L...
09-18-2022
10:28 PM
Hello-
I am attempting to make a table and hopefully be able to integrate it into a dashboard.
Goal is to interrogate on two fields and pull stats accordingly.
FieldA has multiple v...
