Splunk Search

Thread Info

Splunk Answers Content Calendar May 2025!

Hello Splunk Community! Welcome to another week of fun curated content as a part of our Splunk Answers Community C...

by Community Manager in

Autoformat and search results similar to "48a4.93b9.xxxx OR 48:a4:93:b9:xx:xx OR 48-a4-93-b9-xx-xx"

Hello. This search returns zero results, but a manual "OR" search shows results. I cannot find the reason (neither ...

by Engager in

support for fill-forward or "last observation carried forward"

Does splunk support fill-forward or "last observation carried forward".I want to create a daily based monitoring.One ...

by Engager in

There is a way to send some fileds of an alert to a kvs lookup?

Hi, this is my first interaction with Splunk Community so be patient please  I'm trying to output some fields fr...

by New Member in

Fields from lookup with Join missing

I have a query that detects missing systems. the lookup table has fields System, Location, responsible.I am trying t...

by Explorer in

Issue with Dropping Events via props.conf and transforms.conf

Hi Splunk Community, We’re currently trying to drop specific logs using props.conf and transforms.conf, but our con...

by Engager in

Need a query to find count of substring within string

I need a query that will tell me the count of a substring within a string like this ... "This is my [string]" and I...

by New Member in

Events with duplicate field extractions

Good afternoon, I have a monitoring architecture with three nodes with the Splunk Enterprise product. One node acts...

by Explorer in

URL aggregation in splunk query

Hello Everyone, Below is my splunk query: index="my_index" uri="*/experience/*" | stats count as hits by uri ...

by Path Finder in

Find searches that reference indexes that no longer exist

Hi, I'm trying to clean up an old splunk cloud instance. one thought that occurred to me is find scheduled searches...

by Engager in

Skipped search error on CMC | The maximum number of concurrent running jobs.....on this cluster has been reached

Hi Team, I have been observing 1 skipped search error indicating on my CMC. Error is -"The maximum number of concur...

by Explorer in

need demo of PKI Spotlight Add-on for Splunk

by New Member in

transaction command rows for large dataset

Here is my code: index=example sourcetype=wineventlog computer_name="example"| transaction computer_name startswith...

by Engager in

Problems with adding multi-value field through /var/spool/splunk

Hi Fellow Splunkers,How can I add multi-value field (array) directly to the index through `/var/spool/splunk`.I tried...

by Splunk Employee in

install splunk uba

opt/caspida/bin/Caspida setuphadoop ...............................Failed to run sudo -u hdfs hdfs namenode -format >...

by Explorer in

Grouping IP subnet and also show the IPs that it has grouped

I currently have this to group IPs into subnets and list the counts, I want it to also show the IP it has listed aswe...

by Observer in

tstats query taking very long time to execute

Hi everyone!I am working on building a dashboard which captures all the firewall, Web proxy, EDR, WAF, Email, DLP blo...

by Explorer in

How to efficiently match events to lookup with wildcards across multiple fields (prefer most specific match)?

I'm working with a CSV lookup that contains multiple fields which may include wildcard (*) values.The lookup is stru...

by Communicator in

How to apply role based filtering on Splunk Cloud Platform

Hello folks, We use Splunk cloud platform (managed by Splunk) for our logging system. We want to implement role bas...

by Engager in

Why Splunk search jobs stuck at "finalizing job" status for few days?

Symptoms: It usually happen in the next couple of hours after we manually deleted the stuck search jobs It only ha...

by Splunk Employee in

The xpath command does not work with XML prolog header lines (e.g. <?xml version="1.0"?>)

The xpath command does not work if the XML event contains valid prolog header lines (https://www.w3schools.com/xml/xm...

by Motivator in

search results different between splunk UI/portal and splunk API

Hi,I have this very simple splunk search query and i was able to run in splunk search portal or UI and I am using the...

by Path Finder in

eval to handle 2 scenarios

Hi, I have this field in this format and i am using eval to convert but sometimes there is an extra space in it aft...

by Path Finder in

Waiting for queued jobs to start

We are getting this particular error Waiting for queued jobs to start for most of our customers. When they click on m...

by Communicator in

Role Based filtering to mask JWT tokens and Emails

Hello folks, We use Splunk cloud platform for our logging system. I was trying to use the Search Filter under the R...

by Engager in

Help me with splunk query to monitor CPU and Memory utilized by splunk adhoc and alert searches

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

Splunk Answers Content Calendar May 2025!

Autoformat and search results similar to "48a4.93b9.xxxx OR 48:a4:93:b9:xx:xx OR 48-a4-93-b9-xx-xx"

support for fill-forward or "last observation carried forward"

There is a way to send some fileds of an alert to a kvs lookup?

Fields from lookup with Join missing

Issue with Dropping Events via props.conf and transforms.conf

Need a query to find count of substring within string

Events with duplicate field extractions

URL aggregation in splunk query

Find searches that reference indexes that no longer exist

Skipped search error on CMC | The maximum number of concurrent running jobs.....on this cluster has been reached

need demo of PKI Spotlight Add-on for Splunk

transaction command rows for large dataset

Problems with adding multi-value field through /var/spool/splunk

install splunk uba

Grouping IP subnet and also show the IPs that it has grouped

tstats query taking very long time to execute

How to efficiently match events to lookup with wildcards across multiple fields (prefer most specific match)?

How to apply role based filtering on Splunk Cloud Platform

Why Splunk search jobs stuck at "finalizing job" status for few days?

The xpath command does not work with XML prolog header lines (e.g. <?xml version="1.0"?>)

search results different between splunk UI/portal and splunk API

eval to handle 2 scenarios

Waiting for queued jobs to start

Role Based filtering to mask JWT tokens and Emails

Help me with splunk query to monitor CPU and Memory utilized by splunk adhoc and alert searches

Developer Spotlight with William Searle

Major Splunk Upgrade – Prepare your Environment for Splunk 10 Now!

Stay Connected: Your Guide to June Tech Talks, Office Hours, and Webinars!

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

Search for triggered save searches and their actio...

Splunk Search

Are you a member of the Splunk Community?

Discussions