Splunk Search

Thread Info

Splunk Answers Content Calendar May 2025!

Hello Splunk Community! Welcome to another week of fun curated content as a part of our Splunk Answers Community C...

by Community Manager in

Why Splunk search jobs stuck at "finalizing job" status for few days?

Symptoms: It usually happen in the next couple of hours after we manually deleted the stuck search jobs It only ha...

by Splunk Employee in

The xpath command does not work with XML prolog header lines (e.g. <?xml version="1.0"?>)

The xpath command does not work if the XML event contains valid prolog header lines (https://www.w3schools.com/xml/xm...

by Motivator in

search results different between splunk UI/portal and splunk API

Hi,I have this very simple splunk search query and i was able to run in splunk search portal or UI and I am using the...

by Path Finder in

eval to handle 2 scenarios

Hi, I have this field in this format and i am using eval to convert but sometimes there is an extra space in it aft...

by Path Finder in

Waiting for queued jobs to start

We are getting this particular error Waiting for queued jobs to start for most of our customers. When they click on m...

by Communicator in

Role Based filtering to mask JWT tokens and Emails

Hello folks, We use Splunk cloud platform for our logging system. I was trying to use the Search Filter under the R...

by New Member in

tstats query taking very long time to execute

Hi everyone!I am working on building a dashboard which captures all the firewall, Web proxy, EDR, WAF, Email, DLP blo...

by Explorer in

What is tstats and why is so much faster than stats?

Why is | tstats count where index=* by sourcetype so much faster than index=* | stats count by sourcetype ...

by Champion in

How can i export a list of all services in APM

I am trying to get a list of all services that are in APM. The APM usage report does not provide the name and only pr...

by New Member in

How do you list Index, sourcetype and source using the REST command?

Hi, I am working to list all the index with underlying sourcetypes and sources in it. For which I am currently ...

by Builder in

Need to change the span based on hour of day

Hello , I am trying to change in the search itself to change the span in timechart. So if the hour is say greater ...

by Loves-to-Learn in

comparing the data of lookup with index data and extrcat the info from Index

index=*sap sourcetype=FSC*| fields _time index Eventts ID FIELD_02 FIELD_01 CODE ID FIELD* source| rex field=index "^...

by Contributor in

Splunk search is not working in Splunk Cloud platform

Hi Team,On May 20th, we successfully migrated from Splunk On-Prem to Splunk Cloud. We have a scheduled search that ru...

by Loves-to-Learn Everything in

unable to sort the month fields chronological instead of alphabetically in output

Hi Everyone!I wrote a search query to get the blocked count of emails for last 6months and below is my query- |...

by Explorer in

Can't convert timeformat to unix

Hopefully I've only got a small problem this time, but I've had no luck fixing it despite hours of trying. All I'm tr...

by Path Finder in

How to show the line when its value is NULL with chart command / chartコマンドで行の値が0の時表示する方法

Hi, I try to display the number of events per day from multiple indexes. I wrote the below SPL, but when all index ...

by Explorer in

remove timepart and convert to date so that i can aggregate at the date level

Hi , I have this scenario where i am getting data from one of the index with 2 other specified filters like index=...

by Path Finder in

How do I import Azure NSG LOGs?

Hello there, I try to import Azure NSG flow Events. To get the data into Splunk I use the Splunk Add-on for Micros...

by Path Finder in

Search for a path the might not exist

Hi I have the following data (Below). I have a situation where I want to search for "*" on a search and have it ...

by Influencer in

How to Mute Alert using Lookup table

This is what I have setupindex=xxxxxx| eval HDate=strftime(_time,"%Y-%m-%d")| search NOT [ | inputlookup Date_Test.cs...

by Communicator in

Eventtype 'wineventlog_security' does not exist or is disabled

Hi, got some problem in my searches since a few days. I really don´t know what happend and no one changed the con...

by Loves-to-Learn in

Why is INDEXED_EXTRACTIONS=csv not working in props.conf?

I have a distributed Splunk instance with the search head separated from the Indexers. I want to drop a CSV file with...

by Communicator in

Using multiple lookups in a search

hello So i want to make a search .i am using index=endpoint_defender source="AdvancedHunting-DeviceInfo" | rex...

by Path Finder in

Alternates to join/append to avoid limitations

Situation: I have 2 data sets: Dataset 1 is a set of logs which includes IP addresses. When aggregated, there are 2...

by Path Finder in

Splunk search lookup

Have a data that returns ip field and values as below. Ip = 0.0.0.11 Ip= 0.0.0.12 There is a lookup that contai...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

Splunk Answers Content Calendar May 2025!

Why Splunk search jobs stuck at "finalizing job" status for few days?

The xpath command does not work with XML prolog header lines (e.g. <?xml version="1.0"?>)

search results different between splunk UI/portal and splunk API

eval to handle 2 scenarios

Waiting for queued jobs to start

Role Based filtering to mask JWT tokens and Emails

tstats query taking very long time to execute

What is tstats and why is so much faster than stats?

How can i export a list of all services in APM

How do you list Index, sourcetype and source using the REST command?

Need to change the span based on hour of day

comparing the data of lookup with index data and extrcat the info from Index

Splunk search is not working in Splunk Cloud platform

unable to sort the month fields chronological instead of alphabetically in output

Can't convert timeformat to unix

How to show the line when its value is NULL with chart command / chartコマンドで行の値が0の時表示する方法

remove timepart and convert to date so that i can aggregate at the date level

How do I import Azure NSG LOGs?

Search for a path the might not exist

How to Mute Alert using Lookup table

Eventtype 'wineventlog_security' does not exist or is disabled

Why is INDEXED_EXTRACTIONS=csv not working in props.conf?

Using multiple lookups in a search

Alternates to join/append to avoid limitations

Splunk search lookup

Splunk Answers Content Calendar, June Edition

What You Read The Most: Splunk Lantern’s Most Popular Articles!

See your relevant APM services, dashboards, and alerts in one place with the updated ...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions