Splunk Search

Thread Info

Splunk Answers Content Calendar May 2025!

Hello Splunk Community! Welcome to another week of fun curated content as a part of our Splunk Answers Community C...

by Community Manager in

Issue with NetFlow v9 Templates Not Received by Splunk Stream – Flows Being Dropped

Hi Splunk Community, I'm currently integrating Flowmon ndr as a NetFlow data exporter to Splunk Stream, but I’m enc...

by Explorer in

Join searches by hostname when one index has the short name and the other index has long name.

I am looking for away to join results from two indexes based on the hostname. The main index has the hostname as just...

by Path Finder in

How do I import Azure NSG LOGs?

Hello there, I try to import Azure NSG flow Events. To get the data into Splunk I use the Splunk Add-on for Micros...

by Path Finder in

Combining 2 splunks and displaying count

Hello, I have 2 seperate splunks as below . One is "v1 endpoint" and other is "v2 endpoint"v1 endpoint: index="abc"...

by Explorer in

SPL To only Pull Last Event Per Month

Looking for SPL that will give me the ID Cost by month, only grabbing the last event (_time) for that month. Sample ...

by Contributor in

Search for triggered save searches and their actions titles and users: Need help with subsearch

I want to use the 2nd search as a subsearch only bringing back the actions. How can I do this? SEARCH| rest /servic...

by Communicator in

Need help with Basic query over splunk

Please help share query to check > network logs and firewall blocks for specific Host machine> LDAP password login fa...

by New Member in

Efficiently Expanding Multiple Multi-Value Fields Using mvexpand in Splunk

Hello Splunkers !!How can I efficiently use the mvexpand command to expand multiple multi-value fields, considering i...

by Motivator in

how to do a match field between index and summary index

How do you run a match a field ID between two indexes?without using a sub search(due to limit of 10000 results)withou...

by Communicator in

separate rows from columns with multivalue

I'm trying to split a pair of rows with a pair of multivalued columns. The value in both columns is related to each p...

by Contributor in

create report if price values are different

this is my log i need a report like below: where I can see price difference in a single report. I don't...

by Path Finder in

How can I remove latitude and longitude values while hovering over map and instead display the address of location on the map?

I am using Splunk Cloud 6.5.0 version. How can i remove latitude and longitude values while hovering over map and dis...

by New Member in

0 counts

Hello, with this query : index=abc| search source = "xyz"| stats count by source I can see the count of sources...

by Engager in

Autoformat and search results similar to "48a4.93b9.xxxx OR 48:a4:93:b9:xx:xx OR 48-a4-93-b9-xx-xx"

Hello. This search returns zero results, but a manual "OR" search shows results. I cannot find the reason (neither ...

by Explorer in

what is wrong with these evals....

Hi, I have this search query where i aggregate using the stats and sum by few fields... When I run the query in spl...

by Path Finder in

Can I set up a PS4 Game Session Timer and Notification?

Hi I want to know how long and when either of two games are being played on the PS4 or a laptop and be notified vi...

by Observer in

make a table for a csv

Hi my data is comma delimited , there are 2 rows with a header. I'fd like the columns to be split by the comma int...

by Loves-to-Learn in

Data not showing on map

Hello, I have lookup file uploaded and now I want to see the data, I am not able to see it on map , I can see the det...

by Explorer in

How to modify a dashboard

Hi, i'm searching for a way to modify my app/dashboard to be able to modify the entries of a table (such as delete/du...

by Explorer in

Fields from lookup with Join missing

I have a query that detects missing systems. the lookup table has fields System, Location, responsible.I am trying t...

by Explorer in

Is there a way to be more efficient in writing this query - Regex/Wildcard/Substitution question

I have the below query I've written - I am used to SQL, SPL is still new to me. I feel like there has to be some way ...

by New Member in

Issue with Dropping Events via props.conf and transforms.conf

Hi Splunk Community, We’re currently trying to drop specific logs using props.conf and transforms.conf, but our con...

by Engager in

support for fill-forward or "last observation carried forward"

Does splunk support fill-forward or "last observation carried forward".I want to create a daily based monitoring.One ...

by Explorer in

There is a way to send some fileds of an alert to a kvs lookup?

Hi, this is my first interaction with Splunk Community so be patient please  I'm trying to output some fields fr...

by Explorer in

Need a query to find count of substring within string

I need a query that will tell me the count of a substring within a string like this ... "This is my [string]" and I...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

Splunk Answers Content Calendar May 2025!

Issue with NetFlow v9 Templates Not Received by Splunk Stream – Flows Being Dropped

Join searches by hostname when one index has the short name and the other index has long name.

How do I import Azure NSG LOGs?

Combining 2 splunks and displaying count

SPL To only Pull Last Event Per Month

Search for triggered save searches and their actions titles and users: Need help with subsearch

Need help with Basic query over splunk

Efficiently Expanding Multiple Multi-Value Fields Using mvexpand in Splunk

how to do a match field between index and summary index

separate rows from columns with multivalue

create report if price values are different

How can I remove latitude and longitude values while hovering over map and instead display the address of location on the map?

0 counts

Autoformat and search results similar to "48a4.93b9.xxxx OR 48:a4:93:b9:xx:xx OR 48-a4-93-b9-xx-xx"

what is wrong with these evals....

Can I set up a PS4 Game Session Timer and Notification?

make a table for a csv

Data not showing on map

How to modify a dashboard

Fields from lookup with Join missing

Is there a way to be more efficient in writing this query - Regex/Wildcard/Substitution question

Issue with Dropping Events via props.conf and transforms.conf

support for fill-forward or "last observation carried forward"

There is a way to send some fileds of an alert to a kvs lookup?

Need a query to find count of substring within string

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions