Splunk Search

Community Activity

XML Extraction -issues with field extractions using props configuration file? Hello, When I extract fields from the structured XML files using props.conf, it is not extracted any key/value pairs... by SplunkDash Motivator in Splunk Search 3 hours ago 0 6	0	6
Right Technical App to pull TLS details from Exchange Online Which Splunk Technical Application for Microsoft will pull the TLS details for email/Exchange? Need to be able to re... by donaldwayne1976 Engager in Splunk Search Thursday 0 2	0	2
Parsing queue size on UF is increasing ontinuosly and finally it gets blocked and forwarding stops I am trying to onboard data from a syslog server. But the size on UF is increasing continuously and finally it gets b... by SPLKrishna253 New Member in Splunk Search Wednesday 0 1	0	1
Need suggestions or advice to check status of same device on two systems Hello All,I have a generic question on using splunk. I have two systems, system A, and system B.If a device changes s... by eholz1 Builder in Splunk Search Wednesday 0 4	0	4
Dynamic search using global_time token for previous business day I've setup a dashboard based on charting trade queue information for our application which we are ingesting using a d... by wodrog Engager in Splunk Search Monday 0 4	0	4
SPL \| makeresults\| eval sourcetype=split("BBCN-Kunshan,BSCN-Suzhou,BBSP-Malasiya,BTCN-Tianjin,BXCN-Xian,BCCN-Suzhouheadqu... by SN1 Path Finder in Splunk Search Monday 0 2	0	2
Ingest actions and base64 decode Hi splunkers,I need to decode base64 fields before indexing them.I found a very old post with no good proposal for th... by _olivier_ Path Finder in Splunk Search a week ago 0 3	0	3
untranspose multi-field sparkline \| chart sparkline count by a,bI would like to have sparkline table like...a \| b \| count \| sparklinething1 \| fo... by coo Explorer in Splunk Search a week ago 0 4	0	4
SPLUNK ES 8.2.3 Drill Down not appearing I am facin big issue while creating use case on splunk and adding the drill down on the content management. I went to... by AbuNAM8 New Member in Splunk Search 2 weeks ago 0 0	0	0
How would I build a table of all metrics and their dimensions in splunk My splunk server is receiving metrics from collectd. I want to build a table showing the metrics, dimensions, and ... by charliesfx Explorer in Splunk Search 2 weeks ago 5 9	5	9
Support on SPL Query I need to display the Success percentage for each service day wise.I am doing stats and then table getting output as ... by dinesh001kumar Explorer in Splunk Search 2 weeks ago 0 4	0	4
Different behavior regarding JSON null Riding the coattail of Re: Why is the null value in a JSON event not being parsed properly as NULL?, I constructed tw... by yuanliu SplunkTrust in Splunk Search 2 weeks ago 1 5	1	5
Head not stopping the search When I use the search below, the event is 25 days ago, set search to last 30 takes 10 seconds, set to 90 days takes 2... by Didalready Explorer in Splunk Search 3 weeks ago 0 1	0	1
Custom report list all investigations and the associated findings (notable events) Hello everyone,I am trying to create a custom report that lists Investigations alongside the Notable Events (Findings... by ThuLe Explorer in Splunk Search 3 weeks ago 0 5	0	5
Help required: Need SPL to extract all Dashboard Queries Hi everyone,I need some help with a SPL query.I am trying to create an inventory of all queries running in my dashboa... by satyaallaparthi Communicator in Splunk Search 3 weeks ago 0 9	0	9
Outputlookup Before Lookup I'm working with a search that starts by filtering for all process events in Windows and then sending them to a looku... by dtaylor Path Finder in Splunk Search 3 weeks ago 0 2	0	2
List fields after rare command Hi,Iam using below splunk to help identify least common values of runTime field in myEventRecType file . i get the re... by bmer Explorer in Splunk Search a month ago 0 4	0	4
Long field names Good day, I often run up against the issue of wanting to drag the text of a field name from the browser into a separa... by andrewpense825 Explorer in Splunk Search 12-18-2025 1 4	1	4
Create a moving baseline week over week for firewall traffic Hi Team,I have been trying to work on a query I found on a blog that was trying to calculate and tag a week over week... by JohnEGones Communicator in Splunk Search 12-17-2025 0 4	0	4
Does retention policy depend on indextime or _time? how can we get the oldest index time of an index ? Does retention policy depend on indextime or _time ? by nawazns5038 Builder in Splunk Search 12-17-2025 1 20	1	20
REST query via console vs API showing different results Executive overview: We're using Splunk Cloud (Victoria Experience), and we're in the process of spinning up a new ins... by bpenny Explorer in Splunk Search 12-15-2025 0 1	0	1
json_extend Scalar Bug, or Coercing JSON Scalars into JSON Arrays Hi Splunkers!In the current json_extend documentation <https://help.splunk.com/en/splunk-enterprise/spl-search-refere... by tscroggins Champion in Splunk Search 12-14-2025 0 5	0	5
Splunk botsv3 dataset doesn't show mentioned sourcetypes Hi everyone!I recently installed splunk and ingested botsv3 dataset through mentioned /etc/apps and gui too. The bots... by zeshan66 New Member in Splunk Search 12-14-2025 0 1	0	1
Why Long running searches, with time spent in ReducePhaseExecutor and PreviewExecutor Hi guys I have an installation on Splunk 8.1.2 where we have XmlWinEventLog data ingested. When we run this search:... by agneticdk Path Finder in Splunk Search 12-12-2025 1 4	1	4
How to build searches based on Incident Review Hello!SOC analyst here. I am looking to build a dashboard that gives data and statistics when an alert in Incident re... by ajmach343 Explorer in Splunk Search 12-12-2025 0 2	0	2