Splunk Search

Community Activity

How to drop extra fields while maintaining groupby? To groupby? Or not to groupby? That is the question. (Not really. The question arises because trellis splitby seem... by yuanliu SplunkTrust in Splunk Search 2 hours ago 0 2	0	2
XML Extraction -issues with field extractions using props configuration file? Hello, When I extract fields from the structured XML files using props.conf, it is not extracted any key/value pairs... by SplunkDash Motivator in Splunk Search Sunday 0 6	0	6
Right Technical App to pull TLS details from Exchange Online Which Splunk Technical Application for Microsoft will pull the TLS details for email/Exchange? Need to be able to re... by donaldwayne1976 Engager in Splunk Search Thursday 0 2	0	2
Parsing queue size on UF is increasing ontinuosly and finally it gets blocked and forwarding stops I am trying to onboard data from a syslog server. But the size on UF is increasing continuously and finally it gets b... by SPLKrishna253 New Member in Splunk Search Wednesday 0 1	0	1
Need suggestions or advice to check status of same device on two systems Hello All,I have a generic question on using splunk. I have two systems, system A, and system B.If a device changes s... by eholz1 Builder in Splunk Search Wednesday 0 4	0	4
Dynamic search using global_time token for previous business day I've setup a dashboard based on charting trade queue information for our application which we are ingesting using a d... by wodrog Engager in Splunk Search a week ago 0 4	0	4
SPL \| makeresults\| eval sourcetype=split("BBCN-Kunshan,BSCN-Suzhou,BBSP-Malasiya,BTCN-Tianjin,BXCN-Xian,BCCN-Suzhouheadqu... by SN1 Path Finder in Splunk Search a week ago 0 2	0	2
Ingest actions and base64 decode Hi splunkers,I need to decode base64 fields before indexing them.I found a very old post with no good proposal for th... by _olivier_ Path Finder in Splunk Search 2 weeks ago 0 3	0	3
untranspose multi-field sparkline \| chart sparkline count by a,bI would like to have sparkline table like...a \| b \| count \| sparklinething1 \| fo... by coo Explorer in Splunk Search 2 weeks ago 0 4	0	4
SPLUNK ES 8.2.3 Drill Down not appearing I am facin big issue while creating use case on splunk and adding the drill down on the content management. I went to... by AbuNAM8 New Member in Splunk Search 2 weeks ago 0 0	0	0
How would I build a table of all metrics and their dimensions in splunk My splunk server is receiving metrics from collectd. I want to build a table showing the metrics, dimensions, and ... by charliesfx Explorer in Splunk Search 2 weeks ago 5 9	5	9
Support on SPL Query I need to display the Success percentage for each service day wise.I am doing stats and then table getting output as ... by dinesh001kumar Explorer in Splunk Search 2 weeks ago 0 4	0	4
Different behavior regarding JSON null Riding the coattail of Re: Why is the null value in a JSON event not being parsed properly as NULL?, I constructed tw... by yuanliu SplunkTrust in Splunk Search 2 weeks ago 1 4	1	4
Head not stopping the search When I use the search below, the event is 25 days ago, set search to last 30 takes 10 seconds, set to 90 days takes 2... by Didalready Explorer in Splunk Search 3 weeks ago 0 1	0	1
Custom report list all investigations and the associated findings (notable events) Hello everyone,I am trying to create a custom report that lists Investigations alongside the Notable Events (Findings... by ThuLe Explorer in Splunk Search 3 weeks ago 0 5	0	5
Help required: Need SPL to extract all Dashboard Queries Hi everyone,I need some help with a SPL query.I am trying to create an inventory of all queries running in my dashboa... by satyaallaparthi Communicator in Splunk Search 4 weeks ago 0 9	0	9
Outputlookup Before Lookup I'm working with a search that starts by filtering for all process events in Windows and then sending them to a looku... by dtaylor Path Finder in Splunk Search 4 weeks ago 0 2	0	2
List fields after rare command Hi,Iam using below splunk to help identify least common values of runTime field in myEventRecType file . i get the re... by bmer Explorer in Splunk Search a month ago 0 4	0	4
Long field names Good day, I often run up against the issue of wanting to drag the text of a field name from the browser into a separa... by andrewpense825 Explorer in Splunk Search 12-18-2025 1 4	1	4
Create a moving baseline week over week for firewall traffic Hi Team,I have been trying to work on a query I found on a blog that was trying to calculate and tag a week over week... by JohnEGones Communicator in Splunk Search 12-17-2025 0 4	0	4
Does retention policy depend on indextime or _time? how can we get the oldest index time of an index ? Does retention policy depend on indextime or _time ? by nawazns5038 Builder in Splunk Search 12-17-2025 1 20	1	20
REST query via console vs API showing different results Executive overview: We're using Splunk Cloud (Victoria Experience), and we're in the process of spinning up a new ins... by bpenny Explorer in Splunk Search 12-15-2025 0 1	0	1
json_extend Scalar Bug, or Coercing JSON Scalars into JSON Arrays Hi Splunkers!In the current json_extend documentation <https://help.splunk.com/en/splunk-enterprise/spl-search-refere... by tscroggins Champion in Splunk Search 12-14-2025 0 5	0	5
Splunk botsv3 dataset doesn't show mentioned sourcetypes Hi everyone!I recently installed splunk and ingested botsv3 dataset through mentioned /etc/apps and gui too. The bots... by zeshan66 New Member in Splunk Search 12-14-2025 0 1	0	1
Why Long running searches, with time spent in ReducePhaseExecutor and PreviewExecutor Hi guys I have an installation on Splunk 8.1.2 where we have XmlWinEventLog data ingested. When we run this search:... by agneticdk Path Finder in Splunk Search 12-12-2025 1 4	1	4