Splunk Search

Community Activity

Support on SPL Query I need to display the Success percentage for each service day wise.I am doing stats and then table getting output as ... by dinesh001kumar Engager in Splunk Search yesterday 0 4	0	4
Different behavior regarding JSON null Riding the coattail of Re: Why is the null value in a JSON event not being parsed properly as NULL?, I constructed tw... by yuanliu SplunkTrust in Splunk Search Sunday 1 5	1	5
Head not stopping the search When I use the search below, the event is 25 days ago, set search to last 30 takes 10 seconds, set to 90 days takes 2... by Didalready Explorer in Splunk Search a week ago 0 1	0	1
Custom report list all investigations and the associated findings (notable events) Hello everyone,I am trying to create a custom report that lists Investigations alongside the Notable Events (Findings... by ThuLe Explorer in Splunk Search a week ago 0 5	0	5
Help required: Need SPL to extract all Dashboard Queries Hi everyone,I need some help with a SPL query.I am trying to create an inventory of all queries running in my dashboa... by satyaallaparthi Communicator in Splunk Search a week ago 0 9	0	9
Outputlookup Before Lookup I'm working with a search that starts by filtering for all process events in Windows and then sending them to a looku... by dtaylor Path Finder in Splunk Search 2 weeks ago 0 2	0	2
List fields after rare command Hi,Iam using below splunk to help identify least common values of runTime field in myEventRecType file . i get the re... by bmer Explorer in Splunk Search 2 weeks ago 0 4	0	4
Long field names Good day, I often run up against the issue of wanting to drag the text of a field name from the browser into a separa... by andrewpense825 Explorer in Splunk Search 3 weeks ago 1 4	1	4
Create a moving baseline week over week for firewall traffic Hi Team,I have been trying to work on a query I found on a blog that was trying to calculate and tag a week over week... by JohnEGones Communicator in Splunk Search 3 weeks ago 0 4	0	4
Does retention policy depend on indextime or _time? how can we get the oldest index time of an index ? Does retention policy depend on indextime or _time ? by nawazns5038 Builder in Splunk Search 3 weeks ago 1 20	1	20
REST query via console vs API showing different results Executive overview: We're using Splunk Cloud (Victoria Experience), and we're in the process of spinning up a new ins... by bpenny Explorer in Splunk Search 3 weeks ago 0 1	0	1
json_extend Scalar Bug, or Coercing JSON Scalars into JSON Arrays Hi Splunkers!In the current json_extend documentation <https://help.splunk.com/en/splunk-enterprise/spl-search-refere... by tscroggins Champion in Splunk Search 3 weeks ago 0 5	0	5
Splunk botsv3 dataset doesn't show mentioned sourcetypes Hi everyone!I recently installed splunk and ingested botsv3 dataset through mentioned /etc/apps and gui too. The bots... by zeshan66 New Member in Splunk Search 3 weeks ago 0 1	0	1
Why Long running searches, with time spent in ReducePhaseExecutor and PreviewExecutor Hi guys I have an installation on Splunk 8.1.2 where we have XmlWinEventLog data ingested. When we run this search:... by agneticdk Path Finder in Splunk Search 4 weeks ago 1 4	1	4
How to build searches based on Incident Review Hello!SOC analyst here. I am looking to build a dashboard that gives data and statistics when an alert in Incident re... by ajmach343 Explorer in Splunk Search 4 weeks ago 0 2	0	2
Track User Login/Logout exclude first 2 hours of the day (midnight-2am) index=endpoint_ms_winevents sourcetype=XmlWinEventLog user=TESTER EventID=4624 OR EventID=4634\| stats earliest_time(_... by wingfieldj Explorer in Splunk Search 4 weeks ago 0 6	0	6
Looking for feedback on SPL design using map command (concerns about performance and safety) Hi Splunk Community,I have created the following SPL for scheduled alerts. Some parts are masked for confidentiality,... by Kimiko New Member in Splunk Search 4 weeks ago 0 4	0	4
Streamstats with rex and multiple "by" fields I am attempting to rex out some fields from a source log and then if FIELD1 changes in a 24 hour period when the othe... by RobK700000 Engager in Splunk Search 4 weeks ago 0 1	0	1
List of existing indexes Is it possible to get list of all indexes with creation time and who created the index? by Sailesh6891 Engager in Splunk Search a month ago 0 3	0	3
Classify IPv4 and IPv6 addresses as Internal vs External How can I reliably classify IPv4 and IPv6 addresses as internal vs external? Requirements:Handle both IPv4 and IPv6V... by msquicc Path Finder in Splunk Search a month ago 0 1	0	1
Splunk tstats search with IPV6 subnet - WHERE clause is not an exact query Hello,I want to run a datamodel tstats search, excluding some events with a lookup for src_ip's. In case I fill the l... by mfleitma Explorer in Splunk Search a month ago 0 5	0	5
Matching with a lookup I'm trying to set up a regular search to check all our GitHub packages against the latest Shai Hulud npm packages.wit... by DaveBunn Path Finder in Splunk Search a month ago 0 3	0	3
Ingest actions and base64 decode Hi splunkers,I need to decode base64 fields before indexing them.I found a very old post with no good proposal for th... by _olivier_ Path Finder in Splunk Search a month ago 0 2	0	2
AnomaliDetection does not detect outlier data In the below dataset, there are two different ISPs for the user from their usual ones.NordVPN for John and Quadranet ... by ashishmgupta Explorer in Splunk Search 12-06-2025 0 2	0	2
Return results if join has no results. Hi all,I have a search with a Join. For the event I am Joining the Master search may not always have corresponding ev... by becksyboy Contributor in Splunk Search 12-04-2025 0 2	0	2