Splunk Search

Ask a Question

Discussions

Thread Info

Attempting to write a search to find all CrowdStrike agents that are installed on the hosts in our environment

Hello, Got tasked with finding all hosts that didnt have the crowdstrike agent installed and running into problems ...

by New Member in

Run predict command for multiple disk in same query

I have multiple disk like C, D & E on server and want to do the prediction for multiple disk in same query. index=m...

by Explorer in

Can’t search by sourcetype without index – data ingested via HEC, visible by index

Hi community, I'm running into a permissions/visibility issue (I don't know) with an index created for receiving da...

by Explorer in

I want to replace hard coded text "Today" by current system date in splunk report

I want to replace hard coded text "Today" by current system date in splunk report. Please help if it is possible.Plea...

by Path Finder in

REGEX Problem : Json Structure and sub structure

Hello. For reasons of JSON log splitting, I have a problem with a complex structure. The integration is in a forw...

by Explorer in

Dashboard-Data and search as one query

Hi Team,Currently in my dashboard i am using two separate query for data and search lambda separetly and added to the...

by Communicator in

Using Lookup to determine Field Value

I have a unique situation with my customer. I want to create a lookup table that the customer can put fields they wa...

by Path Finder in

New metadata field for all events coming via UF for custom application

Added the config for the new metadata field in the inputs.conf file and created a fields.conf file to set the field a...

by Engager in

How to join 2 logs using trx_id

Hello Friends, I am trying to join the 2 logs with same index using trx_id(here it is called X_Correlation_ID ) but...

by Explorer in

How to pivot data

I have data like this id time Conatctsx14/22/2011 10:00676689x14/23/2011 11:00 I want it like as sho...

by Path Finder in

Send an Email for each lookup .csv processed.

Hi Splunk Community team,Please help:I have N number of lookup lk_file_abc3477.csv, lk_file_xare000csv, lk_file_ppbc3...

by Explorer in

timechart but only for the top 5

I want to use timechart to show a graph of the progress of an item so I use this command | timechart span=1w count...

by Motivator in

Renaming fields generically based on lookup table/second source

We have a setup of data going to splunk, where we query a number of files with varying numbers of fields (sometimes o...

by Path Finder in

Excluding holidays and weekends for Alert and alert if there is 0 events

My search query:Index=xxx <xxxxxxx>|eval Date=strftime(_time,"%Y-%m-%d")| lookup holidays.csv HolidayDate as Date out...

by Communicator in

How to use "case" command with count?

I am looking to make a "pulse" dashboard for a host on my network, it will pulse green up when up and red when down. ...

by Explorer in

Set the index with a field when using collect command

Hello! I'm looking to set the index parameter of the collect command with the value of a field from each event. H...

by Contributor in

Search for events that have only specific multiple values in a field

Hey all - I have a need to search for events in Splunk that contain two specific values in one field. I want the resu...

by Engager in

Help with accessing the latest event

Hi, I have dataset in the following format Name,Status,Timestamp ABC,F, 04/24/2025 15:30:03 ABC, R, 04/24/202...

by Explorer in

Need a rex to extract an ip address with a trailing port number

I would like to extract an ip address from a text field where the ip address has a trailing port number. The text i...

by Path Finder in

Why the same query returning different results on REST?

The following query return the expected result on Postman but return a different result on Javacsript fetch: se...

by New Member in

Replacing single backslash with double backslash and searching the result

Hi all,I'm trying to dynamically replace single backslashes with double backslashes in a search string and use the re...

by Engager in

How to add dark theme compatibility to custom app?

We use a custom app in our Splunk Cloud instance to segregate dashboards and searches from other teams. With the rece...

by Explorer in

Table a query with X and Y

Good afternoon Splunk Team, I have my search query: index=example_mine host=x.x.x.x [ | inputlookup myfiile.csv ...

by Engager in

Need to see data for the months with no events as zero

Hi all, I have a situation. Below is my search. Search needs to produce past 6 months of report. The goal is to pro...

by Builder in

splunk dashboard

So i have a dashboard and in drilldown i am showing severity in the servers now i want whenever the severity is solv...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Attempting to write a search to find all CrowdStrike agents that are installed on the hosts in our environment

Run predict command for multiple disk in same query

Can’t search by sourcetype without index – data ingested via HEC, visible by index

I want to replace hard coded text "Today" by current system date in splunk report

REGEX Problem : Json Structure and sub structure

Dashboard-Data and search as one query

Using Lookup to determine Field Value

New metadata field for all events coming via UF for custom application

How to join 2 logs using trx_id

How to pivot data

Send an Email for each lookup .csv processed.

timechart but only for the top 5

Renaming fields generically based on lookup table/second source

Excluding holidays and weekends for Alert and alert if there is 0 events

How to use "case" command with count?

Set the index with a field when using collect command

Search for events that have only specific multiple values in a field

Help with accessing the latest event

Need a rex to extract an ip address with a trailing port number

Why the same query returning different results on REST?

Replacing single backslash with double backslash and searching the result

How to add dark theme compatibility to custom app?

Table a query with X and Y

Need to see data for the months with no events as zero

splunk dashboard

Can’t make it to .conf25? Join us online!

What Is Splunk? Here’s What You Can Do with Splunk

Level Up Your .conf25: Splunk Arcade Comes to Boston

Manual Instrumentation with Splunk Observability Cloud: How to Instrument Frontend ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!