Splunk Search

Community Activity

	Splunk alert when specific index SVC usage is too high or too low We currently have a search that shows a timeline graph of daily SVC usage by index. 10 of these indexes are our highe... by bwheelerice1 Loves-to-Learn Lots in Splunk Search 08-10-2025 0 6	0	6
	Power User cannot share saved searches despite having power role and having write permissions into their App We have a search app that a group of users are working from. All of the users have power role and we have given the p... by LOP22456 Explorer in Splunk Search 08-08-2025 0 6	0	6
	latest result hello i have a search and i want only latest result of this search . ok so the problem is for 1 DeviceName there are ... by SN1 Path Finder in Splunk Search 08-07-2025 0 11	0	11
	why field extraction doesn't work when defined as calculated field? I have this regex -^(?:[^ \\n]* ){7}(?P<src_host>[^ ]+)[^:\\n]:\\s+(?P<event_id>[a-f0-9]+:\\d+)(?:[^/\\n]/){2}(?P<d... by danielbb Motivator in Splunk Search 08-07-2025 0 1	0	1
	Where are the failures of sendemail logged in? Does anybody know where the failures of sendemail are being logged? I wonder about cases where the e-mail address no ... by danielbb Motivator in Splunk Search 08-06-2025 0 8	0	8
	Left join a table and a lookup to show matching and non-matching results Hi everyone!I am new with Splunk and probably this should be really easy for many of you. I am trying to left join a ... by Diana_a Explorer in Splunk Search 08-03-2025 0 3	0	3
	How to group the data by api name, date and various response times? I have tried to write a query that outputs the transaction counts, and response times but not sure how to group it by... by kuul13 Explorer in Splunk Search 08-01-2025 0 4	0	4
	Timestamp is extracted as none I have issue to transform data and extracting the fields value. Here is my sample data.2025-07-20T10:15:30+08:00 h1 t... by alvinsullivan01 Explorer in Splunk Search 08-01-2025 0 16	0	16
	Calculate avg of time values Hello All, Below is my dataset from a base query. How can i calculate the average value of the column ?Incidentavg_t... by neerajs_81 Builder in Splunk Search 07-31-2025 0 9	0	9
	srchFilter usage in backend with multiple roles We will create two indexes per application one for non_prod and one for prod logs in same splunk. They create 2 AD gr... by Karthikeya Communicator in Splunk Search 07-31-2025 0 29	0	29
	How do we reassign Knowledge Objects owned by a user to another user via api ? is it possible ? We have the "Reassign Knowledge Objects" option via SplunkCloud portal in the settings but is it possible to do it vi... by arvind_Sugajeev Explorer in Splunk Search 07-30-2025 0 5	0	5
	Hardcoded time parameters inside a search doesn't work with v9.4.3 Hello Splunkers,The hardcoded time parameters inside a simple search don't work with v9.4.3. It only takes the input... by Manjunathmuni Observer in Splunk Search 07-30-2025 0 9	0	9
	Can Splunk Federated Search be configured for bidirectional search? I want to configure Federated Search so that Deployment A can search Deployment B, and Deployment B can also search D... by meetmshah SplunkTrust in Splunk Search 07-30-2025 0 3	0	3
	Generate a list of users and assigned roles for them We are having multiple roles created in Splunk restricted by their index and users will be added to this role via AD ... by splunklearner Communicator in Splunk Search 07-29-2025 0 7	0	7
	Sort command not sorting as expected The Splunk documentation says that the order rule is lexicographic. I am trying to sort the following values:\| makere... by CyberAar Explorer in Splunk Search 07-29-2025 0 4	0	4
	Need to change the span based on hour of day Hello ,I am trying to change in the search itself to change the span in timechart. So if the hour is say greater tha... by wjrbrady Engager in Splunk Search 07-28-2025 0 12	0	12
	Mule Cloudhub integration with Splunk Cloud We are looking for feasible to integrate with Mule Cloudhub with Splunk Cloud directly for logs ingestion. Please sug... by prashanthan1987 Explorer in Splunk Search 07-28-2025 0 2	0	2
	Percentage of devices using an IPv6 address versus an IPv4 address. I have devices using a specific v4 address range and a specific v6 address range. I'd like to get the percent of devi... by Gunner New Member in Splunk Search 07-28-2025 0 1	0	1
	Splunk query - lookup utilization Hello all, I am working on an Splunk query which suppose to filter some logs by utilizing data from lookup. Consider ... by KishoreSrini Explorer in Splunk Search 07-28-2025 0 5	0	5
	Giving access to Single Shared Summary index for multiple app teama Sorry for everyone that I am posting multiple posts for my issue. Just summarising everything here.. please help me w... by Karthikeya Communicator in Splunk Search 07-26-2025 0 4	0	4
	Restrict search command usage (rest in particular) I am looking to restrict the use of certain search commands for particular users / roles. In particular I would like ... by JacobPN Path Finder in Splunk Search 07-25-2025 0 7	0	7
	How to filter a list of timestamps less than _time I need to filter a list of timestamps which are less than _time.this works:\| makeresults count=1 \| eval timestamps = ... by weidertc Contributor in Splunk Search 07-25-2025 0 3	0	3
	Delete existing summary index and move its data to new summary index Before one week I created a summary index named waf_opco_yes_summary and it is working fine. Now they asked to change... by Karthikeya Communicator in Splunk Search 07-25-2025 0 10	0	10
	Eval multiple services in single query I am attempting to run a query that will find the status fo 3 services and list which ones are failed and which ones ... by cdevoe57 Path Finder in Splunk Search 07-24-2025 0 8	0	8
	How can I get the time difference between multiple events to know the time it took per process? I am trying to find the time taken by our processes. I wrote a basic query that fetch a start, end time, and the diff... by kuul13 Explorer in Splunk Search 07-24-2025 0 3	0	3