Splunk Search

Discussions

Thread Info

Two queries with different timeframes using join. Is there a more efficient way?

Hi there. I am new to SPL and wondering how to make a particular query more efficient. In particular, I want to creat...

by New Member in

Where do the automatic lookups reside?

We have a couple of automatic lookups and I don't see them in the SH under /opt/splunk/etc/apps/<app_name>/lookups ...

by Ultra Champion in

How to Combine search query with a lookup file with one common field

Hi, i want to combine the results from my search query with a lookup table that i have uploaded. They both have 1 ...

by Engager in

hide calculated field from dashbaord

Hi, I have a calculated field call Percentage which is required for other calculations but i dont want that value...

by Communicator in

rex field not visible and cannot be used in eval

Hi I have this query and trying to do a eval case on the rex field value returned base | rex "#TAGRESPONSE.*RESPON...

by Path Finder in

Showing events in a raw web browser window ? literally have a very basic raw events vizualization

Hi, I have a strong request from my client that wants to be to be able to view events resulting from a SPL search ...

by Influencer in

eval case before inputlookup file search

I have a dashboard table with fields like below. Area field2 filed3 UK 100 200 US 300 400 In the drill down i am ...

by Communicator in

Regex Help: Parse CSV with whatever it has got rather than failing on entire line

Hi We have a regex/requirement to extract col1,col2,col3,col4 everytime. But the data may not contain col3 onwards ev...

by Super Champion in

Cannot search for value in extracted field

I have a field extraction that gets the message number from the raw message string .{22}\s0-9 The message strin...

by Explorer in

Is there a way not to restart entire splunk instance after making changes in .conf files?

In general after we make changes in .conf files splunk instance should restart. If we deploy splunk in production env...

by New Member in

how can i add my index to the search app to search by default?

hi, I have searched high and low for the instructions but cant seem to find the settings for enabling the search ...

by Explorer in

Merge two line charts

Hi , Very new to splunk. I need to search a index with two strings example: "ABC1" "XVZ2" And create a line ...

by New Member in

Problem with using stats for a count, and also to pull additional data

So, I am going through windows logs, and have output that works for me with something like: index=windows sourcety...

by Path Finder in

Find difference between time now and last event time

I am not sure why I am not getting results with this query, any suggestions? index= ______ | stats max(_time) as l...

by Contributor in

Site name from lookup table based on IP address

Hi splunk guru's. I'm trying to find a way (using SPL only - i am not an admin) to do the following: My vulnerability...

by New Member in

Find all greater, after 5 mins subtract different columns

Hi I want to calculate/simulate a data to analysis price difference, my data set in picture, left is my data se...

by Path Finder in

Join events and evaluate difference price

Hi I have data like this I am joined uuid over market data together like that But there is 4 ti...

by Path Finder in

Compare firewall action to track network flow changes

Hello guys, I'd like to check changes on the Checkpoint firewall logs but I haven't any result : index=xxx host...

by Motivator in

How to properly evaluate integer list from inputlookup subsearch?

I'm attempting to use a subsearch to extract a number of integers in order to transpose those integers as columns. He...

by New Member in

How can I add two new fields to my logs?

Hello, On my servers I used combined Apache logs, but I added two other fields at the end of the logs : SSL_PROTOC...

by New Member in

Splunk search interface for non-technical users?

Hi, This question may be a bit unusual. While I know SPL is already kind of "simple" enough to get a hang of for m...

by Explorer in

How can I use an if or eval statement to run a custom search command

Hello Splunkers - Can't figure out for the life of me how to use eval or if statement to call a custom search com...

by Path Finder in

map over makecontinuous not working ...

I'm trying to fill in the gaps in a set of data, where there are different gaps for each of the types. I've tried:...

by Explorer in

Purpose of the "AS" statement in SPLUNK

Hi, What is the purpose of the AS statement in splunk? I thought, when used, it creates an alias of a column/f...

by Path Finder in

Can we categorize the into fields based on the value of the field?

Hello, I have the below field with values Source abc_hd xyz_hd ppp sqr_sd aaa_sd I want to create a new f...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Two queries with different timeframes using join. Is there a more efficient way?

Where do the automatic lookups reside?

How to Combine search query with a lookup file with one common field

hide calculated field from dashbaord

rex field not visible and cannot be used in eval

Showing events in a raw web browser window ? literally have a very basic raw events vizualization

eval case before inputlookup file search

Regex Help: Parse CSV with whatever it has got rather than failing on entire line

Cannot search for value in extracted field

Is there a way not to restart entire splunk instance after making changes in .conf files?

how can i add my index to the search app to search by default?

Merge two line charts

Problem with using stats for a count, and also to pull additional data

Find difference between time now and last event time

Site name from lookup table based on IP address

Find all greater, after 5 mins subtract different columns

Join events and evaluate difference price

Compare firewall action to track network flow changes

How to properly evaluate integer list from inputlookup subsearch?

How can I add two new fields to my logs?

Splunk search interface for non-technical users?

How can I use an if or eval statement to run a custom search command

map over makecontinuous not working ...

Purpose of the "AS" statement in SPLUNK

Can we categorize the into fields based on the value of the field?

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions