Splunk Search

Discussions

Thread Info

Events from Docker do not have proper field extractions

We are sending test data from a docker container to splunk via the splunk logging driver. I am able to vie the data b...

by Explorer in

Windows Event Log 4625 - Eval Account_Name Search Issue

Hello, I have the following search: index=security_wineventlog EventCode=4625 | table _time, Workstation_Name, ...

by Path Finder in

Using Stats List to get multiple UserIDs into a single field by IP. Need to sort by UserID

Might have trouble explaining this in an understandable way, might be why I was unable to google my answer. I'm u...

by Path Finder in

Why does geostats represent one and two arguments differently?

Im trying to represent som values with geostats, when I do this: | geostats values(OK) by name geostats presen...

by Path Finder in

Can I do "add to search" without kicking off a new search?

Sometimes when I am looking at search results, I would like to add several field's values to my search terms. Ideally...

by Builder in

Combine events based on timestamps in event

I have events as following Category=a starttime="2017-11-14 05:25:22" Category=b starttime="2017-11-14 05:29:22" Cate...

by New Member in

How to group results from two rex together into one Column Chart?

I am doing a search query where there will be a dynamic client ID with either a success or a failure result code -- I...

by Explorer in

eval to create temporary field for sorting

I have a filed1 whose values are like below TS - asfdfe sdrerw TS - ieirrrr werr TS - ierr werflll BS - errriowr e...

by Communicator in

Can I custom code a Splunk table to include JSON in a cell (without having the line feeds/endings removed)?

I have a Splunk application I am developing where I must put a pretty-print formatted JSON into the cell of a Splunk ...

by Path Finder in

Search for users logons from different geo locations

I have build a query so far to look at users who log on from 2 different geo locations, however index=microsoft ...

by Explorer in

Iist IPs from different columns

Is it an easy way to list IP's from different columns into one? For instance, header ip1 ip2 ip3...

by Communicator in

How can I write a search to find hosts that are not sending logs to Splunk or show the last time a host sent logs to Splunk?

Hi we have list of hosts that are logging splunk and sending logs to splunk .Since when i created the lookup to check...

by Communicator in

space in my field with the field I extracted with a regex

Hi, Use a regex to extract some fields from my log with the regex101.com tool. but when I do the search for the mix ...

by Engager in

Strange behaviour with | table *

Hi all, I have some issues with the results from using | table * I start with a simple data selection: sour...

by Path Finder in

How to extract field with regex such as sentence with space

Hi regex masters, Please help me. Below are sample xml logs. Incident Number: 151719935 Date Of Incident: 1...

by Splunk Employee in

How to apply the fit command with a "by" field

Hi Everyone, So I have data like this in my lookup table fields A | B | C 10| 2 | red 4 | 6 | red 9 | 1 ...

by Explorer in

Almost no search results after upgrading to 7.0.0

Upgraded from 6.1 to 7.0 and now none of my old searches gives any results i.e dashboard searces. As a Splunk rook...

by Path Finder in

How to trigger an action when no results are found (without using the settings in a saved alert)

My organization using something called Ticketer to in Splunk to auto-generate an incident form when something shows u...

by Explorer in

single value trend with earliest

I've got the followingsearch: | stats values earliest(AG_Z) AS A_Z values earliest(D_AG) AS D_A_I | eval eA_Z=str...

by Path Finder in

How to extract user behavior pattern during peak load from web access log

From NFR perspective trying to figure out how to use Splunk to extract user behavior pattern during peak load conditi...

by New Member in

How to make list(x) include all values?

list(x) does not return all values. If I have white space as my value, list omits it. Here is a simplified example of...

by New Member in

Splunk Light Email Anonymization before Indexing

Hello everybody, I am new to Splunk and I try to anonymize an email adress of my Logfile with the help of files p...

by New Member in

We are getting error when we search with windows index , this is happening from past month

Below is the error we got [hsplunkp01] Dispatch Runner: Configuration initialization for /opt/splunk/var/run/sear...

by Explorer in

Session duration calculation

Hi, I have this data Time Event 11/13/17 5:12:53.000 PM { [-] analyticType: SessionEnd ...

by Motivator in

How to extract a dynamic String that is comma delimited (it comes directly after a constant)?

The Splunk logs I'm working with are big and don't come with any predefined useful fields. I want to extract a dynami...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Events from Docker do not have proper field extractions

Windows Event Log 4625 - Eval Account_Name Search Issue

Using Stats List to get multiple UserIDs into a single field by IP. Need to sort by UserID

Why does geostats represent one and two arguments differently?

Can I do "add to search" without kicking off a new search?

Combine events based on timestamps in event

How to group results from two rex together into one Column Chart?

eval to create temporary field for sorting

Can I custom code a Splunk table to include JSON in a cell (without having the line feeds/endings removed)?

Search for users logons from different geo locations

Iist IPs from different columns

How can I write a search to find hosts that are not sending logs to Splunk or show the last time a host sent logs to Splunk?

space in my field with the field I extracted with a regex

Strange behaviour with | table *

How to extract field with regex such as sentence with space

How to apply the fit command with a "by" field

Almost no search results after upgrading to 7.0.0

How to trigger an action when no results are found (without using the settings in a saved alert)

single value trend with earliest

How to extract user behavior pattern during peak load from web access log

How to make list(x) include all values?

Splunk Light Email Anonymization before Indexing

We are getting error when we search with windows index , this is happening from past month

Session duration calculation

How to extract a dynamic String that is comma delimited (it comes directly after a constant)?

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions