Splunk Search

Community Activity

	Delete existing summary index and move its data to new summary index Before one week I created a summary index named waf_opco_yes_summary and it is working fine. Now they asked to change... by Karthikeya Communicator in Splunk Search 07-25-2025 0 10	0	10
	Eval multiple services in single query I am attempting to run a query that will find the status fo 3 services and list which ones are failed and which ones ... by cdevoe57 Path Finder in Splunk Search 07-24-2025 0 8	0	8
	How can I get the time difference between multiple events to know the time it took per process? I am trying to find the time taken by our processes. I wrote a basic query that fetch a start, end time, and the diff... by kuul13 Explorer in Splunk Search 07-24-2025 0 3	0	3
	How to improve readability with template formatted log messages in Splunk search? I have a dotnet application logging template formatted log messages with serilog library and since everything is in J... by kinicky Engager in Splunk Search 07-24-2025 0 2	0	2
	Creating a Hierarchical Search Hello!I have the following query with the provided fields to track consumption data for customers.action=load OR acti... by bp2025 Engager in Splunk Search 07-24-2025 0 1	0	1
	table view using spl {<!-- --> "abcdxyz" : {<!-- --> "transaction" : "abcdxyz", "sampleCount" : 60, "errorCount" : 13, "errorPct" : 21.666666... by yuvaraj_m91 Loves-to-Learn Lots in Splunk Search 07-24-2025 0 2	0	2
	How to default stats to zero when no rows returned? I have a query similar to the one below. index = "idx" source = "mysource" \|spath path=myField output=res\|stats cou... by schres1 Explorer in Splunk Search 07-23-2025 0 4	0	4
	Color cell from table conditionally on comparison between values Hi everyone,I'm working on a dashboard that's comparing two different applications. One of the tables has their perfo... by pedropiin Path Finder in Splunk Search 07-23-2025 0 4	0	4
	Skipped search - The maximum number of concurrent running jobs for this historical scheduled search on this cluster has Hi Team,I have been getting a skipped search notification in my CMC overview under Health from quite some time.It is ... by mchoudhary Explorer in Splunk Search 07-23-2025 0 1	0	1
	How to pass multiselect token values from main dashboard A to drilldown dashboard B Hi,I have a simple multi-select filter as below on my main dashboard.<input type="multiselect" token="projects" searc... by mbasharat Builder in Splunk Search 07-23-2025 0 10	0	10
	Remove string from field using REX I am trying to remove a field which has a suffix of sophos_event_input after the username. ExampleUsername_FieldJoe-... by Splunkie Explorer in Splunk Search 07-23-2025 0 3	0	3
	Joining records in a table I have an audit table with before and after records of changes made to a user table. So every time an update is made ... by DexterWard New Member in Splunk Search 07-23-2025 0 1	0	1
	spl2 module upload successful, and testing is also successful but it's nowhere to be found. Am I missing something? I have vscode running splunk extension and created a simple _default.spl2nb. I'm able to te... by kundeng Path Finder in Splunk Search 07-22-2025 0 2	0	2
	Splunk query to find a value outside of certain enum I want to search the "NONE" not in 3 allowed enum value. I need to ignore the "NONE" if it is in the allowed enum. Fo... by seetide New Member in Splunk Search 07-22-2025 0 6	0	6
	Remove string from field using REX or Replace I have a field, where all values are pre-fixed with "OPTIONS-IT\". I would like to remove this, but not sure on the b... by smcdonald20 Path Finder in Splunk Search 07-22-2025 0 6	0	6
	Create new fields using values from another field I have a field called key. key has multivalues that are also dynamic. I have another field called values, that is als... by bt149 Path Finder in Splunk Search 07-22-2025 0 5	0	5
	How to add division line on the scatter chart Hello everyone. I want to add line as division line on the scatter chart. I'd like to know which values are in speci... by jenny_life Path Finder in Splunk Search 07-21-2025 0 7	0	7
	Splunk user last login Time through LDAP I have a requirement where I want to see all users and their last login time, we are connected through Ldap so settin... by Nawab Communicator in Splunk Search 07-21-2025 0 3	0	3
	Is there a way to group the data by time and another field? I was able to write a query that group by api (msgsource) to show the response times, but I am trying to see if I can... by kuul13 Explorer in Splunk Search 07-20-2025 0 6	0	6
	input lookup Hi All,I have an input lookup file with 2 fields first filed contains some path and the second filed is an httpcode ... by tkrprakash Loves-to-Learn Lots in Splunk Search 07-17-2025 0 2	0	2
	Best Search Performance when adding filtering of events to query I am looking for the best way in terms of performance when adding filtering of certain events for security rules. Nor... by Na_Kang_Lim Path Finder in Splunk Search 07-17-2025 0 6	0	6
	How do you use the Database Connect Alert Action? Hello,I have Database Connect setup and it's working all fine. But I can't wrap my head around how the Alert Action w... by Andre_ Path Finder in Splunk Search 07-17-2025 0 8	0	8
	Sum of Multivalue (list) Items Given this search result:Company A Visa 15 MC 5 ... by OliverG91 Explorer in Splunk Search 07-16-2025 0 4	0	4
	SOCKS proxy traffic Hi everyone and thanks in advance.I'm trying to collate all our SOCKS traffic on our network over the last 90 days.Ou... by NorthropGrumman New Member in Splunk Search 07-16-2025 0 4	0	4
	Splitting an event into multiple events to conform to a data model I have events already in an index looking like this:{<!-- --> "location": "Paris", "temperature": 25, "humidity": 57}I ... by thierry Splunk Employee in Splunk Search 07-15-2025 0 10	0	10