Splunk Search

Community Activity

What is tstats and why is so much faster than stats? Why is \| tstats count where index=* by sourcetype so much faster than index=* \| stats count by sourcetype ? by a212830 Champion in Splunk Search 06-01-2025 20 8	20	8
How can i export a list of all services in APM I am trying to get a list of all services that are in APM. The APM usage report does not provide the name and only pr... by asif_khan1 New Member in Splunk Search 05-30-2025 0 0	0	0
How do you list Index, sourcetype and source using the REST command? Hi, I am working to list all the index with underlying sourcetypes and sources in it. For which I am currently usin... by harshal_chakran Builder in Splunk Search 05-30-2025 0 7	0	7
comparing the data of lookup with index data and extrcat the info from Index index=sap sourcetype=FSC\| fields _time index Eventts ID FIELD_02 FIELD_01 CODE ID FIELD* source\| rex field=index "^... by smanojkumar Contributor in Splunk Search 05-30-2025 0 12	0	12
Splunk search is not working in Splunk Cloud platform Hi Team,On May 20th, we successfully migrated from Splunk On-Prem to Splunk Cloud. We have a scheduled search that ru... by Pooja1 Loves-to-Learn Everything in Splunk Search 05-29-2025 0 2	0	2
unable to sort the month fields chronological instead of alphabetically in output Hi Everyone!I wrote a search query to get the blocked count of emails for last 6months and below is my query-\| tstats... by mchoudhary Explorer in Splunk Search 05-29-2025 0 9	0	9
Can't convert timeformat to unix Hopefully I've only got a small problem this time, but I've had no luck fixing it despite hours of trying. All I'm tr... by dtaylor Path Finder in Splunk Search 05-28-2025 0 2	0	2
How to show the line when its value is NULL with chart command / chartコマンドで行の値が0の時表示する方法 Hi, I try to display the number of events per day from multiple indexes.I wrote the below SPL, but when all index val... by mint_choco Explorer in Splunk Search 05-28-2025 0 1	0	1
remove timepart and convert to date so that i can aggregate at the date level Hi , I have this scenario where i am getting data from one of the index with 2 other specified filters likeindex=ind... by Raj_Splunk_Ing Path Finder in Splunk Search 05-28-2025 0 5	0	5
Search for a path the might not exist Hi I have the following data (Below).I have a situation where I want to search for "*" on a search and have it return... by robertlynch2020 Influencer in Splunk Search 05-28-2025 0 8	0	8
How to Mute Alert using Lookup table This is what I have setupindex=xxxxxx\| eval HDate=strftime(_time,"%Y-%m-%d")\| search NOT [ \| inputlookup Date_Test.cs... by Cheng2Ready Communicator in Splunk Search 05-27-2025 0 13	0	13
Eventtype 'wineventlog_security' does not exist or is disabled Hi,got some problem in my searches since a few days.I really don´t know what happend and no one changed the configura... by Benny87 Loves-to-Learn in Splunk Search 05-27-2025 0 7	0	7
Why is INDEXED_EXTRACTIONS=csv not working in props.conf? I have a distributed Splunk instance with the search head separated from the Indexers. I want to drop a CSV file with... by ebailey Communicator in Splunk Search 05-22-2025 2 10	2	10
Using multiple lookups in a search hello So i want to make a search .i am using index=endpoint_defender source="AdvancedHunting-DeviceInfo" \| rex field=... by SN1 Path Finder in Splunk Search 05-22-2025 0 7	0	7
Alternates to join/append to avoid limitations Situation: I have 2 data sets:Dataset 1 is a set of logs which includes IP addresses. When aggregated, there are 200,... by kaeleyt Path Finder in Splunk Search 05-22-2025 0 3	0	3
Splunk search lookup Have a data that returns ip field and values as below.Ip = 0.0.0.11Ip= 0.0.0.12There is a lookup that contains field ... by Harikiranjammul Explorer in Splunk Search 05-22-2025 0 2	0	2
Accessing Elasticsearch Data from Splunk Using SPL (Without Data Duplication) Hi Splunk Community,I’m working on a use case where data is stored in Elasticsearch, and I’d like to use Splunk solel... by kn450 Explorer in Splunk Search 05-21-2025 0 6	0	6
Search Within Results To Show Only Last Month I have 3 searches that I'm appending. Each returns a Name and Date. Then I take the maximum of each of the Dates and ... by andrewkenth Communicator in Splunk Search 05-21-2025 0 4	0	4
Is it possible to replace null fields at index-time? Hi, I have to search saved as quickly as possible. I CSV indexes whose columns are sometimes empty. I have to put a ... by bvivi57 Observer in Splunk Search 05-21-2025 0 9	0	9
How do I fix this Search lag error? Hi team, There is following errors with my Splunk healtch check. "The number of extremely lagged searches (1) over th... by tpchi New Member in Splunk Search 05-21-2025 0 5	0	5
Suming up fields only once based on field Hi all, I have the following situation with a query returning a table of this kind:fieldAfieldBA2A2B4B4 I need to add... by Jimenez Explorer in Splunk Search 05-21-2025 0 3	0	3
Splunk Answers Content Calendar May 2025! Hello Splunk Community! Welcome to another week of fun curated content as a part of our Splunk Answers Community Cont... by Anam Community Manager in Splunk Search 05-20-2025 2 0	2	0
Dedup is extremely Slow Hello,I have a Search that is taking 5 min to complete when looking at only the last 24 hrs. If possible, could some... by tdavison76 Path Finder in Splunk Search 05-20-2025 0 5	0	5
greater than, less than operator changed to xml code, after table command? Hello ,My splunk query is simple: index=abc,source=xxx.trc\| transaction host source max events=100000\| table _time ho... by sarvesh_11 Communicator in Splunk Search 05-20-2025 0 14	0	14
lookup/ inputlookup in search not providing any results Hello @Splunkers,Can someone please help me on this ? Trying to use "lookup/ inputlookup" command in search.Use case:... by mpk_24 Explorer in Splunk Search 05-19-2025 0 6	0	6