Splunk Search

Community Activity

How to dynamically exclude a value for a day in a graph if the day is incomplete? If I have a search for using earliest and latest, say 1st of Dec 16 to 1st Feb 2017, this will draw a graph. But if I... by HattrickNZ Motivator in Splunk Search 12-14-2016 0 2	0	2
How to extract a field value to use as a search term for filtering? Hello, I need a way to extract/convert a field value to a search condition. Example: field_value= "src_ip=192.16... by pewaubek_reid Explorer in Splunk Search 12-14-2016 0 14	0	14
Is the duration field always in seconds? (transaction command) Greetings everyone, I just want to verify that the transaction generated duration field is always in seconds. it does... by msarro Builder in Splunk Search 12-14-2016 0 3	0	3
How to create a time chart with values from eventstats? Hi all. I have a search like this: index=log sourcetype=data TYPE="PLATFORM" \| timechart span=1d count by AREA li... by changux Builder in Splunk Search 12-14-2016 0 10	0	10
Is it possible to use a value in a lookup in order to automatically adjust the time range a scheduled search runs? I have a scheduled report, which is generating a lookup table. In this lookup csv, there is a field called "adjust", ... by adamsmith47 Communicator in Splunk Search 12-14-2016 0 2	0	2
How to compare two fields values for two different time ranges index=nessus severity!=informational severity!=low severity!=medium earliest=-1mon@mon latest=-0mon@mon \| top 0 signa... by faisal_saifi New Member in Splunk Search 12-14-2016 0 1	0	1
Is there a way to instruct Splunk to begin a search with the oldest event? Is there a way to instruct Splunk to begin searching from a specific time forward instead of backwards from the curre... by g038123 Explorer in Splunk Search 12-14-2016 0 14	0	14
How to combine my 2 searches? Hi, splunk Version 6.5.0 I try to combine 2 seaches and get 1 result of them, I tried the following without any suc... by bosch_softtec Path Finder in Splunk Search 12-14-2016 0 2	0	2
How to filter on multiple values from multiple fields? Hi, I have a log file that generates about 14 fields I am interested in, and of those fields, I need to look at a c... by newill New Member in Splunk Search 12-14-2016 0 4	0	4
How to write the regular expression to extract these fields from my sample data? Hello, I'm trying to create a regex to extract the fields to the follow logs: Example 1 msg=O equipamento marte (1... by kschmeling New Member in Splunk Search 12-14-2016 0 7	0	7
How do I edit my rex syntax in my search to extract a field from an unstructured event? I would like to perform field extraction from an unstructured event. I am unable to perform the field extraction fro... by biec1 Explorer in Splunk Search 12-14-2016 0 2	0	2
Why does my lookup search fetch results when searching one index but not with another? Hi All, I have lookup file name called " Privilege_User_List.csv". Using Splunk index, I can able lookup the data and... by guruwells Explorer in Splunk Search 12-14-2016 0 8	0	8
How to edit my search to turn table results into table headers? I'm running a search that combines download counts of external and internal viewers. To chart the different internal ... by mistydennis Communicator in Splunk Search 12-13-2016 0 3	0	3
After creating an extracted field with the Field Extractor in Splunk Web, why are new values not appearing when searching the field? I've created an extracted field using the field extractor GUI in Splunk Seb. When I created it, there were two values... by mike314 Explorer in Splunk Search 12-13-2016 2 8	2	8
How to search for events where someone visited a domain from a list in a static CSV file? Greetings All, I am trying to use a static CSV file that contains bad domain indicators and search Splunk logs for a... by janiceb Path Finder in Splunk Search 12-13-2016 0 3	0	3
If I have more than 1 lookup file with the same name, which file does Splunk pick up using inputlookup from the Search & Reporting app? Assuming I have a lookup file, for instance, users.csv, with different contents and is located in different apps and ... by splunkrocks2014 Communicator in Splunk Search 12-13-2016 0 3	0	3
How to write a search to return a value from one of three columns in a CSV lookup based on a field? I am trying to write a lookup that will pull a value out from one of three different columns. for example Col_A, ... by irfans Explorer in Splunk Search 12-13-2016 1 3	1	3
Why is my search producing "Error in 'eval' command: The expression is malformed"? I created a macro and used the search string below. After submitting the search, I received the following error mess... by douglas_garland New Member in Splunk Search 12-13-2016 0 6	0	6
How to place one value in the last column of a table and replace the duplicate values as "N/A"? \| inputlookup Roster.csv Level 1 Manager Level 2 Manager Level 3 Manager Ganesh Ganesh Ganesh Th... by iamkilarunaresh Explorer in Splunk Search 12-13-2016 0 1	0	1
How to edit my search with IF/THEN logic to display usernames existing on a host for a given time range? Here is my search: \| set diff [search index=os_nix sourcetype="Unix:UserAccounts" earliest =-90d@d latest=-30d@d ho... by king2jd Path Finder in Splunk Search 12-13-2016 0 3	0	3
How to create a table with duration and job status for jobs that may run more than once a day? Hi, I have batch job logs that look like below, My output needs to look like this, The challenge is that the j... by namrithadeepak Path Finder in Splunk Search 12-13-2016 0 2	0	2
What are "SummaryDirectory" processes referring to on an indexer? Hi, I noticed some processes running on the indexer today with the phrase "SummaryDirector" in the command-line. Ca... by a212830 Champion in Splunk Search 12-13-2016 0 1	0	1
What is the best way to filter events from a search without running the search again? I’m looking for a way to run a search on the results of a previous search. Subsearch won't work because I don't know... by LCM_BRogerson Path Finder in Splunk Search 12-13-2016 0 5	0	5
How to visually represent Session Creation trend across load balanced Java Virtual Machines (JVMs)? Splunk newbie here trying to get a nice line graph showing the session creation pattern over a period of time: ........ by psteja Engager in Splunk Search 12-13-2016 0 5	0	5
What does "Size" stands for in Job Manager? Hi! I would like to know what does "Size" stands for Job Manager in ver 5.0.5. Any help is appreciated! Thanks, Yu by yuwtennis Communicator in Splunk Search 12-13-2016 1 3	1	3

Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Thursday, July 9, 2026 | 11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...

Splunk Search

How to dynamically exclude a value for a day in a graph if the day is incomplete?

How to extract a field value to use as a search term for filtering?

Is the duration field always in seconds? (transaction command)

How to create a time chart with values from eventstats?

Is it possible to use a value in a lookup in order to automatically adjust the time range a scheduled search runs?

How to compare two fields values for two different time ranges

Is there a way to instruct Splunk to begin a search with the oldest event?

How to combine my 2 searches?

How to filter on multiple values from multiple fields?

How to write the regular expression to extract these fields from my sample data?

How do I edit my rex syntax in my search to extract a field from an unstructured event?

Why does my lookup search fetch results when searching one index but not with another?

How to edit my search to turn table results into table headers?

After creating an extracted field with the Field Extractor in Splunk Web, why are new values not appearing when searching the field?

How to search for events where someone visited a domain from a list in a static CSV file?

If I have more than 1 lookup file with the same name, which file does Splunk pick up using inputlookup from the Search & Reporting app?

How to write a search to return a value from one of three columns in a CSV lookup based on a field?

Why is my search producing "Error in 'eval' command: The expression is malformed"?

How to place one value in the last column of a table and replace the duplicate values as "N/A"?

How to edit my search with IF/THEN logic to display usernames existing on a host for a given time range?

How to create a table with duration and job status for jobs that may run more than once a day?

What are "SummaryDirectory" processes referring to on an indexer?

What is the best way to filter events from a search without running the search again?

How to visually represent Session Creation trend across load balanced Java Virtual Machines (JVMs)?

What does "Size" stands for in Job Manager?

Monitoring AI Agents with Splunk Observability Cloud

[Puzzles] Solve, Learn, Repeat: Tiling

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

How to get an extract of threshold values set in s...

how to query OCI Audit logs from Datasafe

SPLUNK ES 8.2.3 Drill Down not appearing

Using Splunk to Analyze Web Traffic & Machine-Gene...

How can i export a list of all services in APM

Splunk Search

Join the Conversation