Splunk Search

Community Activity

Search for a path the might not exist Hi I have the following data (Below).I have a situation where I want to search for "*" on a search and have it return... by robertlynch2020 Influencer in Splunk Search 05-28-2025 0 8	0	8
How to Mute Alert using Lookup table This is what I have setupindex=xxxxxx\| eval HDate=strftime(_time,"%Y-%m-%d")\| search NOT [ \| inputlookup Date_Test.cs... by Cheng2Ready Communicator in Splunk Search 05-27-2025 0 13	0	13
Eventtype 'wineventlog_security' does not exist or is disabled Hi,got some problem in my searches since a few days.I really don´t know what happend and no one changed the configura... by Benny87 Loves-to-Learn in Splunk Search 05-27-2025 0 7	0	7
Why is INDEXED_EXTRACTIONS=csv not working in props.conf? I have a distributed Splunk instance with the search head separated from the Indexers. I want to drop a CSV file with... by ebailey Communicator in Splunk Search 05-22-2025 2 10	2	10
Using multiple lookups in a search hello So i want to make a search .i am using index=endpoint_defender source="AdvancedHunting-DeviceInfo" \| rex field=... by SN1 Path Finder in Splunk Search 05-22-2025 0 7	0	7
Alternates to join/append to avoid limitations Situation: I have 2 data sets:Dataset 1 is a set of logs which includes IP addresses. When aggregated, there are 200,... by kaeleyt Path Finder in Splunk Search 05-22-2025 0 3	0	3
Splunk search lookup Have a data that returns ip field and values as below.Ip = 0.0.0.11Ip= 0.0.0.12There is a lookup that contains field ... by Harikiranjammul Explorer in Splunk Search 05-22-2025 0 2	0	2
Accessing Elasticsearch Data from Splunk Using SPL (Without Data Duplication) Hi Splunk Community,I’m working on a use case where data is stored in Elasticsearch, and I’d like to use Splunk solel... by kn450 Explorer in Splunk Search 05-21-2025 0 6	0	6
Search Within Results To Show Only Last Month I have 3 searches that I'm appending. Each returns a Name and Date. Then I take the maximum of each of the Dates and ... by andrewkenth Communicator in Splunk Search 05-21-2025 0 4	0	4
Is it possible to replace null fields at index-time? Hi, I have to search saved as quickly as possible. I CSV indexes whose columns are sometimes empty. I have to put a ... by bvivi57 Observer in Splunk Search 05-21-2025 0 9	0	9
How do I fix this Search lag error? Hi team, There is following errors with my Splunk healtch check. "The number of extremely lagged searches (1) over th... by tpchi New Member in Splunk Search 05-21-2025 0 5	0	5
Suming up fields only once based on field Hi all, I have the following situation with a query returning a table of this kind:fieldAfieldBA2A2B4B4 I need to add... by Jimenez Explorer in Splunk Search 05-21-2025 0 3	0	3
Splunk Answers Content Calendar May 2025! Hello Splunk Community! Welcome to another week of fun curated content as a part of our Splunk Answers Community Cont... by Anam Community Manager in Splunk Search 05-20-2025 2 0	2	0
Dedup is extremely Slow Hello,I have a Search that is taking 5 min to complete when looking at only the last 24 hrs. If possible, could some... by tdavison76 Path Finder in Splunk Search 05-20-2025 0 5	0	5
greater than, less than operator changed to xml code, after table command? Hello ,My splunk query is simple: index=abc,source=xxx.trc\| transaction host source max events=100000\| table _time ho... by sarvesh_11 Communicator in Splunk Search 05-20-2025 0 14	0	14
lookup/ inputlookup in search not providing any results Hello @Splunkers,Can someone please help me on this ? Trying to use "lookup/ inputlookup" command in search.Use case:... by mpk_24 Explorer in Splunk Search 05-19-2025 0 6	0	6
Rex command help Hey @Splunkers,Looking for valuable insights for this use case. I wanted to extract the numbers at the end of the log... by mpk_24 Explorer in Splunk Search 05-19-2025 0 2	0	2
Alert when firewall stops reporting to syslog Hello. I am working on creating an alert in Splunk for detecting when a firewall stops sending logs. We have all logs... by te25 Engager in Splunk Search 05-19-2025 0 3	0	3
Issue with Users Unable to Delete Reports in Splunk SHC Hi Splunkers,I’m running a Splunk Search Head Cluster (SHC) with 3 search heads, authenticated via Active Directory (... by m_zandinia Path Finder in Splunk Search 05-18-2025 0 16	0	16
Why does timewrap require timechart results? If you use timewrap without previously using the timechart command, you get a warning "The timewrap command is design... by tiimo Engager in Splunk Search 05-16-2025 0 4	0	4
Splunk search eval or other command Have events like below1) date-TimestampServer - hostnameStatus - host is downThreshold - unable to ping 2) Date-Times... by Harikiranjammul Explorer in Splunk Search 05-16-2025 0 5	0	5
How to extract field value with alphanumeric value with no exact length Hi All,I am very new to splunk and faced a issue while extracting a value which is having alphanumeric value, with no... by amit2312 Explorer in Splunk Search 05-16-2025 0 3	0	3
When I clicked open in search, I got Request-URI Too Long Hello,When I clicked open in search, I got the following message:Request-URI Too LongThe requested URL's length excee... by LearningGuy Motivator in Splunk Search 05-15-2025 0 9	0	9
Why are large Splunk searches causing "Request URI too long error, status 404"? Hello, I am getting "Request URI too long error, status 404" because of large splunk query. How to avoid this issue f... by chinmayc469 Explorer in Splunk Search 05-15-2025 0 4	0	4
How to write a search to list roles and their capabilities in a Splunk environment? Hello Guys, Can someone help me with a search to list the roles and their capabilities in a Splunk environment? by srikanth1213 Path Finder in Splunk Search 05-15-2025 0 5	0	5