Splunk Search

Community Activity

Using diffent python version in external lookup Hello,I am trying to use a different python version for my external lookup. The global version is 3.7 and my custom o... by Marvin_Janzen Observer in Splunk Search 07-02-2025 0 2	0	2
Docker Sources Having some issues when looking at docker hec logs. The data is showing two sources at the same time, but does not fi... by MrGlass Explorer in Splunk Search 07-01-2025 0 11	0	11
What's the relationship between api_lt/api_et and search_lt/search_et in _audit? Are these fields mutually exclusive? I'm not sure about the relation between these four fields. by danielbb Motivator in Splunk Search 06-29-2025 0 3	0	3
How to create field values as SPL for generating commands and run these commands with map Hi,depending on specific field values I would like to perform different actions per event in one search string with ... by peterschloenske Explorer in Splunk Search 06-27-2025 0 2	0	2
0 counts Hello,with this query :index=abc\| search source = "xyz"\| stats count by sourceI can see the count of sources having c... by av3rag3 Engager in Splunk Search 06-27-2025 0 3	0	3
SUM & COUNT from a lookup table I have a lookup table with daily records which includes: area, alarm description, date, number of bags per area and f... by Simona11 Explorer in Splunk Search 06-26-2025 0 5	0	5
Extraction of a field inside Json data Please extract User-Agent field from the below Json event .httpMessage: {<!-- --> [-] bytes: 2 host: rbwm-api.sony.co... by splunklearner Communicator in Splunk Search 06-25-2025 0 6	0	6
SPL To only Pull Last Event Per Month Looking for SPL that will give me the ID Cost by month, only grabbing the last event (_time) for that month. Sample ... by chrisboy68 Contributor in Splunk Search 06-25-2025 0 14	0	14
Summary index or any other alternative which aligns with RBAC Summary index or any alternativeHi, I have created a dashboard with 8 panels and time frame is last 5 minutes. Kept t... by captaincool07 Loves-to-Learn Lots in Splunk Search 06-25-2025 0 9	0	9
expand field values in single event raw data - "attackData":{"rules":[{"data":"SCANTL=10","action":"alert","selector":"","tag":"REPUTATION","id":"REP_602... by Karthikeya Communicator in Splunk Search 06-25-2025 0 7	0	7
Sort returning different results? Hi, I'm attempting to write a search where I return a top 10 of a value. However, I am noticing that I return differe... by questionsdaniel Observer in Splunk Search 06-24-2025 0 2	0	2
combining 2 searches - with dynamic urls into 1 Hello Everyone,I have 2 splunk search queriesquery-1index="my_index" kubernetes_namespace="my_ns" kubernetes_cluste... by super_edition Path Finder in Splunk Search 06-24-2025 0 3	0	3
Admin role but getting a blank page on Tokens, Users, Roles, and other settings I am logged in as the admin user, but whenever I try to access Tokens, Users, or other settings pages, I get a blank ... by BraxcBT Explorer in Splunk Search 06-23-2025 0 3	0	3
Help with sending multiple $result So I have successfully configured some reports and alerts that send the $result to Mattermost.My question is how to d... by LizAndy123 Path Finder in Splunk Search 06-23-2025 0 1	0	1
Warning when searching without results Hello, I have a simple distributed search config on a windows host, 1 SH, 1 IDX and 1 License server. Running a searc... by hendriks Path Finder in Splunk Search 06-23-2025 0 9	0	9
separate rows from columns with multivalue I'm trying to split a pair of rows with a pair of multivalued columns. The value in both columns is related to each p... by jrodriguezap Contributor in Splunk Search 06-22-2025 0 8	0	8
Join searches by hostname when one index has the short name and the other index has long name. I am looking for away to join results from two indexes based on the hostname. The main index has the hostname as just... by jfraley Path Finder in Splunk Search 06-21-2025 0 3	0	3
How do I import Azure NSG LOGs? Hello there, I try to import Azure NSG flow Events. To get the data into Splunk I use the Splunk Add-on for Microsoft... by mdorobek Path Finder in Splunk Search 06-20-2025 1 14	1	14
Combining 2 splunks and displaying count Hello,I have 2 seperate splunks as below . One is "v1 endpoint" and other is "v2 endpoint"v1 endpoint: index="abc" "u... by bmer Explorer in Splunk Search 06-19-2025 0 3	0	3
Search for triggered save searches and their actions titles and users: Need help with subsearch I want to use the 2nd search as a subsearch only bringing back the actions. How can I do this?SEARCH\| rest /servicesN... by NanSplk01 Communicator in Splunk Search 06-19-2025 0 1	0	1
Need help with Basic query over splunk Please help share query to check > network logs and firewall blocks for specific Host machine> LDAP password login fa... by ashish_d New Member in Splunk Search 06-19-2025 0 1	0	1
Efficiently Expanding Multiple Multi-Value Fields Using mvexpand in Splunk Hello Splunkers !!How can I efficiently use the mvexpand command to expand multiple multi-value fields, considering i... by uagraw01 Motivator in Splunk Search 06-18-2025 0 12	0	12
create report if price values are different this is my log i need a report like below: where I can see price difference in a single report. I don't want to put ... by avikc100 Path Finder in Splunk Search 06-17-2025 0 2	0	2
How can I remove latitude and longitude values while hovering over map and instead display the address of location on the map? I am using Splunk Cloud 6.5.0 version. How can i remove latitude and longitude values while hovering over map and di... by bhawana2192 New Member in Splunk Search 06-17-2025 0 8	0	8
Autoformat and search results similar to "48a4.93b9.xxxx OR 48:a4:93:b9:xx:xx OR 48-a4-93-b9-xx-xx" Hello.This search returns zero results, but a manual "OR" search shows results. I cannot find the reason (neither can... by anthonyi Explorer in Splunk Search 06-16-2025 0 3	0	3