Splunk Search

Ask a Question

Discussions

Thread Info

How can I get a statistics table comparing discovered assets over time ?

Hello Guys, I'm trying to get the following table: I have the following fields in my index: ip, mac, lastdete...

by Path Finder in

Indexer search errors

Hi, One of our three clustered indexers is having search errors and high CPU fluctuations for splunkd main process ...

by Explorer in

Query that checks if field values have changed to exclude events

Hi Friends, I am working a query that checks if the value of a field has changed to a state of resolved to exclude ...

by Explorer in

Regex refining

Regex Please tell me what will be the best and effective way to write regex here: "vs_name":"v-juniper-uat.opco.s...

by Communicator in

"New Search" function of Table view misses Index

Hello, today I have found a bug(?) in the "New Search" function from the Table view. What I do mean with the "New...

by New Member in

Details under count

How do I show details of individual records in a count total? I have a query that counts events, and then returns the...

by Explorer in

Applying an inputlookup across a list of values

We have a use case where some JSON being ingested into Splunk contains a list of values like this: "message_se...

by Explorer in

data types

How can you query an index to find out the data types of the fields and any attributes that describe the field? from...

by Explorer in

Saved Search ( Scheduled Report) in Simple XML Dashboard

Hello, I am facing an issue when a saved report is used in a simple xml dashboard using | loadjob savedsearc...

by Contributor in

Memory Usage

this is the search| rest /services/server/status/partitions-space splunk_server=*| eval free = if(isnotnull(available...

by Path Finder in

Salesforce UserLicense Events

I have been using the Splunk Add on for Salesforce Add on for while now but i want to know if anyone else is using it...

by Communicator in

Rest search with map doesnt work as intended

This is the SPL i m using| rest /servicesNS/-/-/saved/searches splunk_server=local| fields title| search title=Report...

by Explorer in

Is it possible to determine obsolete dashboards?

Is it possible to identify obsolete dashboards? or the last time a dashboard was executed?

by Explorer in

How to display a trendline for distinct count of a field

I want to add a trendline to this chart: index=my_index | timechart dc(USER) as DISTINCT_USERS How do I ac...

by Path Finder in

eval field is not working in where condition

by Observer in

Human Readable Indexed Logs

Hi All, I would like to read Splunk indexed log/data using text editor tool (like Notepad, etc.). I understand Splunk...

by Explorer in

Results returned from subsearch / appendcolos inaccurate

I have the following simplified version of the query where for each caller, I need all_calls (from sourcetype=x) and ...

by Engager in

difference between data model vs splunk dashboards

Hi All, could you please clarify me what is the diff between data models and splunk dashboards? Thanks

by Engager in

Need help to extract field from raw

Please find the below attached screenshot and data sample i need to create 5 felids problem statement - old splunk qu...

by Explorer in

Combining multiple events from downloading external document into a reportable event

This has been scratching my head. I'm working on dashboards on user activity on our application. Multiple dashboards ...

by Explorer in

Merging local into default using git?

I would like to periodically merge stuff in /local into /default and then delete whatever is in /localI have a reposi...

by SplunkTrust in

ISE Logging

Hello, I wanted to filter Cisco ISE Logging Activities by authentication, authorization, and accounting. So far, ...

by New Member in

Regular Expression

HI , I want to extract purple part. But Severity can be Critical as well .[Time:29-08@17:52:05.880] [60569130] 17:52:...

by Contributor in

regular expression

hello , i want to extract purple highlighted part.[Time:29-08@17:53:03.562] [60569219] 17:53:03.562 10.82.10.245 loca...

by Contributor in

What are your best patterns for handling stats by multiple groupby sets?

I often run into a case where I find I need to take the same dataset and compute aggregate statistics on different gr...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can I get a statistics table comparing discovered assets over time ?

Indexer search errors

Query that checks if field values have changed to exclude events

Regex refining

"New Search" function of Table view misses Index

Details under count

Applying an inputlookup across a list of values

data types

Saved Search ( Scheduled Report) in Simple XML Dashboard

Memory Usage

Salesforce UserLicense Events

Rest search with map doesnt work as intended

Is it possible to determine obsolete dashboards?

How to display a trendline for distinct count of a field

eval field is not working in where condition

Human Readable Indexed Logs

Results returned from subsearch / appendcolos inaccurate

difference between data model vs splunk dashboards

Need help to extract field from raw

Combining multiple events from downloading external document into a reportable event

Merging local into default using git?

ISE Logging

Regular Expression

regular expression

What are your best patterns for handling stats by multiple groupby sets?

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions