Splunk Search

Community Activity

Splunk search eval or other command Have events like below1) date-TimestampServer - hostnameStatus - host is downThreshold - unable to ping 2) Date-Times... by Harikiranjammul Explorer in Splunk Search 05-16-2025 0 5	0	5
How to extract field value with alphanumeric value with no exact length Hi All,I am very new to splunk and faced a issue while extracting a value which is having alphanumeric value, with no... by amit2312 Explorer in Splunk Search 05-16-2025 0 3	0	3
When I clicked open in search, I got Request-URI Too Long Hello,When I clicked open in search, I got the following message:Request-URI Too LongThe requested URL's length excee... by LearningGuy Motivator in Splunk Search 05-15-2025 0 9	0	9
Why are large Splunk searches causing "Request URI too long error, status 404"? Hello, I am getting "Request URI too long error, status 404" because of large splunk query. How to avoid this issue f... by chinmayc469 Explorer in Splunk Search 05-15-2025 0 4	0	4
How to write a search to list roles and their capabilities in a Splunk environment? Hello Guys, Can someone help me with a search to list the roles and their capabilities in a Splunk environment? by srikanth1213 Path Finder in Splunk Search 05-15-2025 0 5	0	5
How to create a dashboard using the extracted field values Hi All,I have the log file like below :[Request BEGIN] Session ID - 1234gcy6789rtcd, Request ID - 2605, Source IP - 1... by amit2312 Explorer in Splunk Search 05-14-2025 0 6	0	6
How to check if a field contains unicode Hello Everyone,I want to check if a field called "from_header_displayname" contains any Unicode.Below is the event so... by Iris_Pi Path Finder in Splunk Search 05-14-2025 0 4	0	4
Search process did not exit c exit cleanly, exit_code=111, description="exited with error: Application does not exist Why i am getting error for one of the indexer from indexer cluster while running a report from particular app. Error ... by Pujarani New Member in Splunk Search 05-13-2025 0 4	0	4
Force displayed timezone in results to be UTC (not the local timezone of the viewer) through the Search Hello everyone! In my company, we have Splunk (version 6.0) recording log information about data sent by remote devi... by BorrajaX Explorer in Splunk Search 05-12-2025 1 6	1	6
simple regex missing something I've never worked with splunk regex before so I'm probably just missing something. I've been up and down the https:... by jessieb_83 Path Finder in Splunk Search 05-12-2025 0 11	0	11
distinct output from one splunk search as input to another Hi Team,I have 2 splunks as below(index=xxxx) orgName=xxx sourcetype=CASE(SourceA) earliest=-15d uniqueIdentifier="Cl... by bmer Explorer in Splunk Search 05-12-2025 0 5	0	5
How to match any value in an array to any value in another array? I'm trying to do a transaction using an array. I need to define the transaction by a value in an array. However, th... by dtsao Loves-to-Learn in Splunk Search 05-10-2025 0 3	0	3
Find values of Field 1 in Field 2 I am not sure where to start on this. I have 2 fields. Field1 only has a few values while Field2 has many. How can I ... by k1green97 Engager in Splunk Search 05-10-2025 0 3	0	3
Extracting Value from and Event Hello,I am looking to add a particular value to an existing search of Okta data. The problem is I don't know how to e... by bill Engager in Splunk Search 05-09-2025 0 4	0	4
Ignore field when searching for arbitrary string(s) but still return its results. I am trying to do a query that will search for arbitrary strings, but will ignore if the string is/isn't in a specifi... by shawngsharp New Member in Splunk Search 05-09-2025 0 6	0	6
How to show the line when its value is NULL with chart command / chartコマンドで行の値が0の時表示する方法 Hi, I try to display the number of events per day from multiple indexes.I wrote the below SPL, but when all index val... by mint_choco Explorer in Splunk Search 05-09-2025 0 5	0	5
Suppress and alert when a resolving event is received I'm attempting to suppress an alert if a follow up event (condition) is received within 60 seconds of the initial eve... by dflynn235 Loves-to-Learn in Splunk Search 05-08-2025 0 7	0	7
Showing Specific Values in a dashboard Hello,I have this Splunk log that contains tons of quotes, commas, and other special characters. I’m trying to only p... by msarkaus Path Finder in Splunk Search 05-08-2025 0 17	0	17
Search based on zero events Hi there,I would like to create a search to alert us based on an index not ingesting any event data by basing it off ... by u_m1580 New Member in Splunk Search 05-08-2025 0 2	0	2
Multiselect filter. Select all matches in classic dashboard. Hi Splunkers :-),We have nice feature it dashboard studio - "Select all matches" in multiselect filter.But, unfortuna... by LIS Path Finder in Splunk Search 05-07-2025 0 20	0	20
Combine 2 log events based on uniqueId into one single row in table I want to have result in table with 2 or 3 log events combined based on unique key in all events and return 1 single ... by sdanayak Loves-to-Learn in Splunk Search 05-07-2025 0 9	0	9
Transaction not showing me Unique Users I'm trying to track the duration of user sessions to a server. I want to know WHICH users are connecting, and for h... by Crabbok Engager in Splunk Search 05-07-2025 0 3	0	3
How to get a range of number? I am looking for a range of number within my results of my search query but I am getting no results back after adding... by jialiu907 Path Finder in Splunk Search 05-07-2025 0 12	0	12
Multiple Locked Account Query I'm creating Mutiple Locked account search query while checking the account first if it has 4767 (unlocked) it should... by Casial06 Explorer in Splunk Search 05-07-2025 0 4	0	4
Extremely large search job size We found that the search job size becomes extremely large during searches. My Splunk instance is a newly installed te... by Alan_Chan Explorer in Splunk Search 05-07-2025 0 1	0	1