Splunk Search

Community Activity

Multiple Locked Account Query I'm creating Mutiple Locked account search query while checking the account first if it has 4767 (unlocked) it should... by Casial06 Explorer in Splunk Search 05-07-2025 0 4	0	4
Extremely large search job size We found that the search job size becomes extremely large during searches. My Splunk instance is a newly installed te... by Alan_Chan Explorer in Splunk Search 05-07-2025 0 1	0	1
Tstats command with span I am running tstats command with span of 2hrs for index and source.It returns the data for every 2hrs.But I want to i... by Harikiranjammul Explorer in Splunk Search 05-06-2025 0 4	0	4
Course does not appear in search filter Hi, I completed a course titled “Intro to Superman Mission Control” earlier, but it no longer appears in the free cou... by irfanarif Engager in Splunk Search 05-06-2025 0 2	0	2
reference lookup name in table I have a search where I am doing 2 inputlookups for 2 different lookups and appending them. Then I search them. Can I... by jat75 Explorer in Splunk Search 05-06-2025 0 1	0	1
Is it possible to create an html unorder (bullet) list for each row of a table output? Id like to create table of results, and convert each row into an unordered bullet list using html. Such as: \| table r... by timgren Path Finder in Splunk Search 05-06-2025 0 1	0	1
Splunk transaction – Trouble extracting first and last messages Hello,I'm working on a Splunk query to track REST calls in our logs. Specifically, I’m trying to use the transaction ... by Jessydan Explorer in Splunk Search 05-05-2025 0 10	0	10
Trouble looping through table and performing a subsearch for each item. I am trying to loop over a table and perform a subsearch for each item. I can confirm I am generating the first table... by Ara Engager in Splunk Search 05-05-2025 0 6	0	6
Attempting to write a search to find all CrowdStrike agents that are installed on the hosts in our environment Hello,Got tasked with finding all hosts that didnt have the crowdstrike agent installed and running into problems wit... by Ghost New Member in Splunk Search 05-05-2025 0 2	0	2
Run predict command for multiple disk in same query I have multiple disk like C, D & E on server and want to do the prediction for multiple disk in same query.index=main... by RSS_STT Explorer in Splunk Search 05-05-2025 0 2	0	2
Can’t search by sourcetype without index – data ingested via HEC, visible by index Hi community,I'm running into a permissions/visibility issue (I don't know) with an index created for receiving data ... by AJH2000 Explorer in Splunk Search 05-05-2025 0 3	0	3
I want to replace hard coded text "Today" by current system date in splunk report I want to replace hard coded text "Today" by current system date in splunk report. Please help if it is possible.Plea... by avikc100 Path Finder in Splunk Search 05-03-2025 0 6	0	6
REGEX Problem : Json Structure and sub structure Hello.For reasons of JSON log splitting, I have a problem with a complex structure.The integration is in a forwarder ... by pck_npluyaud Explorer in Splunk Search 05-03-2025 0 8	0	8
Dashboard-Data and search as one query Hi Team,Currently in my dashboard i am using two separate query for data and search lambda separetly and added to the... by nithys Communicator in Splunk Search 05-02-2025 0 2	0	2
Using Lookup to determine Field Value I have a unique situation with my customer. I want to create a lookup table that the customer can put fields they wa... by dlm Path Finder in Splunk Search 05-02-2025 0 7	0	7
New metadata field for all events coming via UF for custom application Added the config for the new metadata field in the inputs.conf file and created a fields.conf file to set the field a... by Charlize Engager in Splunk Search 05-02-2025 0 4	0	4
How to join 2 logs using trx_id Hello Friends,I am trying to join the 2 logs with same index using trx_id(here it is called X_Correlation_ID ) but su... by onthakur Explorer in Splunk Search 05-01-2025 0 4	0	4
How to pivot data I have data like this id time Conatctsx14/22/2011 10:00676689x14/23/2011 11:00 I want it like as shown below : L... by Punnu Path Finder in Splunk Search 05-01-2025 0 1	0	1
Send an Email for each lookup .csv processed. Hi Splunk Community team,Please help:I have N number of lookup lk_file_abc3477.csv, lk_file_xare000csv, lk_file_ppbc3... by JMPP Explorer in Splunk Search 05-01-2025 0 4	0	4
timechart but only for the top 5 I want to use timechart to show a graph of the progress of an item so I use this command \| timechart span=1w count b... by hartfoml Motivator in Splunk Search 05-01-2025 4 11	4	11
Renaming fields generically based on lookup table/second source We have a setup of data going to splunk, where we query a number of files with varying numbers of fields (sometimes o... by kenbaugher Path Finder in Splunk Search 05-01-2025 0 3	0	3
Excluding holidays and weekends for Alert and alert if there is 0 events My search query:Index=xxx <xxxxxxx>\|eval Date=strftime(_time,"%Y-%m-%d")\| lookup holidays.csv HolidayDate as Date out... by Cheng2Ready Communicator in Splunk Search 04-30-2025 0 10	0	10
How to use "case" command with count? I am looking to make a "pulse" dashboard for a host on my network, it will pulse green up when up and red when down.s... by ajmach343 Explorer in Splunk Search 04-29-2025 0 5	0	5
Set the index with a field when using collect command Hello!I'm looking to set the index parameter of the collect command with the value of a field from each event.Here's ... by ejwade Contributor in Splunk Search 04-29-2025 0 11	0	11
Search for events that have only specific multiple values in a field Hey all - I have a need to search for events in Splunk that contain two specific values in one field. I want the resu... by RowdyRodney Engager in Splunk Search 04-29-2025 0 2	0	2