Splunk Search

Community Activity

search results different between splunk UI/portal and splunk API Hi,I have this very simple splunk search query and i was able to run in splunk search portal or UI and I am using the... by Raj_Splunk_Ing Path Finder in Splunk Search 06-03-2025 0 10	0	10
eval to handle 2 scenarios Hi, I have this field in this format and i am using eval to convert but sometimes there is an extra space in itafter ... by Raj_Splunk_Ing Path Finder in Splunk Search 06-03-2025 0 7	0	7
Waiting for queued jobs to start We are getting this particular error Waiting for queued jobs to start for most of our customers. When they click on m... by Karthikeya Communicator in Splunk Search 06-03-2025 0 2	0	2
Role Based filtering to mask JWT tokens and Emails Hello folks,We use Splunk cloud platform for our logging system. I was trying to use the Search Filter under the Rest... by sabbas Explorer in Splunk Search 06-03-2025 0 1	0	1
What is tstats and why is so much faster than stats? Why is \| tstats count where index=* by sourcetype so much faster than index=* \| stats count by sourcetype ? by a212830 Champion in Splunk Search 06-01-2025 20 8	20	8
How can i export a list of all services in APM I am trying to get a list of all services that are in APM. The APM usage report does not provide the name and only pr... by asif_khan1 New Member in Splunk Search 05-30-2025 0 0	0	0
How do you list Index, sourcetype and source using the REST command? Hi, I am working to list all the index with underlying sourcetypes and sources in it. For which I am currently usin... by harshal_chakran Builder in Splunk Search 05-30-2025 0 7	0	7
comparing the data of lookup with index data and extrcat the info from Index index=sap sourcetype=FSC\| fields _time index Eventts ID FIELD_02 FIELD_01 CODE ID FIELD* source\| rex field=index "^... by smanojkumar Contributor in Splunk Search 05-30-2025 0 12	0	12
Splunk search is not working in Splunk Cloud platform Hi Team,On May 20th, we successfully migrated from Splunk On-Prem to Splunk Cloud. We have a scheduled search that ru... by Pooja1 Loves-to-Learn Everything in Splunk Search 05-29-2025 0 2	0	2
unable to sort the month fields chronological instead of alphabetically in output Hi Everyone!I wrote a search query to get the blocked count of emails for last 6months and below is my query-\| tstats... by mchoudhary Explorer in Splunk Search 05-29-2025 0 9	0	9
Can't convert timeformat to unix Hopefully I've only got a small problem this time, but I've had no luck fixing it despite hours of trying. All I'm tr... by dtaylor Path Finder in Splunk Search 05-28-2025 0 2	0	2
How to show the line when its value is NULL with chart command / chartコマンドで行の値が0の時表示する方法 Hi, I try to display the number of events per day from multiple indexes.I wrote the below SPL, but when all index val... by mint_choco Explorer in Splunk Search 05-28-2025 0 1	0	1
remove timepart and convert to date so that i can aggregate at the date level Hi , I have this scenario where i am getting data from one of the index with 2 other specified filters likeindex=ind... by Raj_Splunk_Ing Path Finder in Splunk Search 05-28-2025 0 5	0	5
Search for a path the might not exist Hi I have the following data (Below).I have a situation where I want to search for "*" on a search and have it return... by robertlynch2020 Influencer in Splunk Search 05-28-2025 0 8	0	8
How to Mute Alert using Lookup table This is what I have setupindex=xxxxxx\| eval HDate=strftime(_time,"%Y-%m-%d")\| search NOT [ \| inputlookup Date_Test.cs... by Cheng2Ready Communicator in Splunk Search 05-27-2025 0 13	0	13
Eventtype 'wineventlog_security' does not exist or is disabled Hi,got some problem in my searches since a few days.I really don´t know what happend and no one changed the configura... by Benny87 Loves-to-Learn in Splunk Search 05-27-2025 0 7	0	7
Why is INDEXED_EXTRACTIONS=csv not working in props.conf? I have a distributed Splunk instance with the search head separated from the Indexers. I want to drop a CSV file with... by ebailey Communicator in Splunk Search 05-22-2025 2 10	2	10
Using multiple lookups in a search hello So i want to make a search .i am using index=endpoint_defender source="AdvancedHunting-DeviceInfo" \| rex field=... by SN1 Path Finder in Splunk Search 05-22-2025 0 7	0	7
Alternates to join/append to avoid limitations Situation: I have 2 data sets:Dataset 1 is a set of logs which includes IP addresses. When aggregated, there are 200,... by kaeleyt Path Finder in Splunk Search 05-22-2025 0 3	0	3
Splunk search lookup Have a data that returns ip field and values as below.Ip = 0.0.0.11Ip= 0.0.0.12There is a lookup that contains field ... by Harikiranjammul Explorer in Splunk Search 05-22-2025 0 2	0	2
Accessing Elasticsearch Data from Splunk Using SPL (Without Data Duplication) Hi Splunk Community,I’m working on a use case where data is stored in Elasticsearch, and I’d like to use Splunk solel... by kn450 Explorer in Splunk Search 05-21-2025 0 6	0	6
Search Within Results To Show Only Last Month I have 3 searches that I'm appending. Each returns a Name and Date. Then I take the maximum of each of the Dates and ... by andrewkenth Communicator in Splunk Search 05-21-2025 0 4	0	4
Is it possible to replace null fields at index-time? Hi, I have to search saved as quickly as possible. I CSV indexes whose columns are sometimes empty. I have to put a ... by bvivi57 Observer in Splunk Search 05-21-2025 0 9	0	9
Suming up fields only once based on field Hi all, I have the following situation with a query returning a table of this kind:fieldAfieldBA2A2B4B4 I need to add... by Jimenez Explorer in Splunk Search 05-21-2025 0 3	0	3
Splunk Answers Content Calendar May 2025! Hello Splunk Community! Welcome to another week of fun curated content as a part of our Splunk Answers Community Cont... by Anam Community Manager in Splunk Search 05-20-2025 2 0	2	0