Splunk Search

Community Activity

Can’t search by sourcetype without index – data ingested via HEC, visible by index Hi community,I'm running into a permissions/visibility issue (I don't know) with an index created for receiving data ... by AJH2000 Explorer in Splunk Search 05-05-2025 0 3	0	3
I want to replace hard coded text "Today" by current system date in splunk report I want to replace hard coded text "Today" by current system date in splunk report. Please help if it is possible.Plea... by avikc100 Path Finder in Splunk Search 05-03-2025 0 6	0	6
REGEX Problem : Json Structure and sub structure Hello.For reasons of JSON log splitting, I have a problem with a complex structure.The integration is in a forwarder ... by pck_npluyaud Explorer in Splunk Search 05-03-2025 0 8	0	8
Dashboard-Data and search as one query Hi Team,Currently in my dashboard i am using two separate query for data and search lambda separetly and added to the... by nithys Communicator in Splunk Search 05-02-2025 0 2	0	2
Using Lookup to determine Field Value I have a unique situation with my customer. I want to create a lookup table that the customer can put fields they wa... by dlm Path Finder in Splunk Search 05-02-2025 0 7	0	7
New metadata field for all events coming via UF for custom application Added the config for the new metadata field in the inputs.conf file and created a fields.conf file to set the field a... by Charlize Engager in Splunk Search 05-02-2025 0 4	0	4
How to join 2 logs using trx_id Hello Friends,I am trying to join the 2 logs with same index using trx_id(here it is called X_Correlation_ID ) but su... by onthakur Explorer in Splunk Search 05-01-2025 0 4	0	4
How to pivot data I have data like this id time Conatctsx14/22/2011 10:00676689x14/23/2011 11:00 I want it like as shown below : L... by Punnu Path Finder in Splunk Search 05-01-2025 0 1	0	1
Send an Email for each lookup .csv processed. Hi Splunk Community team,Please help:I have N number of lookup lk_file_abc3477.csv, lk_file_xare000csv, lk_file_ppbc3... by JMPP Explorer in Splunk Search 05-01-2025 0 4	0	4
timechart but only for the top 5 I want to use timechart to show a graph of the progress of an item so I use this command \| timechart span=1w count b... by hartfoml Motivator in Splunk Search 05-01-2025 4 11	4	11
Renaming fields generically based on lookup table/second source We have a setup of data going to splunk, where we query a number of files with varying numbers of fields (sometimes o... by kenbaugher Path Finder in Splunk Search 05-01-2025 0 3	0	3
Excluding holidays and weekends for Alert and alert if there is 0 events My search query:Index=xxx <xxxxxxx>\|eval Date=strftime(_time,"%Y-%m-%d")\| lookup holidays.csv HolidayDate as Date out... by Cheng2Ready Communicator in Splunk Search 04-30-2025 0 10	0	10
How to use "case" command with count? I am looking to make a "pulse" dashboard for a host on my network, it will pulse green up when up and red when down.s... by ajmach343 Explorer in Splunk Search 04-29-2025 0 5	0	5
Set the index with a field when using collect command Hello!I'm looking to set the index parameter of the collect command with the value of a field from each event.Here's ... by ejwade Contributor in Splunk Search 04-29-2025 0 11	0	11
Search for events that have only specific multiple values in a field Hey all - I have a need to search for events in Splunk that contain two specific values in one field. I want the resu... by RowdyRodney Engager in Splunk Search 04-29-2025 0 2	0	2
Help with accessing the latest event Hi,I have dataset in the following formatName,Status,TimestampABC,F, 04/24/2025 15:30:03ABC, R, 04/24/2025 15:15:01I ... by bsreeram Explorer in Splunk Search 04-28-2025 0 7	0	7
Need a rex to extract an ip address with a trailing port number I would like to extract an ip address from a text field where the ip address has a trailing port number.The text is l... by mark_groenveld Path Finder in Splunk Search 04-28-2025 0 5	0	5
Why the same query returning different results on REST? The following query return the expected result on Postman but return a different result on Javacsript fetch:search ho... by goudas New Member in Splunk Search 04-28-2025 0 2	0	2
Replacing single backslash with double backslash and searching the result Hi all,I'm trying to dynamically replace single backslashes with double backslashes in a search string and use the re... by ganesanvc Engager in Splunk Search 04-25-2025 0 12	0	12
How to add dark theme compatibility to custom app? We use a custom app in our Splunk Cloud instance to segregate dashboards and searches from other teams. With the rece... by chartastic Explorer in Splunk Search 04-25-2025 0 17	0	17
Table a query with X and Y Good afternoon Splunk Team,I have my search query: index=example_mine host=x.x.x.x [ \| inputlookup myfiile.csv \| r... by CMAzurdia Engager in Splunk Search 04-24-2025 0 5	0	5
Need to see data for the months with no events as zero Hi all,I have a situation. Below is my search. Search needs to produce past 6 months of report. The goal is to produc... by mbasharat Builder in Splunk Search 04-24-2025 0 4	0	4
splunk dashboard So i have a dashboard and in drilldown i am showing severity in the servers now i want whenever the severity is solv... by SN1 Path Finder in Splunk Search 04-24-2025 0 6	0	6
Pulling back data from users login in using SAML. Hello Splunk team,I need a search query that can pull data back of successful and unsuccessful login attempts of user... by CMAzurdia Engager in Splunk Search 04-23-2025 0 4	0	4
Search for "index=" in searches Hello guys, I need a splunk query that list out all the alerts that have index= in their query. Unfortunately, I can... by sverdhan Loves-to-Learn Lots in Splunk Search 04-23-2025 0 4	0	4