Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
Options
- Mark all as New
- Mark all as Read
- Float this item to the top
- Subscribe
- Bookmark
- Subscribe to RSS Feed
- Threaded format
- Linear Format
- Sort by Topic Start Date
Community Activity
 | Hi, searching for a specific sourcetype I get the message ### ERROR FETCHING EVENT FROM SEARCH PEER ### What can I... by yAlff Path Finder in Splunk Search 10-01-2014 3 4 | 3 | 4 | |
| | I have a log that looks like that : create message w-OtYwP8QD2WcAkmUgZEgg from DB and add it in the map. create mess... by splunksogetiht Explorer in Splunk Search 10-01-2014 0 1 | 0 | 1 | |
| | Hi, I have a following text coming in splunk abcd, 2000-01-10 10:40:43, P:welcome, welcome_to_all, 0, 2000-01-10 16:... by dbashyam Explorer in Splunk Search 10-01-2014 0 5 | 0 | 5 | |
| | Hi, I am trying to make a service downtime calculation based on the following rules: If the service has the status ... by hansj Explorer in Splunk Search 10-01-2014 0 7 | 0 | 7 | |
 | Hi there, I remember I could do undo by pressing command+Z in OSX to go back to the previous search term in Splunk 5... by melonman Motivator in Splunk Search 09-30-2014 4 6 | 4 | 6 | |
| | In my logs, I have a variable req that contains a REST request which includes an UUID. How do I remove the UUID so t... by wang Path Finder in Splunk Search 09-30-2014 0 2 | 0 | 2 | |
| | will it work: (earliest=-1d@d latest=@d sourcetype=a) OR (earliest=-1d@d sourcetype=b) ? by 0range Communicator in Splunk Search 09-30-2014 4 5 | 4 | 5 | |
| | Query "index=idx1 sourcetype=src1 sender="xyz" | timechart count as res1" showing results properly, and Query "inde... by toabhishek16 New Member in Splunk Search 09-30-2014 0 3 | 0 | 3 | |
| | Hi Experts, I have renamed my app. Earlier it was "Search" and I have renamed it to "Prod Search". I just renamed t... by vikas_gopal Builder in Splunk Search 09-30-2014 0 2 | 0 | 2 | |
| | I am trying to use the JAVA Splunk SDK to run a query and return the results. I can get the events of the search ret... by tmurray3 Path Finder in Splunk Search 09-30-2014 0 1 | 0 | 1 | |
| | Hello, I am quite new using Splunk and I have a question, that might be already be solved before, but I just want to ... by juancarlos_pola Explorer in Splunk Search 09-30-2014 0 3 | 0 | 3 | |
| | I have a search with one subsearch, that looks like this. sourcetype=sourcetype1 <search string> [search sourcetype=... by mcm10285 Communicator in Splunk Search 09-29-2014 0 2 | 0 | 2 | |
| | how do i use range to display green tick or red cross for the following index=xx sourcetype="yyy" State!="On" If '... by kris99 New Member in Splunk Search 09-29-2014 0 7 | 0 | 7 | |
| | We have enterprise data which we are querying and running through some 'hypothetical' business situations. So, ideall... by nickbyrne New Member in Splunk Search 09-29-2014 0 1 | 0 | 1 | |
| | I am trying to calculate the average number of errors by calculating events(with error)/total events. Here is my que... by vspreethi17 Explorer in Splunk Search 09-29-2014 1 4 | 1 | 4 | |
| | Trying to dump off what seems like a simple thing to do from raw iis logs. just want to not allow this to index: cs_... by cdupuis123 Path Finder in Splunk Search 09-29-2014 1 5 | 1 | 5 | |
| | I have a set of logs which wasn't automatically parsed when indexed into Splunk. I would like to extract a field fr... by sadkha Path Finder in Splunk Search 09-29-2014 1 1 | 1 | 1 | |
| | Hi Experts, I am configuring a dynamic ldap group with splunk .Group employee has more than 50,000 users. when I am ... by vikas_gopal Builder in Splunk Search 09-29-2014 1 1 | 1 | 1 | |
| | Hi I manage to load my directory into splunk. Its a directory of multiple single line .txt file. Splunk is able to r... by jonzhong New Member in Splunk Search 09-29-2014 0 3 | 0 | 3 | |
| | Hi, folks, I'm building an alert to detect anomalous logons, intending to use the following (simplified) logic, Sea... by malat_UoM Explorer in Splunk Search 09-29-2014 1 2 | 1 | 2 | |
 | Hi all Splunkers! So transactions. I have 3 eventtypes, lets call them et-A, et-B and et-C and I want to find all Tr... by nirmah Explorer in Splunk Search 09-28-2014 0 1 | 0 | 1 | |
| | My events have the following structure: id=[id] key=[key] value=[value] For example: id=1 key=mycounter value=4 id=1... by larsxschneider Explorer in Splunk Search 09-28-2014 0 3 | 0 | 3 | |
| | In users' /search/history folder there is a file named .csv (I guess that could be , as they are the same here) In t... by reedmohn Communicator in Splunk Search 09-28-2014 7 1 | 7 | 1 | |
| | For below search : eventtype=MYTYPE [search eventtype=MYTYPE | sort 0 _time desc | dedup fieldX | return 1000 sourc... by april_tao New Member in Splunk Search 09-27-2014 0 1 | 0 | 1 | |
| | Hi, I had the following sentence and wish to extract fields as follows: event Row: 1234, tp1, 314242, 1, 2014-0... by newbiesplunk Path Finder in Splunk Search 09-27-2014 0 2 | 0 | 2 |
Get Started
Explore Essential Splunk Resources
Get Expert Help at Community Office Hours
Join the #search-help Slack channel
Get Expert Help at Community Office Hours
Join the #search-help Slack channel
Become An Expert
Claim a $25 Cisco Store Gift Card
Help us improve the Splunk Community and complete our survey today!
Top Labels
-
administration
3 -
alert action
3 -
alert condition
2 -
Analytics Workspace
2 -
authentication
1 -
chart
943 -
Classic dashboard
1 -
configuration
2 -
correlation search
1 -
count
1,002 -
Dashboard Studio
3 -
data
3 -
data model
1 -
development
6 -
distributed search
1 -
drilldown
1 -
email
1 -
eval
2,607 -
field extraction
2,015 -
fields
2,057 -
host
1 -
index
4 -
indexer
2 -
inputs.conf
1 -
intermediate forwarder
1 -
introduction
5 -
join
1,056 -
JSON
2 -
Linux
2 -
login
1 -
lookup
1,559 -
metadata
307 -
monitoring console
2 -
other
141 -
panel
2 -
PDF
1 -
Python
1 -
regex
1,497 -
report acceleration
2 -
rex
1,245 -
SAML
1 -
saved search
5 -
scheduled search
4 -
scripted input
1 -
search
2 -
search head
3 -
search job inspector
680 -
search peer
1 -
simple XML
1 -
source
1 -
sourcetype
4 -
Splunk Web Framework
1 -
splunk-assist
1 -
splunkd
1 -
stats
3,553 -
subsearch
1,718 -
summary indexing
4 -
table
1,747 -
time
1 -
timechart
1,156 -
transaction
451 -
transforms.conf
1 -
troubleshooting
8 -
tstats
565 -
universal forwarder
5 -
using Splunk Cloud
2 -
using Splunk Enterprise
13 -
Windows
3
- « Previous
- Next »
Get Updates on the Splunk Community!
Index This | Why did the turkey cross the road?
November 2025 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with this ...
Enter the Agentic Era with Splunk AI Assistant for SPL 1.4
🚀 Your data just got a serious AI upgrade — are you ready?
Say hello to the Agentic Era with the ...
Feel the Splunk Love: Real Stories from Real Customers
Hello Splunk Community,
What’s the best part of hearing how our customers use Splunk? Easy: the positive ...
