Splunk Search

Community Activity

Search based on zero events Hi there,I would like to create a search to alert us based on an index not ingesting any event data by basing it off ... by u_m1580 New Member in Splunk Search 05-08-2025 0 2	0	2
Multiselect filter. Select all matches in classic dashboard. Hi Splunkers :-),We have nice feature it dashboard studio - "Select all matches" in multiselect filter.But, unfortuna... by LIS Path Finder in Splunk Search 05-07-2025 0 20	0	20
Combine 2 log events based on uniqueId into one single row in table I want to have result in table with 2 or 3 log events combined based on unique key in all events and return 1 single ... by sdanayak Loves-to-Learn in Splunk Search 05-07-2025 0 9	0	9
Transaction not showing me Unique Users I'm trying to track the duration of user sessions to a server. I want to know WHICH users are connecting, and for h... by Crabbok Engager in Splunk Search 05-07-2025 0 3	0	3
How to get a range of number? I am looking for a range of number within my results of my search query but I am getting no results back after adding... by jialiu907 Path Finder in Splunk Search 05-07-2025 0 12	0	12
Multiple Locked Account Query I'm creating Mutiple Locked account search query while checking the account first if it has 4767 (unlocked) it should... by Casial06 Explorer in Splunk Search 05-07-2025 0 4	0	4
Extremely large search job size We found that the search job size becomes extremely large during searches. My Splunk instance is a newly installed te... by Alan_Chan Explorer in Splunk Search 05-07-2025 0 1	0	1
Tstats command with span I am running tstats command with span of 2hrs for index and source.It returns the data for every 2hrs.But I want to i... by Harikiranjammul Explorer in Splunk Search 05-06-2025 0 4	0	4
Course does not appear in search filter Hi, I completed a course titled “Intro to Superman Mission Control” earlier, but it no longer appears in the free cou... by irfanarif Engager in Splunk Search 05-06-2025 0 2	0	2
reference lookup name in table I have a search where I am doing 2 inputlookups for 2 different lookups and appending them. Then I search them. Can I... by jat75 Explorer in Splunk Search 05-06-2025 0 1	0	1
Is it possible to create an html unorder (bullet) list for each row of a table output? Id like to create table of results, and convert each row into an unordered bullet list using html. Such as: \| table r... by timgren Path Finder in Splunk Search 05-06-2025 0 1	0	1
Splunk transaction – Trouble extracting first and last messages Hello,I'm working on a Splunk query to track REST calls in our logs. Specifically, I’m trying to use the transaction ... by Jessydan Explorer in Splunk Search 05-05-2025 0 10	0	10
Trouble looping through table and performing a subsearch for each item. I am trying to loop over a table and perform a subsearch for each item. I can confirm I am generating the first table... by Ara Engager in Splunk Search 05-05-2025 0 6	0	6
Attempting to write a search to find all CrowdStrike agents that are installed on the hosts in our environment Hello,Got tasked with finding all hosts that didnt have the crowdstrike agent installed and running into problems wit... by Ghost New Member in Splunk Search 05-05-2025 0 2	0	2
Run predict command for multiple disk in same query I have multiple disk like C, D & E on server and want to do the prediction for multiple disk in same query.index=main... by RSS_STT Explorer in Splunk Search 05-05-2025 0 2	0	2
Can’t search by sourcetype without index – data ingested via HEC, visible by index Hi community,I'm running into a permissions/visibility issue (I don't know) with an index created for receiving data ... by AJH2000 Explorer in Splunk Search 05-05-2025 0 3	0	3
I want to replace hard coded text "Today" by current system date in splunk report I want to replace hard coded text "Today" by current system date in splunk report. Please help if it is possible.Plea... by avikc100 Path Finder in Splunk Search 05-03-2025 0 6	0	6
REGEX Problem : Json Structure and sub structure Hello.For reasons of JSON log splitting, I have a problem with a complex structure.The integration is in a forwarder ... by pck_npluyaud Explorer in Splunk Search 05-03-2025 0 8	0	8
Dashboard-Data and search as one query Hi Team,Currently in my dashboard i am using two separate query for data and search lambda separetly and added to the... by nithys Communicator in Splunk Search 05-02-2025 0 2	0	2
Using Lookup to determine Field Value I have a unique situation with my customer. I want to create a lookup table that the customer can put fields they wa... by dlm Path Finder in Splunk Search 05-02-2025 0 7	0	7
New metadata field for all events coming via UF for custom application Added the config for the new metadata field in the inputs.conf file and created a fields.conf file to set the field a... by Charlize Engager in Splunk Search 05-02-2025 0 4	0	4
How to join 2 logs using trx_id Hello Friends,I am trying to join the 2 logs with same index using trx_id(here it is called X_Correlation_ID ) but su... by onthakur Explorer in Splunk Search 05-01-2025 0 4	0	4
How to pivot data I have data like this id time Conatctsx14/22/2011 10:00676689x14/23/2011 11:00 I want it like as shown below : L... by Punnu Path Finder in Splunk Search 05-01-2025 0 1	0	1
Send an Email for each lookup .csv processed. Hi Splunk Community team,Please help:I have N number of lookup lk_file_abc3477.csv, lk_file_xare000csv, lk_file_ppbc3... by JMPP Explorer in Splunk Search 05-01-2025 0 4	0	4
timechart but only for the top 5 I want to use timechart to show a graph of the progress of an item so I use this command \| timechart span=1w count b... by hartfoml Motivator in Splunk Search 05-01-2025 4 11	4	11