Splunk Search

Community Activity

One file with two sourcetype Need Regex I have my DNS and DHCP logs in one file and I would like to set "TZ = UTC" on the sourcetype. My problem is what wou... by hartfoml Motivator in Splunk Search 09-11-2013 0 3	0	3
Use of NOT operator Hello Splunkers, I'm trying to run a search against some logs that include a wild carded hostname, two error messages... by lbogle Contributor in Splunk Search 09-11-2013 0 2	0	2
Alternative to stats dc(*) Hello, I have a dashboard for windows event viewer. There are two pulldowns which populates the relevant fields. But ... by linu1988 Champion in Splunk Search 09-11-2013 0 8	0	8
DB Connect does not work when enableSplunkdSSL=false Hi. For some reasons, I turned off SSL for Splunk REST API. Everything is fine, except the Splunk DB Connect app. j... by yitzarad Path Finder in Splunk Search 09-11-2013 4 4	4	4
streamstats multiple moving averages My current Splunk search looks like this: sourcetype="ContributionWebApiUat" DbResponseTime=* \| chart values(DbRespo... by philallen1 Path Finder in Splunk Search 09-11-2013 0 1	0	1
Is this a Join, subsearch, or something else? In my search I am at a stage where I have something like below. USERID EVENT STATUS 1 HELLO PASS 2 HELLO F... by theeven Explorer in Splunk Search 09-11-2013 1 9	1	9
How to remove "received event for unconfigured/disabled/deleted index" messages Due to some mistake, I am getting this messages: received event for unconfigured/disabled/deleted index='2013-03-10 ... by mkelderm Path Finder in Splunk Search 09-11-2013 0 6	0	6
Regex remove quotes from log file field Hi, I have a transform like this - it works fine except when I need to look up a field [specialLogFile] REGEX = ^([... by mplungjan Path Finder in Splunk Search 09-11-2013 0 2	0	2
extracting year from directory name & date/time from file I have syslog files that are in the directory structure of system/Hosts/year/month/day I've been able to get the ind... by pljulien New Member in Splunk Search 09-11-2013 0 1	0	1
Values function separator My query is the following index="_internal" \| table host \| stats values(host) output: values(host) host1 host2 I w... by ERICKWONG Explorer in Splunk Search 09-10-2013 0 6	0	6
Running tscollect on a search head pool We have a dashboard that I would like to use tstats to generate the data, and run a search ever 2 minutes using tscol... by sf_user_199 Path Finder in Splunk Search 09-10-2013 1 2	1	2
inputlookup with database lookup Is there a way to use a database lookup in the way you would using inputlookup? If I wanted to just dump the contents... by rdownie Communicator in Splunk Search 09-10-2013 1 1	1	1
Can I use environemnt variable as host in inputs.conf of forwarder ? Is it possible in inputs.conf in windows machine to use host=$ I tried using: host=$computername but in the inde... by parth_jec Path Finder in Splunk Search 09-10-2013 3 1	3	1
Difference between last(X) and latest(X) Hi, What is the difference between last(X) and latest(X) functions for stats. I tried both in searches and i get sam... by strive Influencer in Splunk Search 09-10-2013 3 2	3	2
SavedSplunker - Max alive instance count=1 reached for saved search_id Splunk Version : 4.3.4 OS : Redhat Message : SavedSplunker - Max alive instance count=1 reached for saved search_id... by joy76 Path Finder in Splunk Search 09-10-2013 1 1	1	1
search time range I need to have a search that uses: index="pt_app_siebel" SWEMethod="ReconfigureCXProd" starttime=9/6/2013:00:00:00 l... by TiagoMatos Path Finder in Splunk Search 09-10-2013 0 5	0	5
Sorting of Columns in Saved Search Hello everyone, I have a table like the below example: \|\| Protocol \|\| Count \|\| \|\| TCP \|\| 500 \|\| \|\| UDP \|\| 200 \|\| ... by ppurokit Path Finder in Splunk Search 09-10-2013 0 1	0	1
Regex to return which includes a specific text Hi, I am planning to capture all the URIs with word chaser (case in sensitive). I have used this \| regex uri="(?i)C... by xvxt006 Contributor in Splunk Search 09-10-2013 0 6	0	6
Custom Condition Hello, I have a table that returns with these fields: AvgLow and AvgLowNOW, but they appear many times, like this Av... by TiagoMatos Path Finder in Splunk Search 09-10-2013 0 6	0	6
Calculating percentages for source and destination IP data by source count and then by source-destination pair Good Day! Given the following data... srcdst1.2.3.49.8.7.61.2.3.49.8.7.61.2.3.49.8.7.64.3.2.16.7.8.91.2.3.45.6.7.8 ... by splunkhelp Explorer in Splunk Search 09-10-2013 1 1	1	1
Search in a Map/SetMultimap I have a map with Map and a SetMulitmap and I'm not really familiar with splunk at the moment. So how do I search i... by mirjam_labrenz New Member in Splunk Search 09-10-2013 0 1	0	1
Regex to capture uris with a particular word I am looking for regex to capture all the URIs which includes "chaser" (case insensitive). I have used this <base s... by xvxt006 Contributor in Splunk Search 09-09-2013 0 2	0	2
Date AND Time Range I'm pretty new to Splunk, so hopefully this is an easy question. I've looked all over the community questions and I ... by whathuh New Member in Splunk Search 09-09-2013 0 2	0	2
Lookup Source IP or Destination IP value Greetings, My journey continues. Now I would like to have a lookup match either the source or destination IP to an ... by ccsfdave Builder in Splunk Search 09-09-2013 0 3	0	3
Inline REX extraction not working once I move it Field Extraction The following gives me exactly what I want host=****** Failed_Reason minutesago=15 \| rex "\>(?<Failed_Reason>.*?)\<"... by ebailey Communicator in Splunk Search 09-09-2013 0 4	0	4

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...

Splunk Search

One file with two sourcetype Need Regex

Use of NOT operator

Alternative to stats dc(*)

DB Connect does not work when enableSplunkdSSL=false

streamstats multiple moving averages

Is this a Join, subsearch, or something else?

How to remove "received event for unconfigured/disabled/deleted index" messages

Regex remove quotes from log file field

extracting year from directory name & date/time from file

Values function separator

Running tscollect on a search head pool

inputlookup with database lookup

Can I use environemnt variable as host in inputs.conf of forwarder ?

Difference between last(X) and latest(X)

SavedSplunker - Max alive instance count=1 reached for saved search_id

search time range

Sorting of Columns in Saved Search

Regex to return which includes a specific text

Custom Condition

Calculating percentages for source and destination IP data by source count and then by source-destination pair

Search in a Map/SetMultimap

Regex to capture uris with a particular word

Date AND Time Range

Lookup Source IP or Destination IP value

Inline REX extraction not working once I move it Field Extraction

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

SPL2 searches acceleration

Datamodel summaries not visible

How to get an extract of threshold values set in s...

how to query OCI Audit logs from Datasafe

SPLUNK ES 8.2.3 Drill Down not appearing

Splunk Search

Join the Conversation