Splunk Search

Community Activity

Renaming fields generically based on lookup table/second source We have a setup of data going to splunk, where we query a number of files with varying numbers of fields (sometimes o... by kenbaugher Path Finder in Splunk Search 05-01-2025 0 3	0	3
Excluding holidays and weekends for Alert and alert if there is 0 events My search query:Index=xxx <xxxxxxx>\|eval Date=strftime(_time,"%Y-%m-%d")\| lookup holidays.csv HolidayDate as Date out... by Cheng2Ready Communicator in Splunk Search 04-30-2025 0 10	0	10
How to use "case" command with count? I am looking to make a "pulse" dashboard for a host on my network, it will pulse green up when up and red when down.s... by ajmach343 Explorer in Splunk Search 04-29-2025 0 5	0	5
Set the index with a field when using collect command Hello!I'm looking to set the index parameter of the collect command with the value of a field from each event.Here's ... by ejwade Contributor in Splunk Search 04-29-2025 0 11	0	11
Search for events that have only specific multiple values in a field Hey all - I have a need to search for events in Splunk that contain two specific values in one field. I want the resu... by RowdyRodney Engager in Splunk Search 04-29-2025 0 2	0	2
Help with accessing the latest event Hi,I have dataset in the following formatName,Status,TimestampABC,F, 04/24/2025 15:30:03ABC, R, 04/24/2025 15:15:01I ... by bsreeram Explorer in Splunk Search 04-28-2025 0 7	0	7
Need a rex to extract an ip address with a trailing port number I would like to extract an ip address from a text field where the ip address has a trailing port number.The text is l... by mark_groenveld Path Finder in Splunk Search 04-28-2025 0 5	0	5
Why the same query returning different results on REST? The following query return the expected result on Postman but return a different result on Javacsript fetch:search ho... by goudas New Member in Splunk Search 04-28-2025 0 2	0	2
Replacing single backslash with double backslash and searching the result Hi all,I'm trying to dynamically replace single backslashes with double backslashes in a search string and use the re... by ganesanvc Engager in Splunk Search 04-25-2025 0 12	0	12
How to add dark theme compatibility to custom app? We use a custom app in our Splunk Cloud instance to segregate dashboards and searches from other teams. With the rece... by chartastic Explorer in Splunk Search 04-25-2025 0 17	0	17
Table a query with X and Y Good afternoon Splunk Team,I have my search query: index=example_mine host=x.x.x.x [ \| inputlookup myfiile.csv \| r... by CMAzurdia Engager in Splunk Search 04-24-2025 0 5	0	5
Need to see data for the months with no events as zero Hi all,I have a situation. Below is my search. Search needs to produce past 6 months of report. The goal is to produc... by mbasharat Builder in Splunk Search 04-24-2025 0 4	0	4
splunk dashboard So i have a dashboard and in drilldown i am showing severity in the servers now i want whenever the severity is solv... by SN1 Path Finder in Splunk Search 04-24-2025 0 6	0	6
Pulling back data from users login in using SAML. Hello Splunk team,I need a search query that can pull data back of successful and unsuccessful login attempts of user... by CMAzurdia Engager in Splunk Search 04-23-2025 0 4	0	4
Search for "index=" in searches Hello guys, I need a splunk query that list out all the alerts that have index= in their query. Unfortunately, I can... by sverdhan Loves-to-Learn Lots in Splunk Search 04-23-2025 0 4	0	4
need to build an automation to import CSV from below mentioned github location into Splunk lookup file anybody have experience for building an automation to import CSV from github location into Splunk lookup file, CSV f... by Zoe_ Observer in Splunk Search 04-23-2025 0 2	0	2
How to get data from raw array of json from sendgrid webhook events I am currently working with data from SendGrid Event API that is being ingested into Splunk. The data includes multip... by amitrinx Explorer in Splunk Search 04-23-2025 0 3	0	3
Why is a value appearing twice in a table but only occurs once in the event data? I'm running a very simple search to draw a table. One of the values returned is appearing twice in the table, but on... by rob_gibson Path Finder in Splunk Search 04-22-2025 0 9	0	9
Accuracy of metadata command in large environments? The manual entry for the metadata command says "...in environments with large numbers of values per category, the da... by lguinn2 Legend in Splunk Search 04-22-2025 2 27	2	27
How to specify the range of longitude and latitude Use iplocation or geostats to display within a range of 100 kilometers (with longitude of 0.89 degrees and latitude o... by Zhangyy New Member in Splunk Search 04-22-2025 0 6	0	6
How to display JSON tree structure in a summary index without output_mode=hec? Hello,How to display JSON tree structure in a summary index without output_mode=hec?I am not a Splunk admin. So, the ... by LearningGuy Motivator in Splunk Search 04-22-2025 0 1	0	1
Custom field from an event is not being parsed correctly Hi, We are using the event field message in our alert, but in some cases, the field is not being parsed correctly. Fo... by bilalzaib Engager in Splunk Search 04-21-2025 0 3	0	3
How to check if a nested json object is present or not in the splunk record I have a few records in the splunk like this{"timeStamp":"2025-04-21T08:21:40.000Z","eventId":"test_eventId_1","orign... by ravi_lookout Explorer in Splunk Search 04-21-2025 0 2	0	2
Searching 2 indexes comparing 2 fields I am trying to locate some data between two indexes, the common items are the src_interface and the network device na... by MrGlass Explorer in Splunk Search 04-19-2025 0 7	0	7
Splunk time difference showing as null I need to calculate time difference between start and end times. But I get the difference value as null. Not sure wha... by Das Engager in Splunk Search 04-18-2025 0 2	0	2