Splunk Search

Community Activity

Issue with Splunk extracting escaped fields/values Hi, I use the CEFUtils app to do search time field extractions of CEF formated events. The problem is that Splunk al... by flle Path Finder in Splunk Search 10-17-2012 0 3	0	3
Start and End time of a search Hello everyone, I am having trouble getting my searches to run from 12:00 Am Sunday morning to 11:59:59PM on Saturday... by Michael_Schyma1 Contributor in Splunk Search 10-17-2012 1 4	1	4
Transforms on multiple indexes of XML sources with nested, duplicate keys I would like to get a single report by combining data from 3 different data sources. However, I am running into a pro... by humbertocastro New Member in Splunk Search 10-17-2012 0 2	0	2
splunk "searches and reports" list more owners? can I make this dropdown show all my owners? by mmattek Path Finder in Splunk Search 10-17-2012 0 2	0	2
incorrect number of events in search results when using sort command Hi. When searching "index=sample \| sort host", the search stopped at 10000 events. Is there a limit on number of eve... by alextsui Path Finder in Splunk Search 10-17-2012 1 3	1	3
remove a blank line from a file Hi , I would like to remove a blank line from a file based on certain fields If that field is blank, i will remove t... by abhayneilam Contributor in Splunk Search 10-17-2012 0 1	0	1
if-else condition Can I use like this : \| eval a=if(Location!=" ",stat count by Location) but I am getting error.. actually I want ... by abhayneilam Contributor in Splunk Search 10-16-2012 0 2	0	2
Cannot change XAxis label on Splunk 4.3 under a Hidden chart Module the parameter for adding a label to the X Axis doesnt seem to work: <param name="primary... by Dark_Ichigo Builder in Splunk Search 10-16-2012 0 4	0	4
How do I append text to my search results? I want to append some text to the raw search results before I send off an e-mail. That e-mail should contain the raw ... by mallem Path Finder in Splunk Search 10-16-2012 0 1	0	1
count the number of KEYWORD Hi, I have a file which contains : HI bye HI hi BYE I would like to know how many HI is there in my file which wo... by abhayneilam Contributor in Splunk Search 10-16-2012 0 1	0	1
How can i do the search in multiple indexes Hi, How can I do search in multiple index. lets say I have 5 indexes and I want to do the same search in all the fiv... by abhayneilam Contributor in Splunk Search 10-16-2012 3 1	3	1
Splunk status/start commands giving an invalid status on crashed splunk forwarder I've encountered the following with a crashed splunk forwarder running on 4.3.3 Linux 64-bit. Splunk says it’s runni... by robjordan_boa Explorer in Splunk Search 10-16-2012 2 3	2	3
Error in 'lookup' command: Could not find all of the specified lookup fields in the lookup table. I created a look up table that does return all the fields if I use the search command: \|inputlookup lookuptable But... by lpolo Motivator in Splunk Search 10-16-2012 2 5	2	5
What are possible search strategies to find most recent values of one or more fields? Hi All I'm looking at the possible approaches to obtain events that contain the most recent values for one or more f... by Marinus Communicator in Splunk Search 10-16-2012 0 9	0	9
STATS function Hi, Is there a way to find out the max response time during a 30-minute bucket and its associated url from the web se... by shangshin Builder in Splunk Search 10-16-2012 0 3	0	3
How do I get mvcount to display 0 when no field exists? Hi all, I have a search that looks something like this: foo \| extract pairdelim="\|;]}" kvdelim="=:" mv_add=true \| e... by DamianS Explorer in Splunk Search 10-16-2012 0 3	0	3
Lookup query hi for this ..\|lookup keywords match output keyword where keywords.csv is my lookup whwre i need to put in in mycompu... by Tridi123 New Member in Splunk Search 10-16-2012 0 2	0	2
How to add time from drop down in GUI to search string automatically In order to establish the search timeframe for Splunk there are 3 options that I know of. Use the dropdown to the ri... by brantramey Explorer in Splunk Search 10-16-2012 0 1	0	1
Where to search my monitored indexed log Hey guys, I have written some stuff in the inputs.conf file and the fschange stuff works but I can't find the logs ... by SplunkUser5888 Path Finder in Splunk Search 10-16-2012 0 7	0	7
Building new events based on transactions at index time Howdy, I've a load balancer which is happily sending event logs when certain events happen in a web app flow. It wil... by acidkewpie Path Finder in Splunk Search 10-16-2012 0 3	0	3
Subtraction of the time duration I used the below query and i got the following result source="ADFER"\|transaction Taskaction startswith="START" endsw... by splunkpoornima Communicator in Splunk Search 10-16-2012 0 3	0	3
Newbie Splunk Field Extraction Question I have a log entry that looks like this. I am talked with coming up with a quick-and-dirty financial report to repor... by jcman01 Engager in Splunk Search 10-16-2012 0 3	0	3
Question on basic subtraction in time charts Per below- my Total Configured_Space & Free_Space work great. timechart eval(sum(Logical_Capacity_Blocks) / 20971520... by clintla Contributor in Splunk Search 10-16-2012 0 5	0	5
How to identify a raw events splunk instance origin Does anyone know how to identify the splunk instance from which a raw event was forwarded? Note: this could either be... by Lucas_K Motivator in Splunk Search 10-15-2012 0 1	0	1
Scheduled searches question I have a dashboard with 10 single value boxes and I refresh it every minute. Every single value box search my indexes... by bckq Path Finder in Splunk Search 10-15-2012 0 3	0	3

Get Updates on the Splunk Community!

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers, We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

Splunk Search

Issue with Splunk extracting escaped fields/values

Start and End time of a search

Transforms on multiple indexes of XML sources with nested, duplicate keys

splunk "searches and reports" list more owners?

incorrect number of events in search results when using sort command

remove a blank line from a file

if-else condition

Cannot change XAxis label on Splunk 4.3

How do I append text to my search results?

count the number of KEYWORD

How can i do the search in multiple indexes

Splunk status/start commands giving an invalid status on crashed splunk forwarder

Error in 'lookup' command: Could not find all of the specified lookup fields in the lookup table.

What are possible search strategies to find most recent values of one or more fields?

STATS function

How do I get mvcount to display 0 when no field exists?

Lookup query

How to add time from drop down in GUI to search string automatically

Where to search my monitored indexed log

Building new events based on transactions at index time

Subtraction of the time duration

Newbie Splunk Field Extraction Question

Question on basic subtraction in time charts

How to identify a raw events splunk instance origin

Scheduled searches question

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

SPL2 searches acceleration

Datamodel summaries not visible

How to get an extract of threshold values set in s...

how to query OCI Audit logs from Datasafe

SPLUNK ES 8.2.3 Drill Down not appearing

Splunk Search

Join the Conversation