Splunk Search

Community Activity

Splunk can't write index file for lookup table I've recently started getting the following error when running a search that previously was working: Empty csv looku... by responsys_cm Builder in Splunk Search 10-18-2012 0 2	0	2
Redundant Time Values in Search Hello Everyone! Thank you for your help. Our indexer currently has standard log4j logs as well as some custom logs.... by nowakdaw Path Finder in Splunk Search 10-18-2012 0 1	0	1
Rounding numbers in a timechart I am trying to show on a line graph the percentage of failed login attempts in an authentication stream of events. Ev... by Runals Motivator in Splunk Search 10-18-2012 0 2	0	2
double date in log recently i notice log send by my switch to splunk is indexed by double date & time format, my switch date and my splu... by supernana New Member in Splunk Search 10-18-2012 0 4	0	4
makin the keyword case in-sensitive Hi, My report is getting generated as : Keyword No_of_occurance Mumbai 2 kolkata 2 DELhi 1 de... by abhayneilam Contributor in Splunk Search 10-17-2012 0 2	0	2
search in a multiple index at one go I want five keywords to search in 3 indexes named "one" , "two" , "three" I want my output like : keyword "on... by abhayneilam Contributor in Splunk Search 10-17-2012 0 5	0	5
Comparing results from two searches Hello, I am trying to compare the standard deviation from the last 24 hours to the standard deviation of the last 3... by dcparker Path Finder in Splunk Search 10-17-2012 0 1	0	1
Issue with Splunk extracting escaped fields/values Hi, I use the CEFUtils app to do search time field extractions of CEF formated events. The problem is that Splunk al... by flle Path Finder in Splunk Search 10-17-2012 0 3	0	3
Start and End time of a search Hello everyone, I am having trouble getting my searches to run from 12:00 Am Sunday morning to 11:59:59PM on Saturday... by Michael_Schyma1 Contributor in Splunk Search 10-17-2012 1 4	1	4
Transforms on multiple indexes of XML sources with nested, duplicate keys I would like to get a single report by combining data from 3 different data sources. However, I am running into a pro... by humbertocastro New Member in Splunk Search 10-17-2012 0 2	0	2
splunk "searches and reports" list more owners? can I make this dropdown show all my owners? by mmattek Path Finder in Splunk Search 10-17-2012 0 2	0	2
incorrect number of events in search results when using sort command Hi. When searching "index=sample \| sort host", the search stopped at 10000 events. Is there a limit on number of eve... by alextsui Path Finder in Splunk Search 10-17-2012 1 3	1	3
remove a blank line from a file Hi , I would like to remove a blank line from a file based on certain fields If that field is blank, i will remove t... by abhayneilam Contributor in Splunk Search 10-17-2012 0 1	0	1
if-else condition Can I use like this : \| eval a=if(Location!=" ",stat count by Location) but I am getting error.. actually I want ... by abhayneilam Contributor in Splunk Search 10-16-2012 0 2	0	2
Cannot change XAxis label on Splunk 4.3 under a Hidden chart Module the parameter for adding a label to the X Axis doesnt seem to work: <param name="primary... by Dark_Ichigo Builder in Splunk Search 10-16-2012 0 4	0	4
How do I append text to my search results? I want to append some text to the raw search results before I send off an e-mail. That e-mail should contain the raw ... by mallem Path Finder in Splunk Search 10-16-2012 0 1	0	1
count the number of KEYWORD Hi, I have a file which contains : HI bye HI hi BYE I would like to know how many HI is there in my file which wo... by abhayneilam Contributor in Splunk Search 10-16-2012 0 1	0	1
How can i do the search in multiple indexes Hi, How can I do search in multiple index. lets say I have 5 indexes and I want to do the same search in all the fiv... by abhayneilam Contributor in Splunk Search 10-16-2012 3 1	3	1
Splunk status/start commands giving an invalid status on crashed splunk forwarder I've encountered the following with a crashed splunk forwarder running on 4.3.3 Linux 64-bit. Splunk says it’s runni... by robjordan_boa Explorer in Splunk Search 10-16-2012 2 3	2	3
Error in 'lookup' command: Could not find all of the specified lookup fields in the lookup table. I created a look up table that does return all the fields if I use the search command: \|inputlookup lookuptable But... by lpolo Motivator in Splunk Search 10-16-2012 2 5	2	5
What are possible search strategies to find most recent values of one or more fields? Hi All I'm looking at the possible approaches to obtain events that contain the most recent values for one or more f... by Marinus Communicator in Splunk Search 10-16-2012 0 9	0	9
STATS function Hi, Is there a way to find out the max response time during a 30-minute bucket and its associated url from the web se... by shangshin Builder in Splunk Search 10-16-2012 0 3	0	3
How do I get mvcount to display 0 when no field exists? Hi all, I have a search that looks something like this: foo \| extract pairdelim="\|;]}" kvdelim="=:" mv_add=true \| e... by DamianS Explorer in Splunk Search 10-16-2012 0 3	0	3
Lookup query hi for this ..\|lookup keywords match output keyword where keywords.csv is my lookup whwre i need to put in in mycompu... by Tridi123 New Member in Splunk Search 10-16-2012 0 2	0	2
How to add time from drop down in GUI to search string automatically In order to establish the search timeframe for Splunk there are 3 options that I know of. Use the dropdown to the ri... by brantramey Explorer in Splunk Search 10-16-2012 0 1	0	1

Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Thursday, July 9, 2026 | 11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...

Splunk Search

Splunk can't write index file for lookup table

Redundant Time Values in Search

Rounding numbers in a timechart

double date in log

makin the keyword case in-sensitive

search in a multiple index at one go

Comparing results from two searches

Issue with Splunk extracting escaped fields/values

Start and End time of a search

Transforms on multiple indexes of XML sources with nested, duplicate keys

splunk "searches and reports" list more owners?

incorrect number of events in search results when using sort command

remove a blank line from a file

if-else condition

Cannot change XAxis label on Splunk 4.3

How do I append text to my search results?

count the number of KEYWORD

How can i do the search in multiple indexes

Splunk status/start commands giving an invalid status on crashed splunk forwarder

Error in 'lookup' command: Could not find all of the specified lookup fields in the lookup table.

What are possible search strategies to find most recent values of one or more fields?

STATS function

How do I get mvcount to display 0 when no field exists?

Lookup query

How to add time from drop down in GUI to search string automatically

Monitoring AI Agents with Splunk Observability Cloud

[Puzzles] Solve, Learn, Repeat: Tiling

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

How to get an extract of threshold values set in s...

how to query OCI Audit logs from Datasafe

SPLUNK ES 8.2.3 Drill Down not appearing

Using Splunk to Analyze Web Traffic & Machine-Gene...

How can i export a list of all services in APM

Splunk Search

Join the Conversation