Splunk Search

Ask a Question

Discussions

Thread Info

Host override with event data

Hello, I have logs coming in with the host showing as the UF. I want to replace the host value with some event dat...

by Explorer in

Where can I download Universal Forwarder Package for Windows ARM

Hello, I am looking to download Forwarder package windows ARM for Surface 7 laptops and not finding the link, plea...

by Motivator in

Extract multivalue field using transforms mv_add=true not working as expected

Hi, I am having hard time extracting multi value fields present in an event using transforms mv_add=true, it seem...

by Path Finder in

Proper Rex expression help

I need help building a proper rex expression to extract the bold text from the following raw data {"bootcount":8,"d...

by Path Finder in

display field value in a statement

i have a field coming after a calculation like a percentage field the request from user is to display in text format...

by Path Finder in

Splunk mvexpand results truncated

Hi, I have this Splunk SPL: index=EventViewer source="WinEventLog:Application" SourceName=sample | table h...

by Engager in

Rex expression built with field extractor not working?

I have a reliable base query to find events containing the information I want. I built a rex using the field extrac...

by Path Finder in

Issue with printmon query not showing the proper results for "total_pages"

ALCON, Hello, I am having issues with printmon query results not showing the proper results for "total_pages". The...

by Explorer in

compare data in two columns

Hi i have data from two columns and using a third column to display the matches | makeresults| eval GroupA = 353...

by Path Finder in

Questions on query to get all alerts which are configured in Splunk , 1 , 0 , and Blanks in the fields

So jumping into this search questionhttps://community.splunk.com/t5/Alerting/How-can-I-query-to-get-all-alerts-which...

by Communicator in

Splunk Search to identify users searching back 30 days or more

I am trying to create a search that shows me all users that are searching back 30 days or longer in Splunk.For exampl...

by Path Finder in

How to convert epoch time to human readable format in search query?

Could someone please help me convert epoch time to human readable time? "time":1407361408100 this is what i'm t...

by Explorer in

Searching across multiple host combinations

Our team looks after 7 applications, we have 5 environments and each application sits on between 2 and 4 servers, dep...

by New Member in

How to create a single table with results from two different queries

Hi everyone.I'm sorry if this seems like a questions that's already been asked, but none of the answers I could find ...

by Path Finder in

Splunk Visualization displaying the same color for both columns

I am using the following query to display a result on a dashboard (query with sample data which resembles the data I ...

by Engager in

Saved Searches

Hello all,Actually i have been using rest command | rest /servicesNS/-/MYAPP/saved/searches | table titleto call m...

by Explorer in

How to create a field on the fly using CASE

I have the following values that will go in a field titled StatusMsg: "Task threw an uncaught and unrecoverable exc...

by Communicator in

Could not determine $SPLUNK_HOME, perhaps it should be set in environment.

I keep getting the message Couldn't determine $SPLUNK_HOME, perhaps it should be set in environment when I tr...

by Splunk Employee in

Using regex to extract data

I am looking to extract this section of an event and have it as a field that I am able to manipulate with. I am unfam...

by Path Finder in

Using the map command with a subsearch not working

Hello all, new poster here. I have a csv file with a column full of Splunk queries. I am trying to enrich my Splunk i...

by Observer in

REGEX problem

Please help me in extracting only compression values from this raw event - "response_time_last_byte":5,"compressio...

by Communicator in

Search For max value in Stats within Multiple Search outputs

Hello, I have this search query index=app iNumber IN (72061271737983, 72061271737983, 72061274477906...

by Engager in

JSON extraction needed

Hi. I have below raw event/s.Highlighted Syntax:{ [-] body: {"isolation": "isolation","device_classification": "Net...

by Builder in

Remove specific string from event at index time

I am trying to remove specific strings and their values from Splunk events at index time as they are not needed in th...

by New Member in

Not seeing anything returned when using Sum with an eval IF statement

Hello, Thanks in advance for any help and Karma will be on the way :). So I'm trying to create a Table that uses ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Host override with event data

Where can I download Universal Forwarder Package for Windows ARM

Extract multivalue field using transforms mv_add=true not working as expected

Proper Rex expression help

display field value in a statement

Splunk mvexpand results truncated

Rex expression built with field extractor not working?

Issue with printmon query not showing the proper results for "total_pages"

compare data in two columns

Questions on query to get all alerts which are configured in Splunk , 1 , 0 , and Blanks in the fields

Splunk Search to identify users searching back 30 days or more

How to convert epoch time to human readable format in search query?

Searching across multiple host combinations

How to create a single table with results from two different queries

Splunk Visualization displaying the same color for both columns

Saved Searches

How to create a field on the fly using CASE

Could not determine $SPLUNK_HOME, perhaps it should be set in environment.

Using regex to extract data

Using the map command with a subsearch not working

REGEX problem

Search For max value in Stats within Multiple Search outputs

JSON extraction needed

Remove specific string from event at index time

Not seeing anything returned when using Sum with an eval IF statement

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions