Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
Options
- Mark all as New
- Mark all as Read
- Float this item to the top
- Subscribe
- Bookmark
- Subscribe to RSS Feed
- Threaded format
- Linear Format
- Sort by Topic Start Date
Community Activity
 | Hi, I have a novice question, but is it possible to have more than one sourcetype for a given source? by Samslara Explorer in Splunk Search 10-20-2011 0 1 | 0 | 1 | |
 | I was collecting windows event logs using agent less Splunk server through remote WMI calls and the "sourcetype=WMI:W... by hartfoml Motivator in Splunk Search 10-20-2011 0 5 | 0 | 5 | |
| | Hello, I've figured out how to start a real-time search job. I'm wondering if there's any way to trigger a shell co... by mknowles Engager in Splunk Search 10-20-2011 2 7 | 2 | 7 | |
| | Hi, I have a log where the, app logs the various steps for a unique opertaion id (id below) -> ...... ts=13188618399... by anshumishra New Member in Splunk Search 10-19-2011 0 3 | 0 | 3 | |
| | The transaction command matches only the first instance of the specified endswith, however it's possible and likely t... by lisa_1 Explorer in Splunk Search 10-19-2011 2 4 | 2 | 4 | |
| | Hi, I have 2 search queries. sourcetype="zzz" Accepted | stats count as SuccessCases sourcetype="zzz" Rejected | s... by adityapavan18 Contributor in Splunk Search 10-19-2011 0 7 | 0 | 7 | |
| | I have this regex expresion: REGEX = (?m)^EventCode=(4674)|(ServerName\$) This works great to identify the two cond... by hartfoml Motivator in Splunk Search 10-19-2011 0 10 | 0 | 10 | |
| | I tried the following: host=A earliest=10/01/2011:0:0:0 latest=10/01/2011:11:0:0 | timechart span=1h count by msg W... by myli12 Path Finder in Splunk Search 10-18-2011 0 1 | 0 | 1 | |
| | I have the following xml <module name="HiddenSearch" layoutPanel="panel_row2_col1" group="XXX" autoRun="True"> ... by sf_user_199 Path Finder in Splunk Search 10-18-2011 1 5 | 1 | 5 | |
| | Hi, I have some events, and a User lookup. The Lookup holds the UserID, User Name, a WorkGroup, and dates when th... by JovanMilosevic Path Finder in Splunk Search 10-18-2011 1 3 | 1 | 3 | |
| | In a dashboard, calling a csv file query. Then I want to insert a present login account*(UserAccount)*. How can I ge... by lanying Explorer in Splunk Search 10-18-2011 0 3 | 0 | 3 | |
| | This seems like it should be such a straightforward thing, but having a hard time nailing down an answer we're happy ... by jcfergus Engager in Splunk Search 10-17-2011 0 1 | 0 | 1 | |
| | Hi, I have a set of logs in the following format 2011-10-17 14:16:11,117 [main] : DEBUG - <Application Id [461620... by thejaspavithran New Member in Splunk Search 10-17-2011 0 2 | 0 | 2 | |
| | I can check the DB size and it continues to grow but nothing new shows up in the search. I have 2 that are updating a... by timpet New Member in Splunk Search 10-14-2011 0 1 | 0 | 1 | |
| | We have a search that someone from Splunk helped us put together a few years ago that we altered a bit: index="Firew... by merritsa Path Finder in Splunk Search 10-14-2011 0 4 | 0 | 4 | |
| | Hi, I am sure the answer is out there but I am not exactly sure how to ask the question. My Splunk server has two p... by kholleran Communicator in Splunk Search 10-14-2011 0 1 | 0 | 1 | |
| | I have a simple configuration for few forwarders and an indexer. I have configured the field look-up on Splunk indexe... by kmisaal New Member in Splunk Search 10-13-2011 0 1 | 0 | 1 | |
| | I was under the impression that this was taken care of automatically by the bundle replication however when trying to... by kbecker Communicator in Splunk Search 10-13-2011 1 5 | 1 | 5 | |
| | I am trying to set a field to the value of a string without the last 2 digits. For example: Hotel=297654 from 29765... by rachelneal Path Finder in Splunk Search 10-13-2011 0 1 | 0 | 1 | |
| | I upgraded from 4.2.2 to 4.2.3 (Windows). After the upgrade, this message appears in the top of my browser: Miscon... by tasdienes Engager in Splunk Search 10-12-2011 0 6 | 0 | 6 | |
| | I want to use dedup to reduce occurrences of the same event like the following: %IP-4-DUPADDR: Duplicate address 1.1... by johnnybravo Explorer in Splunk Search 10-12-2011 2 4 | 2 | 4 | |
| | This is my search.... index=network source="/u01/noc/log/internetCisco.log" denied |top 100 src_ip | lookup geoip cl... by mcbradford Contributor in Splunk Search 10-12-2011 0 8 | 0 | 8 | |
| | I'm dealing with a stream of monitoring data with good and bad events, but no text to distinguish them apart. Good vs... by Jason Motivator in Splunk Search 10-11-2011 0 5 | 0 | 5 | |
| | I have spent some time reading through the UI examples App and have attempted to duplicate a basic drill down action ... by jerrad Path Finder in Splunk Search 10-11-2011 0 4 | 0 | 4 | |
| | This is my search... index=webproxy | regex user=".+a" | top 100 user | eval user_name=substr(user,1,5) I have a... by mcbradford Contributor in Splunk Search 10-11-2011 1 1 | 1 | 1 |
Get Started
Explore Essential Splunk Resources
Get Expert Help at Community Office Hours
Join the #search-help Slack channel
Get Expert Help at Community Office Hours
Join the #search-help Slack channel
Become An Expert
Claim a $25 Cisco Store Gift Card
Help us improve the Splunk Community and complete our survey today!
Top Labels
-
administration
3 -
alert action
3 -
alert condition
2 -
Analytics Workspace
2 -
authentication
1 -
chart
943 -
Classic dashboard
1 -
configuration
2 -
correlation search
1 -
count
1,002 -
Dashboard Studio
3 -
data
3 -
data model
1 -
development
6 -
distributed search
1 -
drilldown
1 -
email
1 -
eval
2,607 -
field extraction
2,015 -
fields
2,057 -
host
1 -
index
4 -
indexer
2 -
inputs.conf
1 -
intermediate forwarder
1 -
introduction
5 -
join
1,056 -
JSON
2 -
Linux
2 -
login
1 -
lookup
1,559 -
metadata
307 -
monitoring console
2 -
other
141 -
panel
2 -
PDF
1 -
Python
1 -
regex
1,497 -
report acceleration
2 -
rex
1,245 -
SAML
1 -
saved search
5 -
scheduled search
4 -
scripted input
1 -
search
2 -
search head
3 -
search job inspector
680 -
search peer
1 -
simple XML
1 -
source
1 -
sourcetype
4 -
Splunk Web Framework
1 -
splunk-assist
1 -
splunkd
1 -
stats
3,553 -
subsearch
1,718 -
summary indexing
4 -
table
1,747 -
time
1 -
timechart
1,156 -
transaction
451 -
transforms.conf
1 -
troubleshooting
8 -
tstats
565 -
universal forwarder
5 -
using Splunk Cloud
2 -
using Splunk Enterprise
13 -
Windows
3
- « Previous
- Next »
Get Updates on the Splunk Community!
Index This | Why did the turkey cross the road?
November 2025 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with this ...
Enter the Agentic Era with Splunk AI Assistant for SPL 1.4
🚀 Your data just got a serious AI upgrade — are you ready?
Say hello to the Agentic Era with the ...
Feel the Splunk Love: Real Stories from Real Customers
Hello Splunk Community,
What’s the best part of hearing how our customers use Splunk? Easy: the positive ...
