Splunk Search

Community Activity

CIM compliance process When mapping fields to the CIM in an indexer cluster can I use search time field extractions like IFX, tags and field... by Darkvader Explorer in Splunk Search 04-07-2026 0 6	0	6
Displaying Changes in Smartcard-based authentication for Active Directory I know this has always been kind of a sore subject due to the use of the userAccountControl property flags being in s... by LexSplunker Engager in Splunk Search 04-07-2026 0 2	0	2
pars out dynamic number of request and response from a field Capture in a field from log message and it is in below format : [{"request":"ID1","statusCode":"200"},{"request":"ID2... by manas Explorer in Splunk Search 04-07-2026 0 4	0	4
Include CSV Report in Splunk Search Job API Results for Ticketing Integration Hi,I’ve set up an alert in Splunk that triggers whenever there are log gaps (missing logs) from hosts, based on the R... by cipher Explorer in Splunk Search 03-23-2026 0 1	0	1
Saved Search Creation Time I'm trying to figure out when some of my correlation searches was created ?i tried it with rest, but only getting upd... by MJ_27 New Member in Splunk Search 03-23-2026 0 3	0	3
federated search from on-prem to cloud i need help in setting up federated search , the requirement is that i want to run some splunk search from dbconnect ... by imsidrai Explorer in Splunk Search 03-22-2026 0 3	0	3
search past escaped characters for an alert I'm trying to create an alert based on a field as shown below, I want to search for the EDC5133I text. However the TE... by mcaulsc Path Finder in Splunk Search 03-18-2026 0 6	0	6
How to get an extract of threshold values set in splunk ITSI Team , how to get an extract of threshold values set in Splunk ITSI. Kindly suggest. by ManjunathNargun New Member in Splunk Search 03-18-2026 0 0	0	0
How do I fix this Search lag error? Hi team, There is following errors with my Splunk healtch check. "The number of extremely lagged searches (1) over th... by tpchi New Member in Splunk Search 03-16-2026 0 7	0	7
Dedup different types of events by different fields If I look at this long enough, I'm sure I'll eventually figure it out, but that could be a whole month at my current ... by dtaylor Path Finder in Splunk Search 03-14-2026 0 3	0	3
Trying to extract a string from a delimited token value in a dashboard to be used in a field search I have a dropdown input type in a dashboard that has a token aligned with it (we'll call it $dropdown_value$); the va... by beetlegeuse Path Finder in Splunk Search 03-11-2026 0 2	0	2
Help with regex needed in Splunk "resource_id": "/subscriptions/850686fe-9b2b-48ab-81a6-80600a0ca5z1/resourceGroups/vg-weu-ltaprod-rg/providers/Micros... by RSS_STT Explorer in Splunk Search 03-11-2026 0 5	0	5
Upload large file Hi, How does one upload files larger than 500mb? I get an error "File too large. The file selected is 996Mb. Maximum... by mwdbhyat Builder in Splunk Search 03-08-2026 0 17	0	17
rex help - extracting string between quotes I have a LogStash feed coming in, with events containing a string following this example;"message":"Transfer end logg... by rob_gibson Path Finder in Splunk Search 03-08-2026 0 8	0	8
Is datamodel command as fast as tstats command on accelerated data models? Hi,I've gone through Splunk documentation but still struggle to find an official answer to my question.Given an accel... by wp-uk-36 Explorer in Splunk Search 03-08-2026 0 2	0	2
Splunk ID I am trying to sign up for the Splunk Core User cert. Where do I find my Splunk ID by Jayhawker1610 New Member in Splunk Search 03-05-2026 0 1	0	1
sendemail command - naming convention - attachment Hello everyone, I would like to ask you for an assistance if possible. Is there a way how to rename an attachment whe... by Kopcisko Engager in Splunk Search 03-04-2026 0 1	0	1
How to find which indexes are used? I have a simple question how can I check that in which of the apps a particular index has been used. by Siddharthnegi Contributor in Splunk Search 03-03-2026 0 6	0	6
What could be the reason why I can't modify the alert search section? Hello Guys,When I click the edit button for the alerts, the "search" input box is grey as showed below, I cannot modi... by Iris_Pi Path Finder in Splunk Search 03-02-2026 0 2	0	2
Splunk rex command Hi Team,Can someone Kindly help with a rex pattern for the below splunk log.Attached a sample splunk log and rx patte... by JohnsonMarcus Engager in Splunk Search 02-24-2026 0 1	0	1
Search formatting in Splunk 6.5.0 for easier readability I saw a feature in Splunk 6.5.0 where you can press a single button in the search bar and it will autoformat the quer... by markdflip Path Finder in Splunk Search 02-24-2026 7 19	7	19
Earliest... Latest at 23:59:59 skipped! Hello.I found out that running a search to find events from 00:00:00 to 23:59:59, when i want H24 all events, using l... by verbal_666 Builder in Splunk Search 02-22-2026 0 6	0	6
Getting concurrent connections from transactions index=myindex "event=login" OR "event=logout" \| transaction username startswith="event=login" endswith="event=logout... by bekirk Explorer in Splunk Search 02-21-2026 0 5	0	5
Ingest processor problem Hello,How can I use the ingest processor to obtain the actual ingest without that information reaching the cloud?My d... by acs12 Engager in Splunk Search 02-20-2026 0 5	0	5
How does foreach + rename impact performance? I'm really confused about performance related to use of foreach + rename. I have a macro that renames potential name ... by yuanliu SplunkTrust in Splunk Search 02-19-2026 0 2	0	2