Splunk Search

Community Activity

How to display a trendline for distinct count of a field I want to add a trendline to this chart:index=my_index \| timechart dc(USER) as DISTINCT_USERSHow do I accomplish this... by jbrenner Path Finder in Splunk Search 04-07-2025 0 1	0	1
eval field is not working in where condition by shraddha09 Observer in Splunk Search 04-07-2025 0 7	0	7
Human Readable Indexed Logs Hi All, I would like to read Splunk indexed log/data using text editor tool (like Notepad, etc.). I understand Splunk... by Splunkduck09 Explorer in Splunk Search 04-06-2025 0 7	0	7
Results returned from subsearch / appendcolos inaccurate I have the following simplified version of the query where for each caller, I need all_calls (from sourcetype=x) and ... by osh55 Engager in Splunk Search 04-06-2025 0 5	0	5
difference between data model vs splunk dashboards Hi All, could you please clarify me what is the diff between data models and splunk dashboards? Thanks by okumar1 Engager in Splunk Search 04-06-2025 0 5	0	5
Need help to extract field from raw Please find the below attached screenshot and data sample i need to create 5 felids problem statement - old splunk qu... by bhaskar5428 Explorer in Splunk Search 04-04-2025 0 5	0	5
Combining multiple events from downloading external document into a reportable event This has been scratching my head. I'm working on dashboards on user activity on our application. Multiple dashboards ... by DarthHerm Explorer in Splunk Search 04-04-2025 0 6	0	6
Merging local into default using git? I would like to periodically merge stuff in /local into /default and then delete whatever is in /localI have a reposi... by dominiquevocat SplunkTrust in Splunk Search 04-04-2025 4 31	4	31
ISE Logging Hello,I wanted to filter Cisco ISE Logging Activities by authentication, authorization, and accounting.So far, I've b... by netmart New Member in Splunk Search 04-04-2025 0 4	0	4
Regular Expression HI , I want to extract purple part. But Severity can be Critical as well .[Time:29-08@17:52:05.880] [60569130] 17:52:... by Siddharthnegi Contributor in Splunk Search 04-04-2025 0 2	0	2
regular expression hello , i want to extract purple highlighted part.[Time:29-08@17:53:03.562] [60569219] 17:53:03.562 10.82.10.245 loca... by Siddharthnegi Contributor in Splunk Search 04-04-2025 0 2	0	2
What are your best patterns for handling stats by multiple groupby sets? I often run into a case where I find I need to take the same dataset and compute aggregate statistics on different gr... by w564432 Explorer in Splunk Search 04-03-2025 0 4	0	4
use stats instead Hi Community, can someone please help me by using stats instead of join for this search?\| rest /services/authenticati... by hank72 Path Finder in Splunk Search 04-03-2025 0 6	0	6
How to use append to work like Inner join I have two searches and I only want to find rows which has common MessageID . Currently it is returning extra row be... by Punnu Path Finder in Splunk Search 04-03-2025 0 5	0	5
Locate Changes to Field and Count Them Hello Splunk Community,I need to find out how many upgrades were performed to systems and unsure how to best proceed.... by enb_splunk Engager in Splunk Search 04-02-2025 0 3	0	3
Type of Fields command Hello all,I am trying to understand the type of fields command.Documentation says it is a "distributable streaming" w... by meshorer Path Finder in Splunk Search 04-02-2025 0 8	0	8
Get all events in a 1-minute time window around an error events I have a stream of logs from a system.To filter for errors, I can perform a search like so:index=project1 sourcetype=... by db2 Explorer in Splunk Search 04-02-2025 0 9	0	9
Find what is using a lookup table. I've got a question about lookup tables, and how to audit them.I have a rather large lookup table that's being recrea... by JJCO Engager in Splunk Search 04-02-2025 0 2	0	2
Splunk upgrade on AIX machine Hi,I'm fairly new to AIX and I have been tasked with upgrading our customers version of SPLUNK from 9.0.1 to 9.4.1, t... by dannyuk New Member in Splunk Search 04-02-2025 0 2	0	2
Count of requests processed by each API service per minute. Hi I am working on below query to get Count of requests processed by each API service per minuteindex=np source IN ("... by nithys Communicator in Splunk Search 04-02-2025 0 2	0	2
Search in lookup with subsearch- bug ? Hi, there,I'm simplifying the context:We've had a perfectly working correlation rule for several years now, and for t... by Treize Path Finder in Splunk Search 04-02-2025 0 14	0	14
Trying to download splunk logs using python script using bamboo when running my bamboo paln i am unable to generate splunk log json file this is log build 02-Apr-2025 11:57:27 /home... by Hemanth35 New Member in Splunk Search 04-02-2025 0 1	0	1
Search head error in Email action Hi Team, We have 2 search head cluster, and few reports scheduled with email action, reports running on one search he... by bhupalbobbadi Path Finder in Splunk Search 04-01-2025 0 1	0	1
How can i use my global_time token in an averaging search Maybe a dumb question but its been making me mad, maybe im overthinking it. I have a very simple search:index=poc cha... by tkwaller1 Path Finder in Splunk Search 04-01-2025 0 8	0	8
knowledge bundle Hi Base, what is the impact when the content of $Splunkhome$/var/run/searchpeers will be deleted? In an installation... by ndcl Path Finder in Splunk Search 04-01-2025 1 11	1	11