Splunk Search

Community Activity

	How to Improve a search with Join or suggest alternate way Hello,I'm trying to join based on a common field using a similar query like below, however, the in the result i only ... by RamMur Explorer in Splunk Search 03-14-2025 0 4	0	4
	Odd Behavior using tstats with a datamodel Splunk: 8.0.3 (I know its old we're working on approvals to upgrade)We’re receiving behavior I have never encountered... by ccWildcard Explorer in Splunk Search 03-14-2025 0 2	0	2
	splunk forwarder not detecting Hello everyone,I have set up my Splunk server[with receiving port 9997 is enabled] and Splunk forwarder to monitor my... by okumar1 Engager in Splunk Search 03-14-2025 0 8	0	8
	Multivalue Field Formatting Issue in Lookup Export Hi Team,I have a multivalue field in one of the user fields, along with other fields. However, when exporting the dat... by Varun18 Loves-to-Learn in Splunk Search 03-13-2025 0 6	0	6
	capture error 4xx/5xx HiUsing below query to capture 4xx,5xx error ,but getting as no result found index=* source IN ("/aws/lambda/*") ... by nithys Communicator in Splunk Search 03-13-2025 0 2	0	2
	How to use 2 events and calculate in SPL So I have in the past used a report which finds a string and then calculates the size left and it came as 1 whole eve... by LizAndy123 Path Finder in Splunk Search 03-13-2025 0 3	0	3
	change time on date field Hello,I have 2 columns, one with date and other with the day of weekbased on day of week whenever is Saturday or Sund... by _Mauro_Costa_ Explorer in Splunk Search 03-13-2025 0 1	0	1
	Unexpected behavior of searchmatch function We use Enterprise Splunk Version: 9.1.6I have noticed a strange behavior of searchmatch() function. \| makeresults \| ... by pm771 Communicator in Splunk Search 03-12-2025 0 5	0	5
	How to get compare latest values across an index with a lookup and display the latest? Hi All, looking for some advice as in how to take the latest values from 2 datasets . We have a base search that pul... by hummingbird81 Explorer in Splunk Search 03-12-2025 0 5	0	5
	Indexer I want to get total memory allocated on 1 indexer and how much memory it is using. so that i could get remaining disk... by SN1 Path Finder in Splunk Search 03-12-2025 0 8	0	8
	Total Memory Hello i run df -h on indexer and i gotnow i want the total , available and used space but using SPL how can i achieve... by SN1 Path Finder in Splunk Search 03-12-2025 0 6	0	6
	comparing scores I am trying to find a way to compare the results listed in a table to each other. Basically the table lists the resul... by dolj Explorer in Splunk Search 03-12-2025 0 3	0	3
	Searches returning unexpected results I am fairly new to Splunk. I am testing out different search queries and getting inconsistent results. In this examp... by tchamp Explorer in Splunk Search 03-11-2025 0 3	0	3
	Help with search query using multiple tokens and filters HI, im trying to create filter for network connections. But i cannot make work few tokens in the same time.I want to ... by ekmek4 Explorer in Splunk Search 03-11-2025 0 4	0	4
	Why Am I Seeing Events In The Future And How Do I Stop It Hi Guys, I hope someone can help me out or give me a pointer here. When I run my searches I always get events in the... by OgoNARA Explorer in Splunk Search 03-11-2025 0 4	0	4
	Combining Searches I am trying to figure out the best way to perform this search. I have some json log/events where the event data is sl... by tchamp Explorer in Splunk Search 03-11-2025 0 5	0	5
	Equivalent timechart correlation query without subsearch Can someone help create an equivalent query to the following, without using subsearch? There are probably too many re... by dzhangw7 New Member in Splunk Search 03-11-2025 0 2	0	2
	sum(count) returning 0 events Hi everyone.I have a query that basically filters certain events and sums them by category. But I'm facing issues whe... by pedropiin Path Finder in Splunk Search 03-10-2025 0 4	0	4
	Dedup removing all elements Hello everyone. I'm dealing with a query that deals with certain "tickets" and "events", but some of them are duplica... by pedropiin Path Finder in Splunk Search 03-10-2025 0 2	0	2
	Append number by value to results Hi SplunkersI'm looking for a way to append a column with an ID based on the value of another field.Base search gives... by dataisbeautiful Communicator in Splunk Search 03-10-2025 0 9	0	9
	how to remove few content from splunk output Hi All,I have a splunk query giving results in this format:Time ... by avi123 Explorer in Splunk Search 03-10-2025 0 2	0	2
	Logging Requirement CTO 24-003 Is there anyone familiar with any guidance on fulfilling the logging requirements for CTO 24-003 with splunk queries ... by Aghansah New Member in Splunk Search 03-10-2025 0 2	0	2
	Different search results in search and dashboard Hello everyone!I came across a strange behavior.I was building a dashboard and noticed that some results look unexpec... by NoSpaces Contributor in Splunk Search 03-10-2025 0 3	0	3
	Splunk Query to extract id's from a event and display the ID's Below is the search and I need to extract the ID's shown in the below event and there are also many other ID's. Pleas... by Vin Engager in Splunk Search 03-09-2025 0 4	0	4
	Pie Chart is not showing smaller values Hi , I have a CSV file, whose visualization I want to see in the form of Pie-Chart. But on display, one of the parame... by harshal_chakran Builder in Splunk Search 03-08-2025 0 7	0	7