Splunk Search

Community Activity

Add Line Breaks with Eval This might be a silly question, but has anyone figured out how to add line breaks to text that has been evaluated wit... by gcoles Communicator in Splunk Search 03-24-2025 11 16	11	16
How to extract value with dynamic key name Hi Experts,I have the following data. {<!-- -->"TIMESTAMP": 1742677200,"SYSINFO": "{\"number_of_notconnect_interfaces\":0,\"h... by shimada-k Explorer in Splunk Search 03-24-2025 0 6	0	6
Getting totals of child processes at the parent I have an index with a list of transactions, the transactions in the system start as 1 process with a transaction num... by kiwiglen Observer in Splunk Search 03-23-2025 0 11	0	11
custom Dropdrown with "ALL' Hi I have dashboard with Data Entity drop down ,i want to add a drop drown "ALL" ,if i select ALL and hit submit butt... by nithys Communicator in Splunk Search 03-23-2025 0 3	0	3
Cluster Map - Show Country Border Hi Splunkers, I would like to display a count divided by several locations on a map. On the map, I would like only th... by molla Explorer in Splunk Search 03-23-2025 0 2	0	2
Base search not returning results Hello folks,I trying to use a base search within a dashboard but it consistently returns no results. However, when I ... by b17gunnr Path Finder in Splunk Search 03-21-2025 0 6	0	6
How to display an input only for a specific tab in your dashboard ? Hello guys,I have a dashboard with two tabs. I've added a dropdown input and I'm going to add more inputs. But I wan... by Ombessam Path Finder in Splunk Search 03-21-2025 0 3	0	3
Online, interactive regular expression tester for Splunk regular expressions? I am using the Interactive field extractor to try and extract certain fields. However, regular expressions are tricky... by stefanlasiewski Contributor in Splunk Search 03-20-2025 1 7	1	7
need difference from multivalue table column i have a list of hostnames being generated from left join for different application in multivalue table columnAPP1hos... by secure Path Finder in Splunk Search 03-20-2025 0 7	0	7
Splunk Observability Cloud - Kubernetes Monitoring - CPU Limit I am using Splunk Observability Cloud for Kubernetes monitoring and trying to retrieve data for container CPU limits ... by parumugam Observer in Splunk Search 03-20-2025 0 1	0	1
Search & compare value for each search result to value in CSV (inputlookup or lookup) Hi,I have a query that goes something like this:index=myindex \| eval urgency="medium", account_name='awsMetadata.acco... by majlo333 Observer in Splunk Search 03-20-2025 0 1	0	1
Using a timechart click.value as the midpoint of another panel's earliest and latest So, have a timechart with multiple streams.Call them X, Y, and Z.Run the panel for a 4h timeframe.I want to click a p... by Braagi Explorer in Splunk Search 03-20-2025 0 2	0	2
Date Conversion Hi SMEs;I'd like to convert the following date format into epoch: yyyymmdd. E.g 20220508.Any assistance would be app... by mrdeterville Explorer in Splunk Search 03-19-2025 0 1	0	1
Replace in SPL2 not working like SPL Hi,I am having trouble getting replace to work correctly in Ingest Processor and have this example.In SPL I can run t... by KeithH Communicator in Splunk Search 03-19-2025 0 6	0	6
Run lookup before streaming command (anomaly) Hello Team,I need to run anomaly command on the top of results returned by the lookup.My lookup is geo: enriching my ... by MichalG1 Path Finder in Splunk Search 03-19-2025 0 4	0	4
Search auto-cancelled Hi All,I have following Query index=wineventlog\|eval _time = strftime(_time,"%Y-%m-%d %H:%M:%S") \|eval device_name = ... by hema_5757 Observer in Splunk Search 03-19-2025 0 4	0	4
Display all results if text field is * , or partials results based on any part of phone number entered I'm trying to have the dashboard return all results if the text field is * or return all phone numbers with a partial... by JohnD-Splunker Engager in Splunk Search 03-19-2025 0 4	0	4
Data Exfiltration via E-Mail Hey everyone,I am currently trying to write a search that monitors outgoing E-Mail traffic. The goal is to see if bus... by Skinny Engager in Splunk Search 03-19-2025 0 3	0	3
Get values Time range I have a survey that has a date field deletion_date. How can I filter this field by theTime range? sourcetype=access... by Jailson Explorer in Splunk Search 03-19-2025 0 6	0	6
How to display 2 fields from different sources into a table? Hi all,I have the following query:index=wineventlog source=wineventlog:security EventCode=4688 [search index=winevent... by charlottelimcl Explorer in Splunk Search 03-19-2025 0 9	0	9
How to replicate a kvstore from a Splunk HF to the SHC? I am reviewing a previously created lookup that is based on a KV-store collection.There is a custom script (contained... by Glasses2 Communicator in Splunk Search 03-18-2025 0 4	0	4
How can I hide '_time' field from report table? by wanda619 Path Finder in Splunk Search 03-18-2025 0 7	0	7
How to create bins of values surround a single event Good day, I'm trying to think of how I can write a search to find a specific event and then take all the events surro... by dtaylor Path Finder in Splunk Search 03-18-2025 0 4	0	4
max values from two weeks using timechart Hello Everyone,i have a dataset where I'm generating a column of number of servers per day. using a timechart comman... by secure Path Finder in Splunk Search 03-18-2025 0 2	0	2
Mvexpand Hello I have this search\| inputlookup defender_onboard.csv\| fillnull value=NA\| search Region="**" 4LetCode=""\| sear... by SN1 Path Finder in Splunk Search 03-18-2025 0 2	0	2