Splunk Search

Community Activity

Splunk Search to identify users searching back 30 days or more I am trying to create a search that shows me all users that are searching back 30 days or longer in Splunk.For exampl... by scout29 Path Finder in Splunk Search 02-21-2025 0 4	0	4
How to convert epoch time to human readable format in search query? Could someone please help me convert epoch time to human readable time? "time":1407361408100 this is what i'm tryin... by ziyod2005 Explorer in Splunk Search 02-21-2025 3 23	3	23
Searching across multiple host combinations Our team looks after 7 applications, we have 5 environments and each application sits on between 2 and 4 servers, dep... by larrydavid New Member in Splunk Search 02-20-2025 0 2	0	2
How to create a single table with results from two different queries Hi everyone.I'm sorry if this seems like a questions that's already been asked, but none of the answers I could find ... by pedropiin Path Finder in Splunk Search 02-20-2025 0 2	0	2
Splunk Visualization displaying the same color for both columns I am using the following query to display a result on a dashboard (query with sample data which resembles the data I ... by TallBear Engager in Splunk Search 02-20-2025 0 5	0	5
Saved Searches Hello all,Actually i have been using rest command \| rest /servicesNS/-/MYAPP/saved/searches \| table titleto call my s... by siva_kumar0147 Explorer in Splunk Search 02-20-2025 0 2	0	2
How to create a field on the fly using CASE I have the following values that will go in a field titled StatusMsg:"Task threw an uncaught and unrecoverable except... by NanSplk01 Communicator in Splunk Search 02-19-2025 0 11	0	11
Could not determine $SPLUNK_HOME, perhaps it should be set in environment. I keep getting the message Couldn't determine $SPLUNK_HOME, perhaps it should be set in environment when I try to... by Dimitri_McKay Splunk Employee in Splunk Search 02-19-2025 3 4	3	4
Using regex to extract data I am looking to extract this section of an event and have it as a field that I am able to manipulate with. I am unfam... by jialiu907 Path Finder in Splunk Search 02-19-2025 0 4	0	4
Using the map command with a subsearch not working Hello all, new poster here. I have a csv file with a column full of Splunk queries. I am trying to enrich my Splunk i... by phant0m Observer in Splunk Search 02-19-2025 0 2	0	2
REGEX problem Please help me in extracting only compression values from this raw event - "response_time_last_byte":5,"compression_p... by splunklearner Communicator in Splunk Search 02-18-2025 0 1	0	1
Search For max value in Stats within Multiple Search outputs Hello,I have this search query index=app iNumber IN (72061271737983, 72061271737983, 72061274477906, 7206127721516... by rbhatta99 Engager in Splunk Search 02-18-2025 0 1	0	1
JSON extraction needed Hi. I have below raw event/s.Highlighted Syntax:{ [-] body: {"isolation": "isolation","device_classification": "Net... by mbasharat Builder in Splunk Search 02-18-2025 0 2	0	2
Remove specific string from event at index time I am trying to remove specific strings and their values from Splunk events at index time as they are not needed in th... by benUnicoSplunk New Member in Splunk Search 02-18-2025 0 7	0	7
Not seeing anything returned when using Sum with an eval IF statement Hello,Thanks in advance for any help and Karma will be on the way :).So I'm trying to create a Table that uses a "Sum... by tdavison76 Path Finder in Splunk Search 02-18-2025 0 6	0	6
Get first value of a field after filtering its row out Hi everyone.I'm really new to Splunk, so I'm confused with what seems to be a simple problem. I'm using "where row_nu... by pedropiin Path Finder in Splunk Search 02-18-2025 0 2	0	2
How to "chain" filters and count and optimize query Hi everyoneI just started working with Splunk and I have a query in which one of the steps is to count the number of ... by pedropiin Path Finder in Splunk Search 02-17-2025 0 5	0	5
How to show only events that are not Closed Hello,I really appreciate any help on this one, I can't figure it out. I am using the following to show only the "Cr... by tdavison76 Path Finder in Splunk Search 02-17-2025 0 10	0	10
How can I graph the string/human-readable value of duration? I am able to graph the duration calculation while it is in seconds, but I want to display the human-readable string v... by smoir_splunk Splunk Employee in Splunk Search 02-17-2025 0 7	0	7
Alert is triggered while condition "if number of events is greater than 0" not met I made a savedsearch with a simple search in it. As a condition I selected "if number of events""is greater than"with... by rrovers Contributor in Splunk Search 02-16-2025 0 2	0	2
Match a column from a main query with a column in a subquery Hi Experts,The file ACF2DS_Data.csv contains columns including TIMESTAMP, DS_NAME, and JOBNAME.I need to match the DS... by ravikumar_sri20 Engager in Splunk Search 02-16-2025 0 6	0	6
Filter MV field for specified value I've been smashing my head against this issue for the past few hours. I need to check a multivalue field to see if it... by dtaylor Path Finder in Splunk Search 02-16-2025 0 7	0	7
Can not search by sourcetype while events are there Hello Team,9.4.0, thsooting prod, replicated the issue in staging, i have 1 indexer only. Performing all searches on ... by MichalG1 Path Finder in Splunk Search 02-16-2025 0 1	0	1
LDAP Search with REGEX to table out members of specific groups Trying to build a search that will leverage ldapsearch to pull a current list of users that are members of a specific... by silversides Loves-to-Learn in Splunk Search 02-15-2025 0 7	0	7
Apply the same query to multiple days given day interval Hi everyone.I have a query that calculates a number of metrics, such as average, max value, etc, for a specific date,... by pedropiin Path Finder in Splunk Search 02-15-2025 0 4	0	4