Splunk Search

Community Activity

I have a need to count the number of events ingested for 2024. I would like to get a count of events of all data ingested for 2024. I have hundreds of indexes and all data over 90... by paulcurry Path Finder in Splunk Search 02-26-2025 0 2	0	2
Host override with event data Hello,I have logs coming in with the host showing as the UF. I want to replace the host value with some event data.H... by boknows Explorer in Splunk Search 02-26-2025 0 9	0	9
Where can I download Universal Forwarder Package for Windows ARM Hello,I am looking to download Forwarder package windows ARM for Surface 7 laptops and not finding the link, please ... by Roy_9 Motivator in Splunk Search 02-26-2025 0 1	0	1
Extract multivalue field using transforms mv_add=true not working as expected Hi, I am having hard time extracting multi value fields present in an event using transforms mv_add=true, it seems t... by ak9092 Path Finder in Splunk Search 02-26-2025 0 5	0	5
Proper Rex expression help I need help building a proper rex expression to extract the bold text from the following raw data{"bootcount":8,"devi... by nkavouris Path Finder in Splunk Search 02-25-2025 0 6	0	6
display field value in a statement i have a field coming after a calculation like a percentage field the request from user is to display in text format... by secure Path Finder in Splunk Search 02-25-2025 0 1	0	1
Splunk mvexpand results truncated Hi, I have this Splunk SPL: index=EventViewer source="WinEventLog:Application" SourceName=sample \| table host Name, ... by Singh10 Explorer in Splunk Search 02-25-2025 0 4	0	4
Rex expression built with field extractor not working? I have a reliable base query to find events containing the information I want.I built a rex using the field extractor... by nkavouris Path Finder in Splunk Search 02-24-2025 0 2	0	2
Issue with printmon query not showing the proper results for "total_pages" ALCON,Hello, I am having issues with printmon query results not showing the proper results for "total_pages". The pa... by Johnsonbc Explorer in Splunk Search 02-24-2025 0 3	0	3
compare data in two columns Hi i have data from two columns and using a third column to display the matches\| makeresults\| eval GroupA = 353649273... by secure Path Finder in Splunk Search 02-23-2025 0 3	0	3
Questions on query to get all alerts which are configured in Splunk , 1 , 0 , and Blanks in the fields So jumping into this search questionhttps://community.splunk.com/t5/Alerting/How-can-I-query-to-get-all-alerts-which... by Cheng2Ready Communicator in Splunk Search 02-21-2025 0 1	0	1
Splunk Search to identify users searching back 30 days or more I am trying to create a search that shows me all users that are searching back 30 days or longer in Splunk.For exampl... by scout29 Path Finder in Splunk Search 02-21-2025 0 4	0	4
How to convert epoch time to human readable format in search query? Could someone please help me convert epoch time to human readable time? "time":1407361408100 this is what i'm tryin... by ziyod2005 Explorer in Splunk Search 02-21-2025 3 23	3	23
Searching across multiple host combinations Our team looks after 7 applications, we have 5 environments and each application sits on between 2 and 4 servers, dep... by larrydavid New Member in Splunk Search 02-20-2025 0 2	0	2
How to create a single table with results from two different queries Hi everyone.I'm sorry if this seems like a questions that's already been asked, but none of the answers I could find ... by pedropiin Path Finder in Splunk Search 02-20-2025 0 2	0	2
Splunk Visualization displaying the same color for both columns I am using the following query to display a result on a dashboard (query with sample data which resembles the data I ... by TallBear Engager in Splunk Search 02-20-2025 0 5	0	5
Saved Searches Hello all,Actually i have been using rest command \| rest /servicesNS/-/MYAPP/saved/searches \| table titleto call my s... by siva_kumar0147 Explorer in Splunk Search 02-20-2025 0 2	0	2
How to create a field on the fly using CASE I have the following values that will go in a field titled StatusMsg:"Task threw an uncaught and unrecoverable except... by NanSplk01 Communicator in Splunk Search 02-19-2025 0 11	0	11
Could not determine $SPLUNK_HOME, perhaps it should be set in environment. I keep getting the message Couldn't determine $SPLUNK_HOME, perhaps it should be set in environment when I try to... by Dimitri_McKay Splunk Employee in Splunk Search 02-19-2025 3 4	3	4
Using regex to extract data I am looking to extract this section of an event and have it as a field that I am able to manipulate with. I am unfam... by jialiu907 Path Finder in Splunk Search 02-19-2025 0 4	0	4
Using the map command with a subsearch not working Hello all, new poster here. I have a csv file with a column full of Splunk queries. I am trying to enrich my Splunk i... by phant0m Observer in Splunk Search 02-19-2025 0 2	0	2
REGEX problem Please help me in extracting only compression values from this raw event - "response_time_last_byte":5,"compression_p... by splunklearner Communicator in Splunk Search 02-18-2025 0 1	0	1
Search For max value in Stats within Multiple Search outputs Hello,I have this search query index=app iNumber IN (72061271737983, 72061271737983, 72061274477906, 7206127721516... by rbhatta99 Engager in Splunk Search 02-18-2025 0 1	0	1
JSON extraction needed Hi. I have below raw event/s.Highlighted Syntax:{ [-] body: {"isolation": "isolation","device_classification": "Net... by mbasharat Builder in Splunk Search 02-18-2025 0 2	0	2
Remove specific string from event at index time I am trying to remove specific strings and their values from Splunk events at index time as they are not needed in th... by benUnicoSplunk New Member in Splunk Search 02-18-2025 0 7	0	7