Splunk Search

Community Activity

	JSON extraction needed Hi. I have below raw event/s.Highlighted Syntax:{ [-] body: {"isolation": "isolation","device_classification": "Net... by mbasharat Builder in Splunk Search 02-18-2025 0 2	0	2
	Remove specific string from event at index time I am trying to remove specific strings and their values from Splunk events at index time as they are not needed in th... by benUnicoSplunk New Member in Splunk Search 02-18-2025 0 7	0	7
	Not seeing anything returned when using Sum with an eval IF statement Hello,Thanks in advance for any help and Karma will be on the way :).So I'm trying to create a Table that uses a "Sum... by tdavison76 Path Finder in Splunk Search 02-18-2025 0 6	0	6
	Get first value of a field after filtering its row out Hi everyone.I'm really new to Splunk, so I'm confused with what seems to be a simple problem. I'm using "where row_nu... by pedropiin Path Finder in Splunk Search 02-18-2025 0 2	0	2
	How to "chain" filters and count and optimize query Hi everyoneI just started working with Splunk and I have a query in which one of the steps is to count the number of ... by pedropiin Path Finder in Splunk Search 02-17-2025 0 5	0	5
	How to show only events that are not Closed Hello,I really appreciate any help on this one, I can't figure it out. I am using the following to show only the "Cr... by tdavison76 Path Finder in Splunk Search 02-17-2025 0 10	0	10
	How can I graph the string/human-readable value of duration? I am able to graph the duration calculation while it is in seconds, but I want to display the human-readable string v... by smoir_splunk Splunk Employee in Splunk Search 02-17-2025 0 7	0	7
	Alert is triggered while condition "if number of events is greater than 0" not met I made a savedsearch with a simple search in it. As a condition I selected "if number of events""is greater than"with... by rrovers Contributor in Splunk Search 02-16-2025 0 2	0	2
	Match a column from a main query with a column in a subquery Hi Experts,The file ACF2DS_Data.csv contains columns including TIMESTAMP, DS_NAME, and JOBNAME.I need to match the DS... by ravikumar_sri20 Engager in Splunk Search 02-16-2025 0 6	0	6
	Filter MV field for specified value I've been smashing my head against this issue for the past few hours. I need to check a multivalue field to see if it... by dtaylor Path Finder in Splunk Search 02-16-2025 0 7	0	7
	Can not search by sourcetype while events are there Hello Team,9.4.0, thsooting prod, replicated the issue in staging, i have 1 indexer only. Performing all searches on ... by MichalG1 Path Finder in Splunk Search 02-16-2025 0 1	0	1
	LDAP Search with REGEX to table out members of specific groups Trying to build a search that will leverage ldapsearch to pull a current list of users that are members of a specific... by silversides Loves-to-Learn in Splunk Search 02-15-2025 0 7	0	7
	Apply the same query to multiple days given day interval Hi everyone.I have a query that calculates a number of metrics, such as average, max value, etc, for a specific date,... by pedropiin Path Finder in Splunk Search 02-15-2025 0 4	0	4
	How to filter out first instance of a query Hi everyone.I'm doing a query in which I sort it by time according to a variable and then calculate some metrics over... by pedropiin Path Finder in Splunk Search 02-14-2025 0 1	0	1
	Splunk lookup failing, even on itself Running a lookup where I have verified the fields exist and match and its not returning an output field. So, I verifi... by eandres Explorer in Splunk Search 02-13-2025 0 3	0	3
	Need help with SPL for windows logins Hello,I have the below SPL where I am looking to fetch the user accounts that have not logged in for 30 days or more ... by Roy_9 Motivator in Splunk Search 02-13-2025 0 3	0	3
	LIst all universal forwarder hosts sending to an index but limit the host count to 5 HelloI'm looking to modify this search I've found and using. I like the result set but would like to limit the host c... by davidaj Explorer in Splunk Search 02-13-2025 0 4	0	4
	How to get dashboard not accessed by anyone in splunk I am want to get the list of dashboard which is not used by anyone for more than 90 days. i have tired to use the bel... by harishsplunk7 Explorer in Splunk Search 02-13-2025 0 3	0	3
	what is large What is the definition of large? Is it measured in total bytes? Number of records? And in either case how much? by splunkermack New Member in Splunk Search 02-12-2025 0 2	0	2
	Need help with a search with join, append or appendcols Hello, I need help with a search query, that at first seem easy but suprising difficult to execute. I have a money tr... by tungpx Explorer in Splunk Search 02-12-2025 0 6	0	6
	Is splunklib api code portable to splunk-sdk How much syntax has changed from splunklib (which ran on Python 2.x) to splunk-sdk (which runs on Python 3.x)? Just s... by DavidGuarneri Path Finder in Splunk Search 02-12-2025 0 1	0	1
	Using the xpath command with namespace declarations (xmlns='mynamespace') Splunk's xpath documentation does not show any examples on how to use the xpath command if the XML contains namespace... by yeahnah Motivator in Splunk Search 02-12-2025 0 2	0	2
	Python splunk-sdk vs Python requests library Is there any particular reason for using Python splunk-sdk over standard restful API libraries or tools (such as Pyth... by DavidGuarneri Path Finder in Splunk Search 02-12-2025 0 1	0	1
	Can't format table with stats to exclude unwanted matches Good day, I'm hoping someone smarter than me can help me figure this out. In the search below, I'm trying to correlat... by dtaylor Path Finder in Splunk Search 02-12-2025 0 9	0	9
	Query for sender, recipient(s) and sender's IP Hello,Below is a sample for a single message from Proofpoint log. It looks simple, but I am struggling to write a que... by SplunkUser001 Explorer in Splunk Search 02-11-2025 0 5	0	5