Splunk Search

Community Activity

	How to extract hour from timestamp in format "YYYY-mm-ddTHH:MM:SS.3NZ"? Hi everyone. I suppose this is a very simple question, but I'm new to Splunk and I've tried everything that I have kn... by pedropiin Path Finder in Splunk Search 02-28-2025 0 4	0	4
	Error Hello i am seeing this errorMSE-SVSPLUNKI01] restricting search to internal indexes only (reason: [DISABLED_DUE_TO_GR... by SN1 Path Finder in Splunk Search 02-28-2025 0 3	0	3
	Why don't I see my three Splunk servers via the rest call? I'm running the following command -\| rest /services/server/sysinfoAnd it shows the indexer and the search head but no... by danielbb Motivator in Splunk Search 02-28-2025 0 4	0	4
	Append lookup to results with where clause Hi allI am trying to append data to results based on a file.Example temperature and pressure are stored at 1 sample p... by dataisbeautiful Communicator in Splunk Search 02-28-2025 0 3	0	3
	Extract json fields How do I extract these name/value elements from the "DeviceProperties" field below? Need it to be in table format suc... by shaunm001 Path Finder in Splunk Search 02-27-2025 0 3	0	3
	How to convert rows to columns I have this result I whant convert in this transpose command does not work the stats command may work, but I don't... by sugername Explorer in Splunk Search 02-27-2025 0 5	0	5
	transforms.conf and props.conf my event and inputs.confsourcetype = rsa:syslogfeb 01 10:24:12 myhostname 2025-02-01 10:24:12,999, myhostname, audit.... by jtran9373 Explorer in Splunk Search 02-27-2025 0 7	0	7
	Best Practices for Finding Data Across All Splunk Logs and Indexes Hello,As a SOC analyst, what are the best practices for writing SPL queries to quickly find specific data (such as an... by Ben Explorer in Splunk Search 02-27-2025 0 2	0	2
	Token Help on Alerts after search So I had help before that after a search I could send a report on a schedule and send a token to a mattermost channel... by LizAndy123 Path Finder in Splunk Search 02-27-2025 0 2	0	2
	Modulus in Splunk is faulty in my occasion Hi fellow splunkers,recently i deployed WinPrintMon inputs to our printserver, to check driver versions and found out... by TheEggi98 Path Finder in Splunk Search 02-26-2025 0 2	0	2
	Searching for text in a field using a wild card I have a field message in _raw that looks something like this:"message":"test::hardware_controller: Unit state update... by nkavouris Path Finder in Splunk Search 02-26-2025 0 12	0	12
	Excluding holidays and weekends for Alert I have a Holiday.csv file that imports dates for specific holiday dates.example:2024-04-012026-12-292028-06-26I am wo... by Cheng2Ready Communicator in Splunk Search 02-26-2025 0 11	0	11
	How to send field as Token in Alerts So I have my Query working and I have a webhook created in a ChannelIt says that I can send Tokens when I send the Al... by LizAndy123 Path Finder in Splunk Search 02-26-2025 0 3	0	3
	I have a need to count the number of events ingested for 2024. I would like to get a count of events of all data ingested for 2024. I have hundreds of indexes and all data over 90... by paulcurry Path Finder in Splunk Search 02-26-2025 0 2	0	2
	Host override with event data Hello,I have logs coming in with the host showing as the UF. I want to replace the host value with some event data.H... by boknows Explorer in Splunk Search 02-26-2025 0 9	0	9
	Where can I download Universal Forwarder Package for Windows ARM Hello,I am looking to download Forwarder package windows ARM for Surface 7 laptops and not finding the link, please ... by Roy_9 Motivator in Splunk Search 02-26-2025 0 1	0	1
	Extract multivalue field using transforms mv_add=true not working as expected Hi, I am having hard time extracting multi value fields present in an event using transforms mv_add=true, it seems t... by ak9092 Path Finder in Splunk Search 02-26-2025 0 5	0	5
	Proper Rex expression help I need help building a proper rex expression to extract the bold text from the following raw data{"bootcount":8,"devi... by nkavouris Path Finder in Splunk Search 02-25-2025 0 6	0	6
	display field value in a statement i have a field coming after a calculation like a percentage field the request from user is to display in text format... by secure Path Finder in Splunk Search 02-25-2025 0 1	0	1
	Splunk mvexpand results truncated Hi, I have this Splunk SPL: index=EventViewer source="WinEventLog:Application" SourceName=sample \| table host Name, ... by Singh10 Explorer in Splunk Search 02-25-2025 0 4	0	4
	Rex expression built with field extractor not working? I have a reliable base query to find events containing the information I want.I built a rex using the field extractor... by nkavouris Path Finder in Splunk Search 02-24-2025 0 2	0	2
	Issue with printmon query not showing the proper results for "total_pages" ALCON,Hello, I am having issues with printmon query results not showing the proper results for "total_pages". The pa... by Johnsonbc Explorer in Splunk Search 02-24-2025 0 3	0	3
	compare data in two columns Hi i have data from two columns and using a third column to display the matches\| makeresults\| eval GroupA = 353649273... by secure Path Finder in Splunk Search 02-23-2025 0 3	0	3
	Questions on query to get all alerts which are configured in Splunk , 1 , 0 , and Blanks in the fields So jumping into this search questionhttps://community.splunk.com/t5/Alerting/How-can-I-query-to-get-all-alerts-which... by Cheng2Ready Communicator in Splunk Search 02-21-2025 0 1	0	1
	Splunk Search to identify users searching back 30 days or more I am trying to create a search that shows me all users that are searching back 30 days or longer in Splunk.For exampl... by scout29 Path Finder in Splunk Search 02-21-2025 0 4	0	4