Splunk Search

Discussions

Thread Info

How to pass a field value to a "Link to search" SPL query from a Dashboard table?

Hello, I need help on passing a field value from a Dashboard table into a "Link to search" drilldown but can't figu...

by Path Finder in

LDAPSearch lastLogon doesn't return value

I recently migrated from v8 to v9 for Splunk and I am having issues with ldapsearch not returning data that it had pr...

by Loves-to-Learn in

Documentation for _introspection Index

So I want to build a dashboard with _introspection index , some of the metrics I am looking for are THP (enabled/disa...

by Explorer in

Need help on regexing a field to only show everything after a character

Hello everyone, I am terrible at regex, I am trying to regex a field called "alert.message" to create another fiel...

by Path Finder in

How to line break raw events

Hi, I have a log file on the server which I ingested in splunk through input app where I defined the index , sourc...

by Engager in

How to filter events using text box values?

How to filter events in the dashboard with help of search box.In the search box i have to give multiple strings like ...

by Builder in

Splunk bar chart how can i display percentage and total count

index=test pod=poddy1 "severity"="INFO" "message"="IamExample*" | rex field=message "IamExample(?<total>).*" | rex fi...

by Communicator in

unable to get all event data to newly created index

Hi Team, I can see events related to all hosts in internal index but the only few hosts data is available in newly ...

by Engager in

How to change color of a Panel based on String?

Hi All,I am running a dashboard which returns the total count(stats count) of field mentioning Severity=ok or Severit...

by Explorer in

How can i use Global Time Picker in my search

I have dataset which have field INSERT_DATE now i want to perform search based the date which is match with Global T...

by Path Finder in

What is the difference between lastTime and recentTime in a metadata search?

by Path Finder in

SPL Query Error

I am trying to write an spl query to detect an event of a single source IP address or a user fails multiple time to ...

by Engager in

Split string into fields

fieldA:1:10 fieldB:1:3 fieldC:1:2fieldA:1:10 fieldC:1:2fieldA:1:10 fieldC:1:2fieldC:1:1 I want to end up with a...

by Engager in

Splunk lookup

I have a 3 node search head cluster and distributed indexers we are getting below error when running any type of sear...

by Engager in

Splunk search csv number

I have a csv file like this that contain more than 100 numbers 11111111 22222222 33333333 I want to s...

by Observer in

How can I search for a missing field?

Let's say I have events A and B: A -- Feb 1 2010 10:10:00 field1=foo field2=bar B -- Feb 1 2010 10:10:01 field1=fo...

by Splunk Employee in

Top with optional field results

When I search I want to show the top results by a specific field "field1" and also show "field2" and "field3". Proble...

by Observer in

Inconsistent Key-Value Pair Searching in Splunk (Some Events Only Found with Wildcards)

Hey Splunk team, I’m facing an issue where Splunk fails to search for certain key-value pairs in some events unles...

by Engager in

Summary results for a "per item" query

Hello, I have the following query to search Proofpoint logs. index=ppoint_prod host=*host1* | eval time=st...

by Explorer in

Only show slots of a timechart that have more than x results

We search thru the logs of switches and there are some logs that are unconcerning if you just have a couple of them l...

by Engager in

rex help

probably an easy one, i have two events as follows thisisfield1 thisisfield2 mynextfield3 thisisfield1 mynext...

by Engager in

How can I determine which fields will work with tstats?

I understand that tstats will only work with indexed fields, not extracted fields. How can I determine which fields a...

by Engager in

Field Extraction

Need help to extract a field that comes after a certain word in a event. I am looking to extract a field called "sn_g...

by Path Finder in

Finding changes in a field

We are trying to watch the NIC statistics for our OS interfaces. We are gathering data from a simple ifcon...

by Explorer in

Limiting result from lookup

I am trying to figure out how to include a lookup in my search, but only some records. My current search is below. My...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to pass a field value to a "Link to search" SPL query from a Dashboard table?

LDAPSearch lastLogon doesn't return value

Documentation for _introspection Index

Need help on regexing a field to only show everything after a character

How to line break raw events

How to filter events using text box values?

Splunk bar chart how can i display percentage and total count

unable to get all event data to newly created index

How to change color of a Panel based on String?

How can i use Global Time Picker in my search

What is the difference between lastTime and recentTime in a metadata search?

SPL Query Error

Split string into fields

Splunk lookup

Splunk search csv number

How can I search for a missing field?

Top with optional field results

Inconsistent Key-Value Pair Searching in Splunk (Some Events Only Found with Wildcards)

Summary results for a "per item" query

Only show slots of a timechart that have more than x results

rex help

How can I determine which fields will work with tstats?

Field Extraction

Finding changes in a field

Limiting result from lookup

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Join searches by hostname when one index has the s...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

Splunk Search

Are you a member of the Splunk Community?

Discussions