Splunk Search

Community Activity

Combining events over time I am not sure where to even start on this one. I have 2 log file types I need to extract data to get final accounts.... by jparso09 New Member in Splunk Search 02-07-2025 0 2	0	2
Replicating the Output of a Field Popup/Bubble? Possibly a silly question, but I've wondered this for a while and now it'd actually be exactly what I need; I've got ... by interrobang Explorer in Splunk Search 02-06-2025 0 4	0	4
dashboard time token with multiple ealiest/latest search It's a bit long, hope i will not bore you.I made a splunk graph with two lines I need to see the values compared to ... by alex_tc80 Explorer in Splunk Search 02-06-2025 0 8	0	8
How to change span alignment I've tried a few methods shared here to adjust the start/end times of span. Mainly:1 - \| eval _time=_time-3600 \| bin... by R15 Communicator in Splunk Search 02-06-2025 0 8	0	8
paranthesis error in search query Hi,Im trying to use an OR function in the below query trying to combine two indexes and then use stats function like ... by secure Path Finder in Splunk Search 02-06-2025 0 5	0	5
Match IDs in 2 search and ensure a non-match is from the right source HelloI have a search like index=index1 \| rename Number__c as EventId \| append [search index=index2 sourcetype="api"... by tkwaller1 Path Finder in Splunk Search 02-05-2025 0 3	0	3
multiple base search Hi i have a complex base search where iam comparing data from two indexes using left join and getting the results in ... by secure Path Finder in Splunk Search 02-05-2025 0 3	0	3
forwarder Hello I have a index name msad and i want to know which forwarder is sending data to this index . And also the data i... by SN1 Path Finder in Splunk Search 02-05-2025 0 2	0	2
Need rex to extract the parameter in field product_name Want to extract HIGCommercialAuto and MLM-RS-Honly from below logs in field product name.HIGCommercialAuto higawsacc... by Hemant_h Engager in Splunk Search 02-05-2025 0 9	0	9
field extraction Hi, Please extract DUSTER and JUNIPER as app_name from following sample events - 1. unit_hostname="GBWDC111AD011HMA.s... by splunklearner Communicator in Splunk Search 02-05-2025 0 2	0	2
How to evaluate data match from 2 sources I have a search that searches 2 different indexes. We expect that there is 1 record from each index for a single id. ... by tkwaller1 Path Finder in Splunk Search 02-04-2025 0 3	0	3
Permanent Field extraction Trying to get permanent field extraction for a field. Tried to use field extraction tabs in fields given regex there ... by Karthikeya Communicator in Splunk Search 02-04-2025 0 2	0	2
Merge Events Hi,Some of my events doesn't have an timestamp and its has been written as multiple line items in the log.I want to m... by ckarthikin Loves-to-Learn Everything in Splunk Search 02-04-2025 0 8	0	8
MLTKC how should i check jupyter notebook func in splunk I want to use an autoencoder model in Splunk for anomaly detection. I have already built my own model, and I did not ... by ryanaa Explorer in Splunk Search 02-04-2025 0 0	0	0
Splunk search for multile counts Hi all Trying to work on something which currently shows a bunch of IP hits and counts against it, the current output... by anlePRH Observer in Splunk Search 02-03-2025 0 1	0	1
combine two searches Dear Splunkeri need a search that gets me if theres a host that has these logs, below is a psudeo search that show w... by msalghamdi Path Finder in Splunk Search 02-02-2025 0 2	0	2
Is there any way to get the fields and its expression from datamodel Hello,Is there any way to get fieldname and its expression from datamodel using rest api(using splunk query)?I am alr... by sivaranjiniG Communicator in Splunk Search 02-02-2025 0 1	0	1
Retrieving data from one query and using it to find data from another I have a query From source A that i need to get a list of 3 parameters back and for one of these parameters which is ... by momagic Engager in Splunk Search 01-31-2025 0 2	0	2
Splunk is not displaying the latest time of lookup updated Splunk is not displaying the latest time of lookup updated \| rest /servicesNS/-/-/data/lookup-table-files \| search ... by ganji Explorer in Splunk Search 01-31-2025 1 9	1	9
Formatting in CSV when using Stats I'm using stats to group sets of data by IP C blocks. When I export the data I am looking for( in this case multiple... by NicholasC Explorer in Splunk Search 01-31-2025 3 14	3	14
Data Display I dont get why the uploaded data is displayed like this. I am unable to create dashboards as it is not identifying al... by Aedah New Member in Splunk Search 01-30-2025 0 4	0	4
Adding another column to table Hello, I am trying to add another index column to this table. Currently using the search below.\| tstats count where i... by anthony_king Engager in Splunk Search 01-30-2025 0 3	0	3
See the results of Splunk alerts in a search. I'm trying to optimize the alerts since I'm having issues. Where I work, it's somewhat slow to solve the problem (1 t... by Aresndiz Explorer in Splunk Search 01-30-2025 0 3	0	3
Need a help with Query Below was the question for me"I need a running report to be exported, with the number of errors on each of the servic... by SR Observer in Splunk Search 01-30-2025 0 4	0	4
Filtering logs for a string only based on date Hi All, I have a requirement where I need to filter the virtual machine outage occurrence from the kernel logs. I... by shenoyveer Path Finder in Splunk Search 01-30-2025 0 20	0	20