Splunk Search

Community Activity

where IN ("*") from the token definition Hi, here is the description of the status quo. There is multiselect element defined by a token tkn1. Output variable ... by spisiakmi Contributor in Splunk Search 02-08-2026 0 3	0	3
eval case statement Hi, Am using case statement to sort the fields according to user requirement and not alphabetically. eval sort_fie... by surekhasplunk Communicator in Splunk Search 02-07-2026 2 5	2	5
Migrating/Copying lookup file from an existing Search head cluster to a new Search head Cluster (Enterprise Security) We are trying to create a new Enterprise Security Search head cluster (with latest ES version ), Whats the best way t... by kchaitanya Explorer in Splunk Search 02-06-2026 1 1	1	1
Splunk Universal Forwarder 9.2.5 Is Splunk Universal Forwader 9.2.5 supports to Windows Server 2025 ? Pls confirm. am seeing below in search community... by im_bharath Path Finder in Splunk Search 02-04-2026 0 1	0	1
How to search for values not in a listing I have a search started, but it's failing to run. What I want is to eliminate some ID's and only bring back ID's tha... by NanSplk01 Communicator in Splunk Search 02-03-2026 0 11	0	11
Compare fields from two different searches in 5min bucket I have two different searches which each get _time and username.I am trying to append these two searches, and compare... by splunknoob4 Engager in Splunk Search 02-03-2026 0 12	0	12
How write qery instead of using Join? Thank in Advance I have three source type Micro, application, CsID and i want to fetch details from these three sourc... by karthi2809 Builder in Splunk Search 02-02-2026 0 2	0	2
Any way to do this without map? Nightly, my organization puts a bunch of pieces of equipment into "maintenance mode" to do repairs and such on them. ... by BG_Splunk Explorer in Splunk Search 01-28-2026 0 7	0	7
Why is it slower to write key=value when searching? A) index=main 192.168.172.10B) index=main src_ip=192.168.172.10 I thought B) was faster.Because the index is the same... by munang Path Finder in Splunk Search 01-24-2026 0 2	0	2
input a lookup file only when there is "no result" & "no events" Hi Team,Can someone help me with the Splunk query to input a lookupfile only when there is "no result & "no event"I t... by JohnsonMarcus Engager in Splunk Search 01-23-2026 0 5	0	5
Can we pass a parameter to a report? Is there a way to pass a parameter to a report when calling it via - curl -u user:password -k https://<api_server>... by danielbb Motivator in Splunk Search 01-22-2026 0 3	0	3
Generating _events_ in search Hello there.I was wondering... is there any way to generate _events_ in search?I mean, I know of the makeresults comm... by PickleRick SplunkTrust in Splunk Search 01-22-2026 0 7	0	7
How to drop extra fields while maintaining groupby? To groupby? Or not to groupby? That is the question. (Not really. The question arises because trellis splitby seem... by yuanliu SplunkTrust in Splunk Search 01-21-2026 0 2	0	2
XML Extraction -issues with field extractions using props configuration file? Hello, When I extract fields from the structured XML files using props.conf, it is not extracted any key/value pairs... by SplunkDash Motivator in Splunk Search 01-18-2026 0 6	0	6
Right Technical App to pull TLS details from Exchange Online Which Splunk Technical Application for Microsoft will pull the TLS details for email/Exchange? Need to be able to re... by donaldwayne1976 Engager in Splunk Search 01-15-2026 0 2	0	2
Parsing queue size on UF is increasing ontinuosly and finally it gets blocked and forwarding stops I am trying to onboard data from a syslog server. But the size on UF is increasing continuously and finally it gets b... by SPLKrishna253 New Member in Splunk Search 01-14-2026 0 1	0	1
Need suggestions or advice to check status of same device on two systems Hello All,I have a generic question on using splunk. I have two systems, system A, and system B.If a device changes s... by eholz1 Builder in Splunk Search 01-14-2026 0 4	0	4
Dynamic search using global_time token for previous business day I've setup a dashboard based on charting trade queue information for our application which we are ingesting using a d... by wodrog Engager in Splunk Search 01-12-2026 0 4	0	4
SPL \| makeresults\| eval sourcetype=split("BBCN-Kunshan,BSCN-Suzhou,BBSP-Malasiya,BTCN-Tianjin,BXCN-Xian,BCCN-Suzhouheadqu... by SN1 Path Finder in Splunk Search 01-12-2026 0 2	0	2
Ingest actions and base64 decode Hi splunkers,I need to decode base64 fields before indexing them.I found a very old post with no good proposal for th... by _olivier_ Path Finder in Splunk Search 01-09-2026 0 3	0	3
untranspose multi-field sparkline \| chart sparkline count by a,bI would like to have sparkline table like...a \| b \| count \| sparklinething1 \| fo... by coo Explorer in Splunk Search 01-08-2026 0 4	0	4
SPLUNK ES 8.2.3 Drill Down not appearing I am facin big issue while creating use case on splunk and adding the drill down on the content management. I went to... by AbuNAM8 New Member in Splunk Search 01-07-2026 0 0	0	0
How would I build a table of all metrics and their dimensions in splunk My splunk server is receiving metrics from collectd. I want to build a table showing the metrics, dimensions, and ... by charliesfx Explorer in Splunk Search 01-06-2026 5 9	5	9
Support on SPL Query I need to display the Success percentage for each service day wise.I am doing stats and then table getting output as ... by dinesh001kumar Explorer in Splunk Search 01-05-2026 0 4	0	4
Different behavior regarding JSON null Riding the coattail of Re: Why is the null value in a JSON event not being parsed properly as NULL?, I constructed tw... by yuanliu SplunkTrust in Splunk Search 01-04-2026 1 4	1	4