Splunk Search

Community Activity

Is there a way to determine the install date for Splunk universal forwarders? We are using SCCM to install Splunk Universal Forwarder in our organization and via our Deployment server, I can keep... by jwalzerpitt Influencer in Splunk Search 11-20-2025 3 2	3	2
Does the REST API allow to retrieve the XML source code of Classic Dashboards? I sometimes lose the source code of a dashboard, and therefore, I wonder if I can automatically take a backup of my d... by danielbb Motivator in Splunk Search 11-19-2025 0 2	0	2
DMP files are killing my drive!! Every 10 min DMP files and the text document are being created on my drive: C__Program Files_Splunk_bin_splunkd_exe_... by ethompso Explorer in Splunk Search 11-19-2025 1 6	1	6
How to find the file name of largest file using splunk query I have file name and file size.I would like to find largest file name.My query:<search>\| stats max(File_Size_MB) AS L... by Nithiya1 Explorer in Splunk Search 11-19-2025 0 3	0	3
OR statement with results from DBXquery Hopefully this makes some sense. I am working on a dashboard that pulls up activity when someone clicks on the detai... by DarthHerm Explorer in Splunk Search 11-17-2025 0 2	0	2
Using lookups to augment searches with additional filters I sometimes need to make some changes to my eventtype definitions.However, I do not actually want to edit the query i... by zapping575 Path Finder in Splunk Search 11-17-2025 0 12	0	12
How to identify external IP addresses I am attempting to identify external IPs that are accessing our servers more than a given number of times each day in... by brandonmurphy New Member in Splunk Search 11-17-2025 0 8	0	8
How do I find internal and external ip addresses of splunk universal forwarder? Hi there, I have a use case to query internal and external ip addresses of the host which has UF installed. I am usin... by snakhuda Engager in Splunk Search 11-17-2025 0 13	0	13
What capabilities are required for the "sendemail" search command? The ability for many things in Splunk is controlled by capabilities applied to roles/users. In order for a user to ut... by athoma31 Explorer in Splunk Search 11-17-2025 0 3	0	3
Outputlookup followed by stats command causes extra column to be generated Hello, I came across some unexpected search behaviour today.When using the outputlookup command followed by a stats c... by Anders333 Explorer in Splunk Search 11-16-2025 0 2	0	2
Forward logs from Splunk A to Splunk B, restricted to hosts within a specific index. I have a Splunk server (Splunk A) with indexes named var_log_***, which contain logs from both UAT and Prod hosts. I’... by quangtran Explorer in Splunk Search 11-16-2025 0 3	0	3
Configuration initialization took longer than expected when dispatching a search I must admit what is happening makes no sense. Take this error for example:[OurIndexer01,OurIndexer02,OurIndexer03] C... by Gregski11 Contributor in Splunk Search 11-13-2025 0 2	0	2
Why are not all field values are extracted for long JSON files? Hi, I am trying to ingest long JSON files into my Splunk index, where a record could contain more than 10000 characte... by wu_weidong Path Finder in Splunk Search 11-12-2025 0 9	0	9
disable automatic search execution when time ranges change some datasets are large and when configuring an spl and changing the time range picker, it triggers the search to run... by lady_bl00dst0n3 New Member in Splunk Search 11-11-2025 0 3	0	3
Replace parts of a string where values of a multivalue field match Unfortunately, I've hit the limit of my Splunk knowledge again, and I need some help. I'm attempting to write a searc... by dtaylor Path Finder in Splunk Search 11-09-2025 0 1	0	1
Trying to filter a log using another log with same index Hello. I have an index="index", and if I add a field to the search, such as index="index" errorCode, I retrieve logs ... by chimuru84 Path Finder in Splunk Search 11-05-2025 0 10	0	10
Datamodel autoextractSearch Hi community,When using datamodels, is it possible to remove/exclude the portion of the autoextractSearch: \| search (... by hank72 Path Finder in Splunk Search 11-04-2025 0 6	0	6
Compare query to lookup table but don't print if the results are in the lookup table. index=web host!="TEST" \| rare limit=10 http_user_agent,c_ip,src,X_Forwarded_For,host ```\|lookup static_assets ip as... by hl Path Finder in Splunk Search 11-03-2025 0 3	0	3
Visually correlate two searches by field and count There is an async process that logs first when something is created, then again when it is picked up by a service tha... by Ted-Splunk Engager in Splunk Search 10-31-2025 0 2	0	2
Search to Provide Days in Hot/WarmDB In our environment, we have a CIFS share that is used to store all colddb. Warm is rolled to cold when the hot/warm ... by jodros Builder in Splunk Search 10-30-2025 0 8	0	8
Extracted field in fast mode Hello, i try to understand the "fast mode" compared to the "smart" and "verbose mode" in relation to field extracti... by jariw Path Finder in Splunk Search 10-29-2025 0 11	0	11
how to use Delta with Stats command or subtract list of time in stats list hi Every one i am new to splunk , but here my query goes:Sample Data and json : {id: 1 , executor: "executor1" , time... by sdk32 Engager in Splunk Search 10-27-2025 1 3	1	3
Alert Triggered Action: Dashboard Studio Snapshot I understand that it is currently possible to schedule the export of a Dashboard Studio dashboard in PDF or PNG forma... by josemanm12 Engager in Splunk Search 10-27-2025 0 2	0	2
AuthorizationManager related error messages. 10-27-2025 03:21:21.006 WARN AuthorizationManager [28813 MainThread] - Capability 'use_file_operator' is not recogn... by dm1 Contributor in Splunk Search 10-27-2025 0 2	0	2
Deployment Server Does Not Replace Existing Lookup CSV Files I am using the deployment server to push configurations to the search heads. All the .conf files are successfully dep... by JanYang Loves-to-Learn Lots in Splunk Search 10-23-2025 0 12	0	12