Splunk Search

Community Activity

Earliest... Latest at 23:59:59 skipped! Hello.I found out that running a search to find events from 00:00:00 to 23:59:59, when i want H24 all events, using l... by verbal_666 Builder in Splunk Search 02-22-2026 0 6	0	6
Getting concurrent connections from transactions index=myindex "event=login" OR "event=logout" \| transaction username startswith="event=login" endswith="event=logout... by bekirk Explorer in Splunk Search 02-21-2026 0 5	0	5
Ingest processor problem Hello,How can I use the ingest processor to obtain the actual ingest without that information reaching the cloud?My d... by acs12 Engager in Splunk Search 02-20-2026 0 5	0	5
How does foreach + rename impact performance? I'm really confused about performance related to use of foreach + rename. I have a macro that renames potential name ... by yuanliu SplunkTrust in Splunk Search 02-19-2026 0 2	0	2
how to search a exact match inside a multivalue field Hi, I am trying to search exact matches inside a multivalue field using the mvfind command. Unfortunately, it uses re... by corti77 Contributor in Splunk Search 02-18-2026 0 4	0	4
How do I get a list of all my lookups with their file size? Hey Splunkers,I wanted to get a list of all the lookup files on my SH and their file sizes along with other data. I c... by BuzzLights10 Explorer in Splunk Search 02-18-2026 1 11	1	11
subsearch in a stats command? I'm using this command to search dhcp logs and find devices that are new in the last 30 days other than a list of exp... by ilhwan Path Finder in Splunk Search 02-17-2026 0 4	0	4
[Dashboard studio] Hiding sort indicators in table Hi, Is it possible to hide sort indicators in the headers of a table in Dashboard studio?Thank you by wp-uk-36 Explorer in Splunk Search 02-16-2026 0 2	0	2
Why is using loadjob command (using sid) slower than create a new search query? Hello, I created a dashboard with a table and multiple charts. After the table query is finished, I create a token ($... by karn Path Finder in Splunk Search 02-13-2026 0 1	0	1
How do I filter a large number of ip_client address? While tuning a Web Application Firewall (WAF), I'm attempting to filter out all the hostile IP addresses attacking th... by fkabell New Member in Splunk Search 02-11-2026 0 3	0	3
REST API I'm trying to work out how I execute a saved search / report using the REST API. I have created the token and have a... by balcv Contributor in Splunk Search 02-11-2026 0 2	0	2
how to query OCI Audit logs from Datasafe Hello Splunk community, I'm ata delimma, Our organiztion is transitioning to an OCI cloud environment so the way we u... by rmoon91 New Member in Splunk Search 02-11-2026 0 0	0	0
Search lookup for user in specific group and sub search if user is in other groups from same lookup and set value I have a system user lookup where all users are at least assigned to the GU group but can also be assigned to other g... by ramuzzini Path Finder in Splunk Search 02-10-2026 0 5	0	5
where IN ("*") from the token definition Hi, here is the description of the status quo. There is multiselect element defined by a token tkn1. Output variable ... by spisiakmi Contributor in Splunk Search 02-08-2026 0 3	0	3
eval case statement Hi, Am using case statement to sort the fields according to user requirement and not alphabetically. eval sort_fie... by surekhasplunk Communicator in Splunk Search 02-07-2026 2 5	2	5
Migrating/Copying lookup file from an existing Search head cluster to a new Search head Cluster (Enterprise Security) We are trying to create a new Enterprise Security Search head cluster (with latest ES version ), Whats the best way t... by kchaitanya Explorer in Splunk Search 02-06-2026 1 1	1	1
Splunk Universal Forwarder 9.2.5 Is Splunk Universal Forwader 9.2.5 supports to Windows Server 2025 ? Pls confirm. am seeing below in search community... by im_bharath Path Finder in Splunk Search 02-04-2026 0 1	0	1
How to search for values not in a listing I have a search started, but it's failing to run. What I want is to eliminate some ID's and only bring back ID's tha... by NanSplk01 Communicator in Splunk Search 02-03-2026 0 11	0	11
Compare fields from two different searches in 5min bucket I have two different searches which each get _time and username.I am trying to append these two searches, and compare... by splunknoob4 Engager in Splunk Search 02-03-2026 0 12	0	12
How write qery instead of using Join? Thank in Advance I have three source type Micro, application, CsID and i want to fetch details from these three sourc... by karthi2809 Builder in Splunk Search 02-02-2026 0 2	0	2
Any way to do this without map? Nightly, my organization puts a bunch of pieces of equipment into "maintenance mode" to do repairs and such on them. ... by BG_Splunk Explorer in Splunk Search 01-28-2026 0 7	0	7
Why is it slower to write key=value when searching? A) index=main 192.168.172.10B) index=main src_ip=192.168.172.10 I thought B) was faster.Because the index is the same... by munang Path Finder in Splunk Search 01-24-2026 0 2	0	2
input a lookup file only when there is "no result" & "no events" Hi Team,Can someone help me with the Splunk query to input a lookupfile only when there is "no result & "no event"I t... by JohnsonMarcus Engager in Splunk Search 01-23-2026 0 5	0	5
Can we pass a parameter to a report? Is there a way to pass a parameter to a report when calling it via - curl -u user:password -k https://<api_server>... by danielbb Motivator in Splunk Search 01-22-2026 0 3	0	3
Generating _events_ in search Hello there.I was wondering... is there any way to generate _events_ in search?I mean, I know of the makeresults comm... by PickleRick SplunkTrust in Splunk Search 01-22-2026 0 7	0	7