Splunk Search

Community Activity

Sanity Check - No Web Browsing Data Model? I'm building a search which takes a URL and returns all events from separate indexes/products where a client (user en... by tretrigh Path Finder in Splunk Search 01-08-2025 0 8	0	8
Replace _raw data for the matched string pattern in a multiple lines raw data Here is my raw data in the splunk query<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"> <s:Body xmlns... by dwangfeng Engager in Splunk Search 01-08-2025 0 5	0	5
stats count include zero Hello,First, I am aware that there are multiple posts regarding my question, but I can't seem to use them in my scena... by LearningGuy Motivator in Splunk Search 01-08-2025 0 6	0	6
how to do trivial projection and json parsing? I'm new to splunk and really struggle very hard with it's documentation. Everytime I try to do something, it does not... by alfonz19 Loves-to-Learn in Splunk Search 01-08-2025 0 9	0	9
compression rate of indexed data: 50gig/day in 3 weeks uses 100gig HDD space Hey, we just set up a indexer 3 weeks ago. By now we are indexing about 50gig/24h. If I go to Manager -> Indexes I c... by jan_wohlers Path Finder in Splunk Search 01-08-2025 1 5	1	5
How to make localize & map work in a subsearch Hi,I have a pretty long search I want to be able to utilize as a savedsearch and allow others benefit from one shared... by kaurinko Communicator in Splunk Search 01-08-2025 0 6	0	6
user success and failure login by month Hello Team, How to search specific app user successful and failure events by month for Jan to Dec? Base search, ... by navan1 Explorer in Splunk Search 01-07-2025 0 6	0	6
Fundamentals Question: Best practice of command structure I'm currently going over our alerts, cleaning them up and optimizing them. However, I recall there being a "best prac... by antoniolamonica SplunkTrust in Splunk Search 01-07-2025 0 2	0	2
Removing all-null columns from stats table I searched if someone had done this already but haven't found a good solution. So I wrote my own and thought I'd shar... by PickleRick SplunkTrust in Splunk Search 01-07-2025 0 2	0	2
How to get boolean fields from a stats max count (event number) How do I return field values from a specific max(eventnumber)?This was helpful but did not solve my issue Solved: How... by Seawheels51 Path Finder in Splunk Search 01-07-2025 0 5	0	5
tokenize on space and show only 1st part of starting I am getting result like this. query: index="webmethods_prd" host="USPGH-WMA2AISP*" source="/apps/WebMethods/Integ... by avikc100 Path Finder in Splunk Search 01-07-2025 0 3	0	3
How to edit position of column in statistic cable? I am looking to have the middle row of this table be in the left instead. I think something in the query is off and c... by jialiu907 Path Finder in Splunk Search 01-07-2025 0 4	0	4
How to export real event by AANAND Observer in Splunk Search 01-07-2025 0 2	0	2
Splunk to search only latest log file and not any historical data My requirement is simple, I have created a Certificate monitoring script and passing the log file through a splunk da... by shashankk Communicator in Splunk Search 01-06-2025 0 9	0	9
What kind of scenario we use eventstats vs stats? Hi, Could you pls let me know in what scenario would we use eventstats vs stats? by AL3Z Builder in Splunk Search 01-06-2025 0 3	0	3
wildcard matching in lookup input Can i do the wildcard matching in lookup?\|makeresults\|eval ip=192.168.101.10\|lookup ip.csv ip output hostIn my lookup... by RSS_STT Explorer in Splunk Search 01-06-2025 0 7	0	7
Can't Specify Fields Using Non-Standard Characters Back again with another question. I'm still playing with my search and whle this is an issue I've managed to work aro... by dtaylor Path Finder in Splunk Search 01-06-2025 0 5	0	5
Stats tables showing empty cells With the assistance of this forum, I managed to combine the events of two sourcetypes and run stats to correlate the ... by dtaylor Path Finder in Splunk Search 01-05-2025 0 4	0	4
How extract specific value ? Hello, I have big and complete log and want to extract specific value. Small part of log: "state":{<!-- -->"running":{<!-- -->"starte... by Jean-Sébastien Observer in Splunk Search 01-03-2025 0 4	0	4
add info about downstream jenkins jobs to upstream event Hi, I am trying to implement a dashboard in splunk that presents data basing on Jenkins events. I use Splunk App for ... by tommyleejones Observer in Splunk Search 01-03-2025 0 1	0	1
distinct results distinct results in splunk and how to show all data in selected fields vs the 100+ results by jmunsterman Engager in Splunk Search 01-03-2025 0 2	0	2
Joining searches on common columns HI query joining 2 searches on left join.Its matching some rows and not matching some rows although the column where ... by siu Loves-to-Learn Everything in Splunk Search 01-03-2025 0 38	0	38
Session Key Authentication fails sometimes Apologies if this is in the wrong place. Im using the Splunk REST API to connect and run search requests through a Py... by Sravan2 New Member in Splunk Search 01-02-2025 0 1	0	1
What does the error "File has no line endings" for a lookup table means? I'm trying to upload a file to be a new lookup table and I get the following error - What can it be? by ddrillic Ultra Champion in Splunk Search 01-02-2025 0 6	0	6
Replace host IP address with Name Hi Team, Need some help, while running below query I get host IP i.e. 10.65.x.x in Number display visualization but ... by cshewalkar Engager in Splunk Search 01-02-2025 0 4	0	4