Splunk Search

Community Activity

	Use Lookup Table with IP addresses to search in Splunk and find hostnames that match the IPs I have a lookup table with a bunch of IP addresses (ipaddress.csv) and a blank column called hostname. I would like t... by Obsidian_RS400 New Member in Splunk Search 01-21-2025 0 1	0	1
	Given variable as value of field and not token I have such a search and it works fine but not in Dashboard! index=unis \| search sarch \| eval name = coalesce(C_... by woodman2 Loves-to-Learn Everything in Splunk Search 01-21-2025 0 5	0	5
	Splunk searches does not return expected values even though the data is completed Hi, We recently migrated from a standalone Search Head to a clustered one. However, we are having some issue running ... by josephp Loves-to-Learn Everything in Splunk Search 01-21-2025 0 3	0	3
	Need stats count per host and process_name Right now a have a table list with fields populated where one process_name is repeating across multiples hosts with s... by deckard1984 Engager in Splunk Search 01-21-2025 0 3	0	3
	Logs are showing raw, how do I get them to show as highlighted? When I click on the raw log and back out of it it shows up as highlighted. How do I default the sourcetype/source to ... by bryhoffman Explorer in Splunk Search 01-21-2025 0 4	0	4
	search with sub search doesnt get the correct defined time range Hey, lately i was working on an SPL and wondered why this aint working. This is simplified index IN(anonymized_inde... by splunkinator53 Explorer in Splunk Search 01-20-2025 0 4	0	4
	Howto escape double quote in regex when using rex I have the following regex that I (currently) use at search time (it will be a field extraction once I get it ironed ... by jmartens Path Finder in Splunk Search 01-20-2025 0 3	0	3
	Loop through splunk search for multiple values I want to get the below search executed and display the results in a table for all comma separated values that gets p... by anmohan0 Explorer in Splunk Search 01-19-2025 0 3	0	3
	Using Machine Learning Toolkit to detect auth abuse Hello,I’m trying to tune Machine Learning Toolkit in order to detect authentication abuse on a web portal (based upon... by patpro Path Finder in Splunk Search 01-19-2025 0 0	0	0
	How can we show events prior to the one that matches the criteria? We have a case where we can search and find events that match the search criteria. The client would like to see the e... by danielbb Motivator in Splunk Search 01-19-2025 0 3	0	3
	How to refresh multiselect options with Javascript (re-execute the mutliselect search) We have a custom dashboard in Splunk that has a few filters, one of which is a multiselect. This dashboard allows use... by Afterimage Engager in Splunk Search 01-17-2025 0 3	0	3
	Search using IF statement Hi All, Could you please help me with " if "query to search a condition is true then need to display some values f... by tech_soul New Member in Splunk Search 01-16-2025 0 4	0	4
	List of the indexes that do not have attached a self-storage Hi,I'm trying to get a query for a table containing all the indexes that do not have a self storage attached, but I c... by esteban593 Explorer in Splunk Search 01-16-2025 0 4	0	4
	Use Case for Privileged Users, SPL Question I'm trying to create a search in which the following should be done: - look for a user creation process (ID 4720) - ... by avoelk Communicator in Splunk Search 01-16-2025 0 3	0	3
	Why does tstats command alter time stamps when I run it by _time? I am wondering why tstats command alters time stamps when I run it by _time. \| tstats values(text_len) as text_len v... by LIS Path Finder in Splunk Search 01-16-2025 0 8	0	8
	Monitoring email status Hi everyone!My goal is to create an alert to monitor in ALL saved search if there's any email that no longer exist (m... by nonno_pinto Explorer in Splunk Search 01-16-2025 0 1	0	1
	Make table column header indicate the sort order of data in underlying search results? I want the sort indicators (up/down arrowheads) in table visualization column headings to reflect the default sort or... by Graham_Hanningt Builder in Splunk Search 01-16-2025 0 7	0	7
	Decode base64 into any charset Is there a command or app that will decode base64 and detect the correct charset to output to?Currently, I'm currentl... by antoniolamonica SplunkTrust in Splunk Search 01-15-2025 0 1	0	1
	how to search in array inside a foreach loop This is an example of the structure of my data and the query I am currently using. I have tried around 10 different s... by mrsampson Explorer in Splunk Search 01-15-2025 0 11	0	11
	Splunk Cloud: How to Collect Data in JSON Format from Splunk Cloud? Hello everyone,I'm trying to collect data in JSON format from Splunk Cloud, and I understand that one of the options ... by franraf180 Engager in Splunk Search 01-15-2025 0 1	0	1
	Help with conditional event count. Hi, I have json data structured as follows: { "payload": { "status": "ok", # or "degraded" } } I'm trying t... by AFKunc Explorer in Splunk Search 01-15-2025 0 6	0	6
	How to write a search to get the week number of the month from the given _time? We need to extract the week number of the month for matching the SLA. Have SLA such as 2nd or 4th week of a month. So... by prachisaxena Explorer in Splunk Search 01-14-2025 0 6	0	6
	How to join multiple condition In my logs I am getting 4 events for 1 id. 1)Updating DB record with displayId=ABC0000000; type=TRANSFER2)Updating DB... by Swati Engager in Splunk Search 01-14-2025 0 15	0	15
	How to use conditional search Hi All,I have a main search where name1 filed will have multiple valuesI need to run sub search based on the value of... by nelaturivijay Observer in Splunk Search 01-14-2025 0 3	0	3
	mvmap command after migrate from 9.0.5 to 9.3.1 Mvmap has different results on different versionsleft screen is 9.3.1 version right is 9.0.5 if field will have more ... by pavellr Loves-to-Learn in Splunk Search 01-13-2025 0 4	0	4