Splunk Search

Discussions

Thread Info

Export splunk alerts

Hi, I’m looking for a way to migrate Splunk cloud alerts (saved searches) from one environment to another.For my case...

by New Member in

Need help in framing SPL query

| loadjob savedsearch="userid:search:hostslists" | lookup lookupname Hostname as host OUTPUTNEW ...

by Explorer in

Counting occurences in aggregation by fields

Hi community, I have a question on counting the number of events per values() value in stats command.For example ha...

by Explorer in

Splunk alert when specific index SVC usage is too high or too low

We currently have a search that shows a timeline graph of daily SVC usage by index. 10 of these indexes are our highe...

by Loves-to-Learn Lots in

Power User cannot share saved searches despite having power role and having write permissions into their App

We have a search app that a group of users are working from. All of the users have power role and we have given the p...

by Explorer in

latest result

hello i have a search and i want only latest result of this search . ok so the problem is for 1 DeviceName there are ...

by Path Finder in

why field extraction doesn't work when defined as calculated field?

I have this regex -^(?:[^ \\n]* ){7}(?P<src_host>[^ ]+)[^:\\n]*:\\s+(?P<event_id>[a-f0-9]+:\\d+)(?:[^/\\n]*/){2}(?P<d...

by Motivator in

Where are the failures of sendemail logged in?

Does anybody know where the failures of sendemail are being logged? I wonder about cases where the e-mail address no ...

by Motivator in

Left join a table and a lookup to show matching and non-matching results

Hi everyone! I am new with Splunk and probably this should be really easy for many of you. I am trying to left join...

by Explorer in

How to group the data by api name, date and various response times?

I have tried to write a query that outputs the transaction counts, and response times but not sure how to group it by...

by Explorer in

Timestamp is extracted as none

I have issue to transform data and extracting the fields value. Here is my sample data. 2025-07-20T10:15:30+08:...

by Explorer in

Calculate avg of time values

Hello All, Below is my dataset from a base query. How can i calculate the average value of the column ? Incidentav...

by Builder in

srchFilter usage in backend with multiple roles

We will create two indexes per application one for non_prod and one for prod logs in same splunk. They create 2 AD gr...

by Communicator in

How do we reassign Knowledge Objects owned by a user to another user via api ? is it possible ?

We have the "Reassign Knowledge Objects" option via SplunkCloud portal in the settings but is it possible to do it vi...

by Explorer in

Hardcoded time parameters inside a search doesn't work with v9.4.3

Hello Splunkers,The hardcoded time parameters inside a simple search don't work with v9.4.3. It only takes the input...

by Observer in

Can Splunk Federated Search be configured for bidirectional search?

I want to configure Federated Search so that Deployment A can search Deployment B, and Deployment B can also search D...

by SplunkTrust in

Generate a list of users and assigned roles for them

We are having multiple roles created in Splunk restricted by their index and users will be added to this role via AD ...

by Communicator in

Sort command not sorting as expected

The Splunk documentation says that the order rule is lexicographic. I am trying to sort the following values:| makere...

by Explorer in

Need to change the span based on hour of day

Hello , I am trying to change in the search itself to change the span in timechart. So if the hour is say greater ...

by Engager in

Mule Cloudhub integration with Splunk Cloud

We are looking for feasible to integrate with Mule Cloudhub with Splunk Cloud directly for logs ingestion. Please sug...

by New Member in

Percentage of devices using an IPv6 address versus an IPv4 address.

I have devices using a specific v4 address range and a specific v6 address range. I'd like to get the percent of devi...

by New Member in

Splunk query - lookup utilization

Hello all, I am working on an Splunk query which suppose to filter some logs by utilizing data from lookup. Consider ...

by Explorer in

Giving access to Single Shared Summary index for multiple app teama

Sorry for everyone that I am posting multiple posts for my issue. Just summarising everything here.. please help me w...

by Communicator in

Restrict search command usage (rest in particular)

I am looking to restrict the use of certain search commands for particular users / roles. In particular I would like ...

by Path Finder in

How to filter a list of timestamps less than _time

I need to filter a list of timestamps which are less than _time. this works: | makeresults count=1 | eval tim...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Export splunk alerts

Need help in framing SPL query

Counting occurences in aggregation by fields

Splunk alert when specific index SVC usage is too high or too low

Power User cannot share saved searches despite having power role and having write permissions into their App

latest result

why field extraction doesn't work when defined as calculated field?

Where are the failures of sendemail logged in?

Left join a table and a lookup to show matching and non-matching results

How to group the data by api name, date and various response times?

Timestamp is extracted as none

Calculate avg of time values

srchFilter usage in backend with multiple roles

How do we reassign Knowledge Objects owned by a user to another user via api ? is it possible ?

Hardcoded time parameters inside a search doesn't work with v9.4.3

Can Splunk Federated Search be configured for bidirectional search?

Generate a list of users and assigned roles for them

Sort command not sorting as expected

Need to change the span based on hour of day

Mule Cloudhub integration with Splunk Cloud

Percentage of devices using an IPv6 address versus an IPv4 address.

Splunk query - lookup utilization

Giving access to Single Shared Summary index for multiple app teama

Restrict search command usage (rest in particular)

How to filter a list of timestamps less than _time

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions