Splunk Search

Community Activity

Search to Provide Days in Hot/WarmDB In our environment, we have a CIFS share that is used to store all colddb. Warm is rolled to cold when the hot/warm ... by jodros Builder in Splunk Search 10-30-2025 0 8	0	8
Extracted field in fast mode Hello, i try to understand the "fast mode" compared to the "smart" and "verbose mode" in relation to field extracti... by jariw Path Finder in Splunk Search 10-29-2025 0 11	0	11
how to use Delta with Stats command or subtract list of time in stats list hi Every one i am new to splunk , but here my query goes:Sample Data and json : {id: 1 , executor: "executor1" , time... by sdk32 Engager in Splunk Search 10-27-2025 1 3	1	3
Alert Triggered Action: Dashboard Studio Snapshot I understand that it is currently possible to schedule the export of a Dashboard Studio dashboard in PDF or PNG forma... by josemanm12 Engager in Splunk Search 10-27-2025 0 2	0	2
AuthorizationManager related error messages. 10-27-2025 03:21:21.006 WARN AuthorizationManager [28813 MainThread] - Capability 'use_file_operator' is not recogn... by dm1 Contributor in Splunk Search 10-27-2025 0 2	0	2
Deployment Server Does Not Replace Existing Lookup CSV Files I am using the deployment server to push configurations to the search heads. All the .conf files are successfully dep... by JanYang Loves-to-Learn Lots in Splunk Search 10-23-2025 0 12	0	12
Windows Session Tracking Hello, I am trying to build a search to identify windows user sessions. The main goal was a list/track of users who d... by dfarr Explorer in Splunk Search 10-22-2025 0 1	0	1
Does Splunk have a logomark? Hi all, I’m working on a uni project where I need to represent Splunk visually alongside other tools that all have ic... by automation2704 New Member in Splunk Search 10-21-2025 0 1	0	1
Compliance Dashboard I would like to create a search or a series of searches to retrieve all of my Windows Servers from LDAP. After obtain... by Foolish_Rogue Engager in Splunk Search 10-17-2025 0 1	0	1
Splunk UI misbehavior for the parsing of the logs I've noticed in the last days, after the deployment process is done we are having some problems when making searches ... by DionisMjeku Engager in Splunk Search 10-15-2025 0 3	0	3
Help me with splunk query to monitor CPU and Memory utilized by splunk adhoc and alert searches Help me with splunk query to monitor CPU and Memory utilized by splunk adhoc and alert searches by cogh3o New Member in Splunk Search 10-15-2025 0 2	0	2
Some fields are not extracted in json i have json event in that some fields not extracting properly when i am table i am not getting some field after messa... by chandrasekhar46 Loves-to-Learn Everything in Splunk Search 10-15-2025 0 6	0	6
How to exclude files from results using a lookup table with wildcard support? Hi Splunk Community,I'm working on a search that analyzes an index containing records of file activity. Each event in... by Splunked_Kid Explorer in Splunk Search 10-14-2025 0 5	0	5
How to convert selected fields to FQDN All,Anybody got idea on the below selected fields on how convert to FQDN? Seems lookups/dnslookup are not possible be... by jfmph_ Explorer in Splunk Search 10-14-2025 0 6	0	6
Join indexes on field that contain. Good day, It's been a while. I am trying to join two indexes together to see if a ticket has been logged based on the... by JandrevdM Path Finder in Splunk Search 10-11-2025 0 5	0	5
how to add a new column to the existing lookup using lookup editor Hi,Can someone help me understand how to add a new column to an exisiting lookup (its a kvstore lookup) using the loo... by mchoudhary Explorer in Splunk Search 10-09-2025 0 3	0	3
splunk search so i have a index paloalto and a lookup file both have 1 field common app , now i want app which are present in looku... by SN1 Path Finder in Splunk Search 10-09-2025 0 3	0	3
Fields with multiple values duplicating in managed lookup I've been tasked with developing my organization's asset and identity lookups for Splunk ES.I am using managed lookup... by bigchungusfan55 Explorer in Splunk Search 10-07-2025 0 2	0	2
Role-based search filter syntax I created a search filter that looks like this:(index=web NOT status=404) OR (index!=web)which works to limit the rol... by ww9rivers Contributor in Splunk Search 10-06-2025 0 9	0	9
How to display a list of fields for an index? All, Is it possble to display a list of fields for an index? Something like this? index=java \| dedup fields \| ta... by daniel333 Builder in Splunk Search 10-02-2025 1 13	1	13
One shot search with Python SDK I am reading the documentation to create a simple search script: #!/usr/bin/env python import os import sys import ... by brent_weaver Builder in Splunk Search 10-02-2025 0 1	0	1
Help Fix My Search index="azure" UserId="#EXT#" earliest=-300d@d latest=now\| eval activity_time = coalesce(strptime(CreationTime, "%... by GattyBiggz Loves-to-Learn in Splunk Search 10-01-2025 0 12	0	12
Trying to create a search that will bring back indexes that have 0 bytes ingested over the last 30 days \| rest splunk_server=* /services/data/indexes\| fields title currentDBSizeMB lastIngestTime\| eval Bytes = round(coales... by NanSplk01 Communicator in Splunk Search 09-29-2025 0 4	0	4
Dashboard Classic Dropdown text length limit I have a drop-down in my Classic Dashboard that is populating from an inputlookup.Looks like this:<input type="dropdo... by dmoberg Path Finder in Splunk Search 09-29-2025 0 3	0	3
Problem using Join function I'm a novice working in fraud prevention; appreciate your help. When running the following, I'm getting a failure er... by JHFRDANALYSIS Engager in Splunk Search 09-27-2025 0 7	0	7