Splunk Search

Community Activity

Join indexes on field that contain. Good day, It's been a while. I am trying to join two indexes together to see if a ticket has been logged based on the... by JandrevdM Path Finder in Splunk Search 10-11-2025 0 5	0	5
how to add a new column to the existing lookup using lookup editor Hi,Can someone help me understand how to add a new column to an exisiting lookup (its a kvstore lookup) using the loo... by mchoudhary Explorer in Splunk Search 10-09-2025 0 3	0	3
splunk search so i have a index paloalto and a lookup file both have 1 field common app , now i want app which are present in looku... by SN1 Path Finder in Splunk Search 10-09-2025 0 3	0	3
Fields with multiple values duplicating in managed lookup I've been tasked with developing my organization's asset and identity lookups for Splunk ES.I am using managed lookup... by bigchungusfan55 Explorer in Splunk Search 10-07-2025 0 2	0	2
Role-based search filter syntax I created a search filter that looks like this:(index=web NOT status=404) OR (index!=web)which works to limit the rol... by ww9rivers Contributor in Splunk Search 10-06-2025 0 9	0	9
How to display a list of fields for an index? All, Is it possble to display a list of fields for an index? Something like this? index=java \| dedup fields \| ta... by daniel333 Builder in Splunk Search 10-02-2025 1 13	1	13
One shot search with Python SDK I am reading the documentation to create a simple search script: #!/usr/bin/env python import os import sys import ... by brent_weaver Builder in Splunk Search 10-02-2025 0 1	0	1
Help Fix My Search index="azure" UserId="#EXT#" earliest=-300d@d latest=now\| eval activity_time = coalesce(strptime(CreationTime, "%... by GattyBiggz Loves-to-Learn in Splunk Search 10-01-2025 0 12	0	12
Trying to create a search that will bring back indexes that have 0 bytes ingested over the last 30 days \| rest splunk_server=* /services/data/indexes\| fields title currentDBSizeMB lastIngestTime\| eval Bytes = round(coales... by NanSplk01 Communicator in Splunk Search 09-29-2025 0 4	0	4
Dashboard Classic Dropdown text length limit I have a drop-down in my Classic Dashboard that is populating from an inputlookup.Looks like this:<input type="dropdo... by dmoberg Path Finder in Splunk Search 09-29-2025 0 3	0	3
Problem using Join function I'm a novice working in fraud prevention; appreciate your help. When running the following, I'm getting a failure er... by JHFRDANALYSIS Engager in Splunk Search 09-27-2025 0 7	0	7
Index substring match from inputlookup? Good afternoon.I have been working on this issue for a couple of days, and I just cannot seem to get this SPL correct... by sarge338 Path Finder in Splunk Search 09-26-2025 0 3	0	3
APM Synthetic - Clear cache between steps We have a need to setup Synthetic Browser Tests against many endpoints. The main purpose for the Browser tests is to ... by dmoberg Path Finder in Splunk Search 09-26-2025 0 1	0	1
How do you evaluate the difference between 2 multivalue fields? Hi, Let's say we have 2 multivalue fields Field1={a,b,c,d} Field2={a,b,c,d,e} Is it possible to evaluate the diff... by HeinzWaescher Motivator in Splunk Search 09-25-2025 0 9	0	9
query using file with list of names I've got a list of over 100 account names and I'd like to search Splunk to find out the most recent activity (if any)... by hawkeyesc72 Engager in Splunk Search 09-25-2025 0 5	0	5
Splunk add quotes when passing searches stored in a lookup table to the datamodel search using map? According to https://community.splunk.com/t5/Splunk-Search/Is-there-a-way-to-instruct-Splunk-to-not-add-quotes-when-p... by BacPhan-2005 Loves-to-Learn in Splunk Search 09-25-2025 0 1	0	1
splunk query to a different timezone fail I use fieldformat "Date Time"=strftime('Date Time',"%F %T %:z %Z","Asia/Hong Kong"). but it said the syntax is wrong.... by cyberpop Observer in Splunk Search 09-25-2025 0 7	0	7
Regex Error with Splunk SOAR/Phantom I have a regex to extract filename from object field. This works completely fine in Search.index="test" \| rex field=o... by luffy Engager in Splunk Search 09-24-2025 0 1	0	1
How to extract elements of a json (not a json array) I have a json from Grafana.\| makeresults count=1 \| eval json = "{ \"datasources\": { \"ds_a\": {}, \"ds_b\"... by weidertc Contributor in Splunk Search 09-24-2025 0 5	0	5
Error preventing me from saving search with chart I have a search with a chart that works well but when attempting to save I get the following error message: "Value of... by BlueHelix New Member in Splunk Search 09-23-2025 0 1	0	1
How to fetch only the top x rows for each category in the same search query? I am trying to fetch top 10 max Requests count of events with their corresponding response time. So using the below q... by akarivaratharaj Communicator in Splunk Search 09-23-2025 0 5	0	5
Matching a substring with a lookup field Hello wonderful SplunkersI know we can have a WILDCARD match in a lookup where we can match a key to a wildcard in th... by nabeel652 Builder in Splunk Search 09-23-2025 0 6	0	6
How to exclude traffic with src_ip or dest_ip using lookup file Hi,I’m building a search on the Network_Traffic datamodel to detect high outbound flows (>1 GB).I need to exclude a l... by imst27 Loves-to-Learn Lots in Splunk Search 09-22-2025 0 1	0	1
How do I add the total count of all events in each row ? Here is what I haveNow I want to add a new column like this eval nullPercent = round((nullCount/total)*100, 2) where ... by Ombessam Path Finder in Splunk Search 09-22-2025 0 4	0	4
Splunk Alert Am having issue with a Splunk alert triggering for daily snapshot of aws account ids. The alert is suppose to trigger... by whitecat001 Explorer in Splunk Search 09-19-2025 0 2	0	2