Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
Splunk Search
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
Options
- Mark all as New
- Mark all as Read
- Float this item to the top
- Subscribe
- Bookmark
- Subscribe to RSS Feed
- Threaded format
- Linear Format
- Sort by Topic Start Date
Community Activity
 | The following example | makeresults | eval FilePath="\\Temp.exe" | where match(FilePath, "(?i)\\Temp\.exe$") Creates ... by abowesman Explorer in Splunk Search 05-10-2021 0 0 | 0 | 0 | |
| | The date field sometimes has 2 spaces and sometimes 1 space, depending on whether the date is a single digit or doubl... by ershad_c Engager in Splunk Search 05-10-2021 0 2 | 0 | 2 | |
| | SpoilerHow to split/extract substring before the first - from the right side of the field on splunk searchHow to spli... by keshavgupta Engager in Splunk Search 05-10-2021 0 1 | 0 | 1 | |
| | how to use horseshoe meter for below queryindex = * | table podname cluster status | dedup podname cluster status |... by kirrusk Communicator in Splunk Search 05-10-2021 0 1 | 0 | 1 | |
| | Hi,I've been trying for hours and nothing works, so I figure you might help me out.I have the following very long que... by yifatcy Path Finder in Splunk Search 05-10-2021 0 2 | 0 | 2 | |
| | Dear all,I'm trying to retrieve some log metadata and associate them to all my events.Exemple: When my application st... by Flobzh Explorer in Splunk Search 05-10-2021 0 1 | 0 | 1 | |
| | Hi,My query:index=ph_windows_sec sourcetype=XmlWinEventLog (EventCode=630 OR EventCode=4726 OR EventCode=624 OR Event... by or1515 Loves-to-Learn Everything in Splunk Search 05-10-2021 0 2 | 0 | 2 | |
| |   Hi,Can I separate Trellis visualization by two variables as keys? In other words, I would like a timechart for each c... by yifatcy Path Finder in Splunk Search 05-10-2021 0 0 | 0 | 0 | |
 | 0 | 1 | ||
| | I want to concatenate strings with special characters like "\t" and Unicode char "\u0006"I tried | makeresults | ev... by junlozhang Explorer in Splunk Search 05-09-2021 0 2 | 0 | 2 | |
| | I have a field that consists of data separated from a json data field using this search.index="test-99" sourcetype="... by robayers Explorer in Splunk Search 05-09-2021 0 8 | 0 | 8 | |
| | I am relatively new to this wonderful tool called SPLUNK. Please excuse me if this question has already been answered... by schou87 Path Finder in Splunk Search 05-09-2021 0 4 | 0 | 4 | |
 | Dear ALL,I want to insert a value into a subsearch using the search result as a variable.Do the following search to g... by Msugiyama Path Finder in Splunk Search 05-09-2021 0 2 | 0 | 2 | |
| | For the below query, searching for the values of 2nd occurence of earliest and latest events so that the timechart wo... by prajwal_94 Explorer in Splunk Search 05-09-2021 0 2 | 0 | 2 | |
| | I would kindly need some help for a query i am not able to create.I have inputlookups as source.And i want to filter... by hvdtol Path Finder in Splunk Search 05-09-2021 0 4 | 0 | 4 | |
| | Right now I have something like this: index=my_index sourcetype=my_sourcetype | rex field=message "- (?<User>\S+) -:"... by PaintItParker Explorer in Splunk Search 05-08-2021 0 3 | 0 | 3 | |
| | I am aiming to provide headers to my generated report. I have 3 hosts, host1 host2 and host3. My report is configured... by cboonyan New Member in Splunk Search 05-08-2021 0 1 | 0 | 1 | |
| | Hi Guys, Wondering if you can help me out with the following. Within a single event I have to fields: 1) expiry_date2... by Matthew Engager in Splunk Search 05-08-2021 0 2 | 0 | 2 | |
| | Hi,I have 2 servers with the same names and I have installed universal forwarder on both servers. In forwarder manage... by sh_tavousi Explorer in Splunk Search 05-08-2021 0 3 | 0 | 3 | |
| | Let's say the data looks like:StudentNameStudentIdGradeExamDateTom1602021-04-01Jerry2702021-04-01Tom1622021-04-07Jerr... by junlozhang Explorer in Splunk Search 05-08-2021 0 2 | 0 | 2 | |
| | Example:field1=ADOBE INC.field2=ADOBE SYSTEMS&sep1; INCORPORATEDi want to match this as both fields containing "ADOBE... by obais9346 Engager in Splunk Search 05-07-2021 0 3 | 0 | 3 | |
 | Hi All, Can any one guide me how to find, how much data is getting ingested into Splunk from a particular HEC token... by Hemnaath Motivator in Splunk Search 05-07-2021 0 3 | 0 | 3 | |
| | I have O365 logs in Splunk. I want to find all shared files/folders plus display sensitivity labels of these files. A... by nikoloz04 New Member in Splunk Search 05-07-2021 0 0 | 0 | 0 | |
| | Hello !My data is in this form :_time (dd/mm/yyyy), NbRisk, SubProject, GlobalProject02/05/2021, 10 , SubProject1, ... by bcouavoux Explorer in Splunk Search 05-07-2021 0 4 | 0 | 4 | |
| | Hi all,I performed an initial search, to this I added a second search, with the map command, where based on the value... by antonio147 Communicator in Splunk Search 05-07-2021 0 3 | 0 | 3 |
Get Started
Explore Essential Splunk Resources
Get Expert Help at Community Office Hours
Join the #search-help Slack channel
Get Expert Help at Community Office Hours
Join the #search-help Slack channel
Become An Expert
Top Labels
-
administration
3 -
alert action
3 -
alert condition
2 -
Analytics Workspace
2 -
authentication
1 -
chart
946 -
Classic dashboard
1 -
configuration
2 -
correlation search
1 -
count
1,006 -
Dashboard Studio
3 -
data
3 -
data model
1 -
development
6 -
distributed search
1 -
drilldown
1 -
email
1 -
eval
2,615 -
field extraction
2,022 -
fields
2,064 -
host
1 -
index
4 -
indexer
2 -
inputs.conf
1 -
intermediate forwarder
1 -
introduction
5 -
join
1,060 -
JSON
2 -
Linux
2 -
login
1 -
lookup
1,566 -
metadata
310 -
monitoring console
2 -
other
182 -
panel
2 -
PDF
1 -
Python
1 -
regex
1,499 -
report acceleration
2 -
rex
1,250 -
SAML
1 -
saved search
5 -
scheduled search
4 -
scripted input
1 -
search
2 -
search head
3 -
search job inspector
683 -
search peer
1 -
simple XML
1 -
source
1 -
sourcetype
4 -
Splunk Web Framework
1 -
splunk-assist
1 -
splunkd
1 -
stats
3,565 -
subsearch
1,730 -
summary indexing
4 -
table
1,754 -
time
1 -
timechart
1,158 -
transaction
453 -
transforms.conf
1 -
troubleshooting
8 -
tstats
569 -
universal forwarder
5 -
using Splunk Cloud
2 -
using Splunk Enterprise
13 -
Windows
3
- « Previous
- Next »
Get Updates on the Splunk Community!
SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...
Thursday, July 9, 2026 | 11:00AM–12:00PM PDT
Duration: 1 hour (includes Q&A)
Managing can feel like a ...
Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern
Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...
Splunk Developer Day announcements: AI agents, MCP tools, Forecasting, and Custom ...
Splunk Developer Day was packed with product and platform updates for developers building in the AI ...
