Splunk Search

Discussions

Thread Info

Adding a predicted cumulative value to a stacked bar chart

I wish to take a stacked bar chart, use 'addtotals' to create a field representing the cumulative value of the stacke...

by Explorer in

How to group by latest date?

Hi, See, I have been trying to group my result query based on the latest date in order to remove duplicates and get...

by Explorer in

SPlunk not sending alerts

Hi, My splunk instance is not sending email alerts for a new alert th Can soat i just setup. I am getting other ale...

by Path Finder in

Expand column in to rows

How to Convert _time ColumnA ColumnB timeA 10 ...

by Engager in

Report all real-time searches from the internal audit index

Enable alerts and reports on real-time searches seen in the internal audit index.

by Motivator in

Searching for a specific users browsing history

I am a newbie to Splunk and am trying to find out what query I can use to find a specific users browsing history for ...

by New Member in

Disable app on UF using deployment server

Hello All,i have a default app which gets installed on the UF during the installation (part of our install script). t...

by Path Finder in

Search running slowly

Hi, can anyone make any suggestions as to how I can make this search more efficient? index=prod_service...

by Path Finder in

Count By Date

I have a search created, and want to get a count of the events returned by date. I know the date and time is stored i...

by Communicator in

How to display counts in the two weeks span for last two weeks and two weeks before

I want to display counts latest two weeks (last two weeks), two weeks before and everything else before 4 weeks start...

by Path Finder in

Replacing multiple values of a field with single value with rex sed

Hi All, I have field called stepName which will have below three values. TextResource.getFirstLine TextResource...

by New Member in

SPL using search NOT comparing 2 Lookup (csv) files returns wrong results

Greetings, I've 2 Lookup (csv) files, one generated from index _internal (approx 15k events) and another generated ...

by Path Finder in

How to set up an alert to trigger only if a second search does not return results within 30 seconds of the previous search?

I have a current alert that is working as expected to capture a log event that states a service is down. We have star...

by New Member in

Help Improve my search?

All, I have this search here and it's pretty slow. Any recommendations to speed it up? Currently 250.249 seconds a...

by Loves-to-Learn Lots in

Splunk Join Optimisation

Hi, I have the below query which does the search on two different sources in the same index and join the results ba...

by Explorer in

Event Field Data Lost When Using Collect to Populate Summary Index

I'm having a bit of trouble trying to backfill a couple days in my summary index from a query using the collect comma...

by Path Finder in

How to populate results from regex into an ldap search?

How would I take the results from this search: | rex field=initiatedBy.user.userPrincipalName "ex(?<GUID>\d+)z\...

by Path Finder in

Error in 'search' command: Unable to parse the search: Right hand side of IN must be a collection of literals.

I'm trying to look for senders where they don't contain values from the lookup mimics.csv. Examples of values in the ...

by Path Finder in

ISE unique MAC reporting

Been testing to get a ISE-Splunk successful authentication report and trying this but the "Calling-Station-ID" is not...

by Engager in

brake out individual row by host repeated for each line

Here is what I've done. How to break out the results into individual software correctly in Splunk. Any tips could b...

by Contributor in

Splunk Query to find removed hosts

Hi All, Please help me with splunk query to find removed (Off-boarded) hosts & index in splunk

by Contributor in

Field failing to extract (ServiceNow)

Hi, I have used the Service Now add on to pull in the incident table. We have a custom SNow field called "dv_u_conf...

by Path Finder in

multiple values in pie chart

i am trying to figure out what the output values are not showing up in my pie chart. i would eventually like to grap...

by Loves-to-Learn in

Question on setting up the alerts

I have a search query that outputs the count of the event for all the host (i.e., | stats count by host) Now if the...

by Explorer in

What is this issue with the monitor stanza in inputs.conf?

I am having an issue with one of my monitor stanza in inputs.conf. The stanza is as below: [monitor://E:Speec...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Adding a predicted cumulative value to a stacked bar chart

How to group by latest date?

SPlunk not sending alerts

Expand column in to rows

Report all real-time searches from the internal audit index

Searching for a specific users browsing history

Disable app on UF using deployment server

Search running slowly

Count By Date

How to display counts in the two weeks span for last two weeks and two weeks before

Replacing multiple values of a field with single value with rex sed

SPL using search NOT comparing 2 Lookup (csv) files returns wrong results

How to set up an alert to trigger only if a second search does not return results within 30 seconds of the previous search?

Help Improve my search?

Splunk Join Optimisation

Event Field Data Lost When Using Collect to Populate Summary Index

How to populate results from regex into an ldap search?

Error in 'search' command: Unable to parse the search: Right hand side of IN must be a collection of literals.

ISE unique MAC reporting

brake out individual row by host repeated for each line

Splunk Query to find removed hosts

Field failing to extract (ServiceNow)

multiple values in pie chart

Question on setting up the alerts

What is this issue with the monitor stanza in inputs.conf?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions