Splunk Search

Discussions

Thread Info

Different data format into same source type

Recently we changed the data logging process at source and it changed the event format of the Site minder log source ...

by Path Finder in

Chart including no results

I'm trying to create a chart showing activity from May through until now, knowing that the activity ceased some month...

by Path Finder in

how to prevent users from creating knowledge objects in custom app

Hello Splunkers we are trying to restrict users (non admins) from creating knowledge objects (dashboards and report...

by Path Finder in

Need help in 2 stats operator

Hi All, need help in using 2 stats operation in one program. My program: index=opennms "uei.opennms.org...

by Communicator in

Alternative command for bin command

Hello ALL I want the alternative search for the following search command|bin span=1W _time aligntime=latest whi...

by Path Finder in

Sparkline column - correct but shrinked VS wrong but stretched

HelloIn the search as below: index=_audit action=alert_fired ss_app=app_name | eval alert_severity = case (...

by Builder in

Get Currently logged in Users

Hi, I am building a dashboard for my application being monitored in Splunk. As part of this i am getting the times...

by Loves-to-Learn in

Looking for exclusion query

I am having index (server_patching) which contain the details like changeNo, patching date etc of server which are pa...

by Explorer in

How to create couple of values in order to compare both field value

Hi, Here is my raw data : ID, Version, Date, Status 10874381,1,2020-01-15T08:36:00Z,New 10874381,1,2020-01-...

by Engager in

ldapfilter does not return all attributes

I'm trying to use Splunk to return a list of records that have been modified in our LDAP since a particular datetime...

by Engager in

How do I create a histogram to show distribution of hosts having particular range of uptime?

I have a search like this: index=my_index search=my_search | stats count as no_of_hosts by uptime ...

by Engager in

Can Add-on Debug Refresh be run from a cluster

Hi @MuS Sorry for the direct contact, I hope it's ok to ask you a question about "Add-on Debug Refresh". I h...

by Influencer in

Time range not substitued by earliest/latest

On our search head cluster we are running into the following issue. When searching using the time picker everything w...

by Path Finder in

Regular Expression in Search

I currently have a search looking for specific attack_id values. For example: ("attack_id=3040" OR "attack_id=3057...

by Contributor in

How can we add original fields after using stats count?

Hi, We have a use-case where responses(host_addr) returned from DNS queries are passed through AbuseIPDB API to che...

by Builder in

how to get specific item in a nested json array

I have a field named "test" which has the following json. If I do:| fields test{}.data{}{}.metric, test{}.data{}{}.va...

by Engager in

How to add value based on matrix comparison

Hi all, My data is logging of support ticket. i retrieved all the change state of each ticket with the transaction...

by Engager in

Assistance with Map using Map to perform a search from a table of the original search

TLDR: Goal is to perform an initial search which returns table of time user authenticated, then for each row in the ...

by Loves-to-Learn in

How to lower case the value present inside double quotes (String).

Hi Splunker, I would like to lower the string/value present inside the double quotes and then use as it is. Value...

by Engager in

Append more 50k or other soluction like a join

Hello community. I am not able to perform a sub-search between 2 sourcetypes. The 'drm' sourcetype has 5 million even...

by Explorer in

How to find events between date ranges

I am trying to find the events that are taking place between March 1 2021 and September 1 2021. I was hoping someone ...

by Observer in

help to extract value from field with rex function

Hi, please help. I would like to see in table (to extract with rex) value of field paid. Log is: 2020-12-23 12:14...

by Path Finder in

Run DBX query via REST API

I've checked this, but it hasn't solved the problem for me: https://community.splunk.com/t5/Getting-Data-In/Is-it-pos...

by Path Finder in

How to combine the values of same field into one

Hello My question is how to combine the same values into one which are getting differentiate by another field Ex...

by Path Finder in

Running loop on a search that takes one Id at a time

Hi, I have a lookup file that contains multiple Id's, I have a search that takes one Id at a time and returns the r...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Different data format into same source type

Chart including no results

how to prevent users from creating knowledge objects in custom app

Need help in 2 stats operator

Alternative command for bin command

Sparkline column - correct but shrinked VS wrong but stretched

Get Currently logged in Users

Looking for exclusion query

How to create couple of values in order to compare both field value

ldapfilter does not return all attributes

How do I create a histogram to show distribution of hosts having particular range of uptime?

Can Add-on Debug Refresh be run from a cluster

Time range not substitued by earliest/latest

Regular Expression in Search

How can we add original fields after using stats count?

how to get specific item in a nested json array

How to add value based on matrix comparison

Assistance with Map using Map to perform a search from a table of the original search

How to lower case the value present inside double quotes (String).

Append more 50k or other soluction like a join

How to find events between date ranges

help to extract value from field with rex function

Run DBX query via REST API

How to combine the values of same field into one

Running loop on a search that takes one Id at a time

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions