Splunk Search

Community Activity

Return results if join has no results. Hi all,I have a search with a Join. For the event I am Joining the Master search may not always have corresponding ev... by becksyboy Contributor in Splunk Search 12-04-2025 0 2	0	2
What exactly is a tsdix file? what exactly is a tsidx file? Can someone explain please? I don't quite understand the definition: "A tsidx file as... by aoliullah Path Finder in Splunk Search 12-02-2025 4 5	4	5
KVstore usage verification on Indexers \| check before disabling Background:I have a client with a large clustered environment, I have recently upgraded it to 9.4.6 and fixed wiredTi... by NullZero Communicator in Splunk Search 12-02-2025 0 10	0	10
Some AD groups are not displaying when setting up LDAP Hi all,I have setup an LDAP connection to my AD server. But when I click on LDAP Groups, not all groups are displayed... by DashZentin Explorer in Splunk Search 12-02-2025 0 3	0	3
How to process BOTS data? Hi everyone,I'm working with the botsv1 attack-only dataset and I need some guidance on how to approach a few SPL tas... by zakaria1996-cyb New Member in Splunk Search 11-29-2025 0 1	0	1
How to rename dynamic fields ? Hi All,Thanks in AdvanceI have a requirement we are onboarding CSV files that contain events. I am writing query to d... by karthi2809 Builder in Splunk Search 11-28-2025 0 4	0	4
Help Getting Grandparent Processes added to events I have an alert which filters process creation Windows logs. I'm attempting to add the grandparent process and comman... by dtaylor Path Finder in Splunk Search 11-27-2025 0 18	0	18
How get data for yesterday, last month on that day, and last year on that day I want o create a dashboard for my API response times and TPS for comparison between multiple timeframes. When ever s... by kuul13 Explorer in Splunk Search 11-26-2025 0 8	0	8
Alert Hi , I want to make an alert of all the indexes that are receiving 0 events in last 24 hr. Thanks by SN1 Path Finder in Splunk Search 11-25-2025 0 1	0	1
How to finetune subsearch I have below requirement. I am working on two types of events. Source 1 - From here I wanted to take employee email a... by NAGA4 Engager in Splunk Search 11-25-2025 0 2	0	2
Extraction does not take place in raw events This happens in one of newly installed 10.0.1 instances. The only data ingested is tutorialdata.zip from Splunk Tuto... by yuanliu SplunkTrust in Splunk Search 11-25-2025 0 3	0	3
Help with DNS Top 10, HTTP Traffic Volume by Day, and Time-Based Line Chart BOTSv1 Hi all,I’m working with the BOTSv1 dataset in Splunk and I’m trying to solve three tasks.I would appreciate some guid... by samaG02 Engager in Splunk Search 11-25-2025 0 2	0	2
Duplicated JSON fields on search Hello, I am running into the "common" issue of duplicated JSON fields. I use Splunk Enterprise 9.2, with an Universal... by john789789 Observer in Splunk Search 11-22-2025 0 4	0	4
Create a HEC Token For splunk Enterprise & Splunk Cloud via the PostMan Tool I ve came across a post where im trying to fetch the HEC Token via the REST API.When I tried that locally Im getting ... by PoojaDevi Loves-to-Learn Lots in Splunk Search 11-21-2025 0 4	0	4
Using Splunk to Analyze Web Traffic & Machine-Generated Data from External Content Sites I’ve been working with Splunk recently to improve the way we collect and analyze machine-generated data coming from v... by Joe_Hartzel Explorer in Splunk Search 11-21-2025 0 0	0	0
search to generate 5 sample events for lots of index/sourcetype pairs I need to provide feedback on ways logging formats could be improved.To that end, I'm trying to create a search that ... by esalesapns2 Communicator in Splunk Search 11-21-2025 0 3	0	3
Splunk forwader Can i get help with how i can download the older version of splunk forwader. The 9.0.5 specifically. It's not amongst... by ginagodwin New Member in Splunk Search 11-20-2025 0 3	0	3
Limits of events returned Hi guys, is there a limit of the number's events returned in splunk? I'm trying to run a query with inputlookup, but... by AleCanzo Explorer in Splunk Search 11-20-2025 0 5	0	5
Is there a way to determine the install date for Splunk universal forwarders? We are using SCCM to install Splunk Universal Forwarder in our organization and via our Deployment server, I can keep... by jwalzerpitt Influencer in Splunk Search 11-20-2025 3 2	3	2
Does the REST API allow to retrieve the XML source code of Classic Dashboards? I sometimes lose the source code of a dashboard, and therefore, I wonder if I can automatically take a backup of my d... by danielbb Motivator in Splunk Search 11-19-2025 0 2	0	2
DMP files are killing my drive!! Every 10 min DMP files and the text document are being created on my drive: C__Program Files_Splunk_bin_splunkd_exe_... by ethompso Explorer in Splunk Search 11-19-2025 1 6	1	6
How to find the file name of largest file using splunk query I have file name and file size.I would like to find largest file name.My query:<search>\| stats max(File_Size_MB) AS L... by Nithiya1 Explorer in Splunk Search 11-19-2025 0 3	0	3
OR statement with results from DBXquery Hopefully this makes some sense. I am working on a dashboard that pulls up activity when someone clicks on the detai... by DarthHerm Explorer in Splunk Search 11-17-2025 0 2	0	2
Using lookups to augment searches with additional filters I sometimes need to make some changes to my eventtype definitions.However, I do not actually want to edit the query i... by zapping575 Communicator in Splunk Search 11-17-2025 0 12	0	12
How to identify external IP addresses I am attempting to identify external IPs that are accessing our servers more than a given number of times each day in... by brandonmurphy New Member in Splunk Search 11-17-2025 0 8	0	8