Splunk Search

Discussions

Thread Info

Help request for Streamed search execute failed

My current splunk search stops after 5 errors of "Streamed search execute failed because: Error in 'rex' command: ". ...

by Observer in

Mask sensitive info with SEDCMD

I am attempting to mask sensitive information using SEDCMD. However, it does not seem to take effect. I've run btoo...

by Path Finder in

Line Chart Overlay based on previous month and previous month-1

Hi, I would like to compare the data of the previous month to the month before (i.e. now its October, so the defaul...

by Path Finder in

sequential or execution in join (or simulating join)

Hi, I'm in Splunk since August after 20 years working in SQL, a lot of new things and I need help. I've a daily c...

by Engager in

search query - categorizing results based on a field

Hi, bit new to splunk, looking for suggestions on one of my search queries: Here's some sample events that I receiv...

by New Member in

Creating Field from Inputlookup

Hello.I'm trying to create a field for all events in a search. The field is a value from a inpulookup. There is no sh...

by Explorer in

Error in 'eval' command: The expression is malformed. An unexpected character is reached at ') , user)'. Help Please

I have a search running fine by itself, index=indexA user=ABC123 | where isnotnull(USER_NAME_FROM_ACEE) | t...

by Communicator in

UX question about login page community.splunk.com

Hi All, one question related to community.splunk.com login page.. so on the login page, we get username textbox, a...

by SplunkTrust in

AnomaliDetection does not detect outlier data

In the below dataset, there are two different ISPs for the user from their usual ones.NordVPN for John and Quadranet ...

by Explorer in

Adding avg and changing min to minutes

Ill start off i am newer to splunk.... I am using the following search index=server source="WinEvent" Event...

by Explorer in

I can`t get more than 10.000 results in a join command

Hi, I would like to know if there is some way to create a query where I can get more than 10.000 results when I used ...

by Explorer in

How to line up 2 reports

Hello Splunk Community, I have 2 reports trying to combine into 1. The fields are different to each other. Say Repo...

by Communicator in

Is there a way to do a NOT IN search

something like; [search index= myindex source=server.log earliest=-360 latest=-60 "

by Path Finder in

How to pass a field value from one search to another search?

Hi All, I'm extremely new to Splunk and have been tasked to do the following: Perform a query against one host (S...

by Explorer in

WinEventLog input xmlRegex modifier -- When did THIS become available?

I've been on the struggle bus with WinEventLog blacklist entries this week and stumbled upon the new xmlRegex modifie...

by Builder in

Splunk Alert Create alert based on count over past time frame

Hi Splunk Community I need some assistance with a Splunk alert, the search result provides exactly what I require ...

by Explorer in

How show 0 when not result

I need show any value in every minute, but I only get value > 0Search:| tstats count WHERE index=XXXXX C_TXN_A IN (1,...

by Explorer in

How to set a backup TCPOUT group in Outputsconf

Hi, From my understanding, the param `defaultGroup` under the stanza `[tcpout]` in `outputs.conf` can be set to a c...

by Builder in

need help in order to compare 2 columns and display one related field

Hi, I'm Alex from Franceas almost everyone here, I need some splunk guru ^^ fields computer and user are in index1,...

by New Member in

Join two indexes based on substring match

Hi, I am struggling with joining two indexes based on substring match.I have following indexes : index1 :having f...

by Explorer in

How to use events only from 'active' host?

I have 2 different data set: 1. host and prevStatus field with IDLE value 2. server (same values as host) and ser...

by Path Finder in

Join by time range

Hi all, Possible to join 2 search results like following? Set 1: _time field1 field2 field3 (com...

by Communicator in

If I use more than 6 times append command in query the Chart command shows incorrect result

I ran the below query, index=s sourcetype=S_1 | search Gene="dow" OR Gene="x" OR Gene="ari" OR Gene="lia" OR Ge...

by Explorer in

Regex replace field text

Hello everyone, I was wondering if this kind of search is possible. I want to replace the text from my search which...

by Path Finder in

ML query to detect categorial outlier per field per day comparing with other day statistics

Hello All, I am trying to find categorial outlier for all the emails sent from our environment with respect to its ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Help request for Streamed search execute failed

Mask sensitive info with SEDCMD

Line Chart Overlay based on previous month and previous month-1

sequential or execution in join (or simulating join)

search query - categorizing results based on a field

Creating Field from Inputlookup

Error in 'eval' command: The expression is malformed. An unexpected character is reached at ') , user)'. Help Please

UX question about login page community.splunk.com

AnomaliDetection does not detect outlier data

Adding avg and changing min to minutes

I can`t get more than 10.000 results in a join command

How to line up 2 reports

Is there a way to do a NOT IN search

How to pass a field value from one search to another search?

WinEventLog input xmlRegex modifier -- When did THIS become available?

Splunk Alert Create alert based on count over past time frame

How show 0 when not result

How to set a backup TCPOUT group in Outputsconf

need help in order to compare 2 columns and display one related field

Join two indexes based on substring match

How to use events only from 'active' host?

Join by time range

If I use more than 6 times append command in query the Chart command shows incorrect result

Regex replace field text

ML query to detect categorial outlier per field per day comparing with other day statistics

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions