Splunk Search

Community Activity

	Remove string from field using REX or Replace I have a field, where all values are pre-fixed with "OPTIONS-IT\". I would like to remove this, but not sure on the b... by smcdonald20 Path Finder in Splunk Search 07-22-2025 0 6	0	6
	Create new fields using values from another field I have a field called key. key has multivalues that are also dynamic. I have another field called values, that is als... by bt149 Path Finder in Splunk Search 07-22-2025 0 5	0	5
	How to add division line on the scatter chart Hello everyone. I want to add line as division line on the scatter chart. I'd like to know which values are in speci... by jenny_life Path Finder in Splunk Search 07-21-2025 0 7	0	7
	Splunk user last login Time through LDAP I have a requirement where I want to see all users and their last login time, we are connected through Ldap so settin... by Nawab Communicator in Splunk Search 07-21-2025 0 3	0	3
	Is there a way to group the data by time and another field? I was able to write a query that group by api (msgsource) to show the response times, but I am trying to see if I can... by kuul13 Explorer in Splunk Search 07-20-2025 0 6	0	6
	input lookup Hi All,I have an input lookup file with 2 fields first filed contains some path and the second filed is an httpcode ... by tkrprakash Loves-to-Learn Lots in Splunk Search 07-17-2025 0 2	0	2
	Best Search Performance when adding filtering of events to query I am looking for the best way in terms of performance when adding filtering of certain events for security rules. Nor... by Na_Kang_Lim Path Finder in Splunk Search 07-17-2025 0 6	0	6
	How do you use the Database Connect Alert Action? Hello,I have Database Connect setup and it's working all fine. But I can't wrap my head around how the Alert Action w... by Andre_ Path Finder in Splunk Search 07-17-2025 0 8	0	8
	Sum of Multivalue (list) Items Given this search result:Company A Visa 15 MC 5 ... by OliverG91 Explorer in Splunk Search 07-16-2025 0 4	0	4
	SOCKS proxy traffic Hi everyone and thanks in advance.I'm trying to collate all our SOCKS traffic on our network over the last 90 days.Ou... by NorthropGrumman New Member in Splunk Search 07-16-2025 0 4	0	4
	Splitting an event into multiple events to conform to a data model I have events already in an index looking like this:{<!-- --> "location": "Paris", "temperature": 25, "humidity": 57}I ... by thierry Splunk Employee in Splunk Search 07-15-2025 0 10	0	10
	strptime() returning UNIX epoch time adjusted by timezone Hi everyone.I'm trying to link my dashboard to a separate platform and the url of this new platform needs to contain ... by pedropiin Path Finder in Splunk Search 07-14-2025 0 2	0	2
	Why history command only shows my searches, not searches run by all users? I want to see all the searches that are run on Splunk server in a given time by different users. I am using the “\|His... by ashari Explorer in Splunk Search 07-14-2025 0 5	0	5
	loadjob command not working I have a need to share high level metrics (via tstats) from a couple of indexes that a few of my teammates do not hav... by kaeleyt Path Finder in Splunk Search 07-14-2025 0 4	0	4
	Need help with running Rest API to pull results of a Splunk query to a third party server I am running a rest APi basically curl to query Splunk for results and export them to the server. below is my api qu... by Navanitha Path Finder in Splunk Search 07-14-2025 0 2	0	2
	Create table from nested array of json objects that includes lookup value I have an event that looks as follows:{ "app_name": "my_app", "audit_details": { "audit": { ... by tomporterfield Explorer in Splunk Search 07-14-2025 0 3	0	3
	Eval token to be used inside panel Hi everyone.I have a panel that contains a list of links to other dashboards. I need to create a new list item with a... by pedropiin Path Finder in Splunk Search 07-14-2025 0 8	0	8
	Correlating two events based on extracted field values There is a process I'm trying to track. It starts by generating a single event. Then asynchronously a second event is... by Ted-Splunk Engager in Splunk Search 07-13-2025 0 4	0	4
	how to do a match field between index and summary index Finding match TraceID Without using a SubSearch since there is a limit of 10000 resultsindex="xxxx" field.type="xxx" OR index=Summary_index... by Cheng2Ready Communicator in Splunk Search 07-11-2025 0 3	0	3
	Convert Regex to Detect Internal Domains This may not be the best place to ask given my issue isn't technically Splunk related, but hopefully I can get some h... by dtaylor Path Finder in Splunk Search 07-11-2025 0 7	0	7
	Issue with NetFlow v9 Templates Not Received by Splunk Stream – Flows Being Dropped Hi Splunk Community,I'm currently integrating Flowmon ndr as a NetFlow data exporter to Splunk Stream, but I’m encoun... by kn450 Explorer in Splunk Search 07-11-2025 0 3	0	3
	add new fieldname to empty and also filled csv lookup Hi,I have a variety of CSV lookup tables and have to add a field to each of these tables. The CSV files are used by s... by mfleitma Explorer in Splunk Search 07-11-2025 0 9	0	9
	Sometimes searches are not running on iPad Hi, we use iPads in our production area to display Splunk dashboards. The dashboards are classic ones with enhanced J... by haph Path Finder in Splunk Search 07-11-2025 0 8	0	8
	Evaluate now() function stored in token Hi everyone.I have a token called "schedule_dttm" that has two attributes: "earliest" and "latest". By default, "sche... by pedropiin Path Finder in Splunk Search 07-10-2025 0 2	0	2
	Sourcetype Missing for Tag Member Hello Splunk Community. I'd like to use a query to find a host which is a member of a tag group and has 0 events for ... by CyberSamurai Engager in Splunk Search 07-10-2025 0 12	0	12