Splunk Search

Community Activity

	Rex field from a field help Hello,I am terrible at Regex and am in need of help on rexing a field from another field. So an event snippet is:"In... by tdavison76 Path Finder in Splunk Search 08-13-2025 0 7	0	7
	Calculate Ticket Counts for Each Shift Good day, I feel like this should be a simple problem, but I've looked at it too long and need some help. I have a CS... by dtaylor Path Finder in Splunk Search 08-13-2025 0 4	0	4
	MLTK - What algorithm should I use? Hello,Here is what I have.Lookup file containing 52K rowsFields: DATE, USER, COUNTRequire forecasting user access, on... by genesiusj Builder in Splunk Search 08-13-2025 0 4	0	4
	Fuzzy Match Between Two LARGE Lookups Hello,We have a lookup csv file: 1 million records (data1); and a kvstore: 3 million records (data2). We need to comp... by genesiusj Builder in Splunk Search 08-13-2025 0 8	0	8
	Parsing a variable to a lookup command Dear Splunk gurusI am trying to get the lookup command to accept the lookup table name from a variable. Example: \| ev... by maigaard New Member in Splunk Search 08-12-2025 0 4	0	4
	Change Column Color - Splunk Dashboard Good afternoon,I need help changing the colors of two columns in my <panel>.I need to change the colors of the "Value... by isac_santana Explorer in Splunk Search 08-12-2025 0 2	0	2
	Export splunk alerts Hi, I’m looking for a way to migrate Splunk cloud alerts (saved searches) from one environment to another.For my case... by sagarikamahalik New Member in Splunk Search 08-12-2025 0 1	0	1
	Need help in framing SPL query \| loadjob savedsearch="userid:search:hostslists"\| lookup lookupname Hostname as host OUTPUTNEW Hostname,IP\| eval Host... by RanjiRaje Explorer in Splunk Search 08-12-2025 0 5	0	5
	Counting occurences in aggregation by fields Hi community,I have a question on counting the number of events per values() value in stats command.For example havin... by RonaldCWWong Explorer in Splunk Search 08-10-2025 0 4	0	4
	Splunk alert when specific index SVC usage is too high or too low We currently have a search that shows a timeline graph of daily SVC usage by index. 10 of these indexes are our highe... by bwheelerice1 Loves-to-Learn Lots in Splunk Search 08-10-2025 0 6	0	6
	Power User cannot share saved searches despite having power role and having write permissions into their App We have a search app that a group of users are working from. All of the users have power role and we have given the p... by LOP22456 Explorer in Splunk Search 08-08-2025 0 6	0	6
	latest result hello i have a search and i want only latest result of this search . ok so the problem is for 1 DeviceName there are ... by SN1 Path Finder in Splunk Search 08-07-2025 0 11	0	11
	why field extraction doesn't work when defined as calculated field? I have this regex -^(?:[^ \\n]* ){7}(?P<src_host>[^ ]+)[^:\\n]:\\s+(?P<event_id>[a-f0-9]+:\\d+)(?:[^/\\n]/){2}(?P<d... by danielbb Motivator in Splunk Search 08-07-2025 0 1	0	1
	Where are the failures of sendemail logged in? Does anybody know where the failures of sendemail are being logged? I wonder about cases where the e-mail address no ... by danielbb Motivator in Splunk Search 08-06-2025 0 8	0	8
	Left join a table and a lookup to show matching and non-matching results Hi everyone!I am new with Splunk and probably this should be really easy for many of you. I am trying to left join a ... by Diana_a Explorer in Splunk Search 08-03-2025 0 3	0	3
	How to group the data by api name, date and various response times? I have tried to write a query that outputs the transaction counts, and response times but not sure how to group it by... by kuul13 Explorer in Splunk Search 08-01-2025 0 4	0	4
	Timestamp is extracted as none I have issue to transform data and extracting the fields value. Here is my sample data.2025-07-20T10:15:30+08:00 h1 t... by alvinsullivan01 Explorer in Splunk Search 08-01-2025 0 16	0	16
	Calculate avg of time values Hello All, Below is my dataset from a base query. How can i calculate the average value of the column ?Incidentavg_t... by neerajs_81 Builder in Splunk Search 07-31-2025 0 9	0	9
	srchFilter usage in backend with multiple roles We will create two indexes per application one for non_prod and one for prod logs in same splunk. They create 2 AD gr... by Karthikeya Communicator in Splunk Search 07-31-2025 0 29	0	29
	How do we reassign Knowledge Objects owned by a user to another user via api ? is it possible ? We have the "Reassign Knowledge Objects" option via SplunkCloud portal in the settings but is it possible to do it vi... by arvind_Sugajeev Explorer in Splunk Search 07-30-2025 0 5	0	5
	Hardcoded time parameters inside a search doesn't work with v9.4.3 Hello Splunkers,The hardcoded time parameters inside a simple search don't work with v9.4.3. It only takes the input... by Manjunathmuni Observer in Splunk Search 07-30-2025 0 9	0	9
	Can Splunk Federated Search be configured for bidirectional search? I want to configure Federated Search so that Deployment A can search Deployment B, and Deployment B can also search D... by meetmshah SplunkTrust in Splunk Search 07-30-2025 0 3	0	3
	Generate a list of users and assigned roles for them We are having multiple roles created in Splunk restricted by their index and users will be added to this role via AD ... by splunklearner Communicator in Splunk Search 07-29-2025 0 7	0	7
	Sort command not sorting as expected The Splunk documentation says that the order rule is lexicographic. I am trying to sort the following values:\| makere... by CyberAar Explorer in Splunk Search 07-29-2025 0 4	0	4
	Need to change the span based on hour of day Hello ,I am trying to change in the search itself to change the span in timechart. So if the hour is say greater tha... by wjrbrady Engager in Splunk Search 07-28-2025 0 12	0	12