Splunk Search

Discussions

Thread Info

Efficiently Expanding Multiple Multi-Value Fields Using mvexpand in Splunk

Hello Splunkers !!How can I efficiently use the mvexpand command to expand multiple multi-value fields, considering i...

by Motivator in

create report if price values are different

this is my log i need a report like below: where I can see price difference in a single report. I don't...

by Path Finder in

How can I remove latitude and longitude values while hovering over map and instead display the address of location on the map?

I am using Splunk Cloud 6.5.0 version. How can i remove latitude and longitude values while hovering over map and dis...

by New Member in

Autoformat and search results similar to "48a4.93b9.xxxx OR 48:a4:93:b9:xx:xx OR 48-a4-93-b9-xx-xx"

Hello. This search returns zero results, but a manual "OR" search shows results. I cannot find the reason (neither ...

by Explorer in

what is wrong with these evals....

Hi, I have this search query where i aggregate using the stats and sum by few fields... When I run the query in spl...

by Path Finder in

Can I set up a PS4 Game Session Timer and Notification?

Hi I want to know how long and when either of two games are being played on the PS4 or a laptop and be notified vi...

by Observer in

make a table for a csv

Hi my data is comma delimited , there are 2 rows with a header. I'fd like the columns to be split by the comma int...

by Loves-to-Learn in

Data not showing on map

Hello, I have lookup file uploaded and now I want to see the data, I am not able to see it on map , I can see the det...

by Explorer in

How to modify a dashboard

Hi, i'm searching for a way to modify my app/dashboard to be able to modify the entries of a table (such as delete/du...

by Explorer in

Fields from lookup with Join missing

I have a query that detects missing systems. the lookup table has fields System, Location, responsible.I am trying t...

by Explorer in

Is there a way to be more efficient in writing this query - Regex/Wildcard/Substitution question

I have the below query I've written - I am used to SQL, SPL is still new to me. I feel like there has to be some way ...

by New Member in

Issue with Dropping Events via props.conf and transforms.conf

Hi Splunk Community, We’re currently trying to drop specific logs using props.conf and transforms.conf, but our con...

by Engager in

support for fill-forward or "last observation carried forward"

Does splunk support fill-forward or "last observation carried forward".I want to create a daily based monitoring.One ...

by Explorer in

There is a way to send some fileds of an alert to a kvs lookup?

Hi, this is my first interaction with Splunk Community so be patient please  I'm trying to output some fields fr...

by Explorer in

Need a query to find count of substring within string

I need a query that will tell me the count of a substring within a string like this ... "This is my [string]" and I...

by Observer in

Events with duplicate field extractions

Good afternoon, I have a monitoring architecture with three nodes with the Splunk Enterprise product. One node acts...

by Explorer in

URL aggregation in splunk query

Hello Everyone, Below is my splunk query: index="my_index" uri="*/experience/*" | stats count as hits by uri ...

by Path Finder in

Find searches that reference indexes that no longer exist

Hi, I'm trying to clean up an old splunk cloud instance. one thought that occurred to me is find scheduled searches...

by Engager in

Skipped search error on CMC | The maximum number of concurrent running jobs.....on this cluster has been reached

Hi Team, I have been observing 1 skipped search error indicating on my CMC. Error is -"The maximum number of concur...

by Explorer in

need demo of PKI Spotlight Add-on for Splunk

by New Member in

transaction command rows for large dataset

Here is my code: index=example sourcetype=wineventlog computer_name="example"| transaction computer_name startswith...

by Engager in

Problems with adding multi-value field through /var/spool/splunk

Hi Fellow Splunkers,How can I add multi-value field (array) directly to the index through `/var/spool/splunk`.I tried...

by Splunk Employee in

install splunk uba

opt/caspida/bin/Caspida setuphadoop ...............................Failed to run sudo -u hdfs hdfs namenode -format >...

by Explorer in

Grouping IP subnet and also show the IPs that it has grouped

I currently have this to group IPs into subnets and list the counts, I want it to also show the IP it has listed aswe...

by Observer in

tstats query taking very long time to execute

Hi everyone!I am working on building a dashboard which captures all the firewall, Web proxy, EDR, WAF, Email, DLP blo...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Efficiently Expanding Multiple Multi-Value Fields Using mvexpand in Splunk

create report if price values are different

How can I remove latitude and longitude values while hovering over map and instead display the address of location on the map?

Autoformat and search results similar to "48a4.93b9.xxxx OR 48:a4:93:b9:xx:xx OR 48-a4-93-b9-xx-xx"

what is wrong with these evals....

Can I set up a PS4 Game Session Timer and Notification?

make a table for a csv

Data not showing on map

How to modify a dashboard

Fields from lookup with Join missing

Is there a way to be more efficient in writing this query - Regex/Wildcard/Substitution question

Issue with Dropping Events via props.conf and transforms.conf

support for fill-forward or "last observation carried forward"

There is a way to send some fileds of an alert to a kvs lookup?

Need a query to find count of substring within string

Events with duplicate field extractions

URL aggregation in splunk query

Find searches that reference indexes that no longer exist

Skipped search error on CMC | The maximum number of concurrent running jobs.....on this cluster has been reached

need demo of PKI Spotlight Add-on for Splunk

transaction command rows for large dataset

Problems with adding multi-value field through /var/spool/splunk

install splunk uba

Grouping IP subnet and also show the IPs that it has grouped

tstats query taking very long time to execute

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions