Splunk Search

Ask a Question

Discussions

Thread Info

Events with duplicate field extractions

Good afternoon, I have a monitoring architecture with three nodes with the Splunk Enterprise product. One node acts...

by Explorer in

URL aggregation in splunk query

Hello Everyone, Below is my splunk query: index="my_index" uri="*/experience/*" | stats count as hits by uri ...

by Path Finder in

Find searches that reference indexes that no longer exist

Hi, I'm trying to clean up an old splunk cloud instance. one thought that occurred to me is find scheduled searches...

by Engager in

Skipped search error on CMC | The maximum number of concurrent running jobs.....on this cluster has been reached

Hi Team, I have been observing 1 skipped search error indicating on my CMC. Error is -"The maximum number of concur...

by Explorer in

need demo of PKI Spotlight Add-on for Splunk

by New Member in

transaction command rows for large dataset

Here is my code: index=example sourcetype=wineventlog computer_name="example"| transaction computer_name startswith...

by Engager in

Problems with adding multi-value field through /var/spool/splunk

Hi Fellow Splunkers,How can I add multi-value field (array) directly to the index through `/var/spool/splunk`.I tried...

by Splunk Employee in

install splunk uba

opt/caspida/bin/Caspida setuphadoop ...............................Failed to run sudo -u hdfs hdfs namenode -format >...

by Explorer in

Grouping IP subnet and also show the IPs that it has grouped

I currently have this to group IPs into subnets and list the counts, I want it to also show the IP it has listed aswe...

by Observer in

tstats query taking very long time to execute

Hi everyone!I am working on building a dashboard which captures all the firewall, Web proxy, EDR, WAF, Email, DLP blo...

by Explorer in

How to efficiently match events to lookup with wildcards across multiple fields (prefer most specific match)?

I'm working with a CSV lookup that contains multiple fields which may include wildcard (*) values.The lookup is stru...

by Contributor in

How to apply role based filtering on Splunk Cloud Platform

Hello folks, We use Splunk cloud platform (managed by Splunk) for our logging system. We want to implement role bas...

by Explorer in

Why Splunk search jobs stuck at "finalizing job" status for few days?

Symptoms: It usually happen in the next couple of hours after we manually deleted the stuck search jobs It only ha...

by Splunk Employee in

The xpath command does not work with XML prolog header lines (e.g. <?xml version="1.0"?>)

The xpath command does not work if the XML event contains valid prolog header lines (https://www.w3schools.com/xml/xm...

by Motivator in

search results different between splunk UI/portal and splunk API

Hi,I have this very simple splunk search query and i was able to run in splunk search portal or UI and I am using the...

by Path Finder in

eval to handle 2 scenarios

Hi, I have this field in this format and i am using eval to convert but sometimes there is an extra space in it aft...

by Path Finder in

Waiting for queued jobs to start

We are getting this particular error Waiting for queued jobs to start for most of our customers. When they click on m...

by Communicator in

Role Based filtering to mask JWT tokens and Emails

Hello folks, We use Splunk cloud platform for our logging system. I was trying to use the Search Filter under the R...

by Explorer in

Help me with splunk query to monitor CPU and Memory utilized by splunk adhoc and alert searches

by New Member in

What is tstats and why is so much faster than stats?

Why is | tstats count where index=* by sourcetype so much faster than index=* | stats count by sourcetype ...

by Champion in

How can i export a list of all services in APM

I am trying to get a list of all services that are in APM. The APM usage report does not provide the name and only pr...

by New Member in

How do you list Index, sourcetype and source using the REST command?

Hi, I am working to list all the index with underlying sourcetypes and sources in it. For which I am currently ...

by Builder in

comparing the data of lookup with index data and extrcat the info from Index

index=*sap sourcetype=FSC*| fields _time index Eventts ID FIELD_02 FIELD_01 CODE ID FIELD* source| rex field=index "^...

by Contributor in

Splunk search is not working in Splunk Cloud platform

Hi Team,On May 20th, we successfully migrated from Splunk On-Prem to Splunk Cloud. We have a scheduled search that ru...

by Loves-to-Learn Everything in

unable to sort the month fields chronological instead of alphabetically in output

Hi Everyone!I wrote a search query to get the blocked count of emails for last 6months and below is my query- |...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Events with duplicate field extractions

URL aggregation in splunk query

Find searches that reference indexes that no longer exist

Skipped search error on CMC | The maximum number of concurrent running jobs.....on this cluster has been reached

need demo of PKI Spotlight Add-on for Splunk

transaction command rows for large dataset

Problems with adding multi-value field through /var/spool/splunk

install splunk uba

Grouping IP subnet and also show the IPs that it has grouped

tstats query taking very long time to execute

How to efficiently match events to lookup with wildcards across multiple fields (prefer most specific match)?

How to apply role based filtering on Splunk Cloud Platform

Why Splunk search jobs stuck at "finalizing job" status for few days?

The xpath command does not work with XML prolog header lines (e.g. <?xml version="1.0"?>)

search results different between splunk UI/portal and splunk API

eval to handle 2 scenarios

Waiting for queued jobs to start

Role Based filtering to mask JWT tokens and Emails

Help me with splunk query to monitor CPU and Memory utilized by splunk adhoc and alert searches

What is tstats and why is so much faster than stats?

How can i export a list of all services in APM

How do you list Index, sourcetype and source using the REST command?

comparing the data of lookup with index data and extrcat the info from Index

Splunk search is not working in Splunk Cloud platform

unable to sort the month fields chronological instead of alphabetically in output

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions