Splunk Search

Community Activity

	Matching a substring with a lookup field Hello wonderful SplunkersI know we can have a WILDCARD match in a lookup where we can match a key to a wildcard in th... by nabeel652 Builder in Splunk Search 09-23-2025 0 6	0	6
	How to exclude traffic with src_ip or dest_ip using lookup file Hi,I’m building a search on the Network_Traffic datamodel to detect high outbound flows (>1 GB).I need to exclude a l... by imst27 Loves-to-Learn Lots in Splunk Search 09-22-2025 0 1	0	1
	How do I add the total count of all events in each row ? Here is what I haveNow I want to add a new column like this eval nullPercent = round((nullCount/total)*100, 2) where ... by Ombessam Path Finder in Splunk Search 09-22-2025 0 4	0	4
	Splunk Alert Am having issue with a Splunk alert triggering for daily snapshot of aws account ids. The alert is suppose to trigger... by whitecat001 Explorer in Splunk Search 09-19-2025 0 2	0	2
	Find logs where key/value pair is equal to the same key/value pair in another log. I’m trying to find logs where requestId value is equal to requestId value in another logTrying to find logs like this... by caschmid Observer in Splunk Search 09-18-2025 0 4	0	4
	Average time in multivalue field HelloI have a two multivalue fields: poiMv (point of interest) and timeMv as a result of a transaction command. Both ... by Walter_Oesch Observer in Splunk Search 09-15-2025 0 2	0	2
	timechart in Dashboard Studio does not show all data Dear ExpertsMy search: index="pm-azlm_internal_prod_events" sourcetype="azlmj" [\| inputlookup pm-azlm-reg-ocp-tea... by Ste Path Finder in Splunk Search 09-15-2025 0 2	0	2
	mstats with Splunk_TA_Nix Hello experts, I have a dashboard in simple xml that shows single number charts which reflect, by host and applicatio... by rdhdr Explorer in Splunk Search 09-13-2025 0 1	0	1
	Unknown Root Cause of Error Error in my results query: Unable to distribute to peer named 10.245.11.153 at uri=10.245.11.153:8089 using the uri-... by JHFRDANALYSIS Engager in Splunk Search 09-12-2025 0 1	0	1
	How to get all logs with appropriate filter? I need to get historical logs from splunk between a time interval more specifically between two dates. When I do not ... by sselias Engager in Splunk Search 09-12-2025 0 4	0	4
	How to use lookup and multivalue field together Hello All, I have a multivalue field which contains domain names (for this case, say it is in field named emailDomain... by vikashumble Explorer in Splunk Search 09-11-2025 0 3	0	3
	Problem in using append to combine correlation rules I am building a correlation search in Splunk ES Cloud 8 using multiple detections combined with append. Each subsearc... by pt Engager in Splunk Search 09-11-2025 0 2	0	2
	How to Silently Drop Events to nullQueue While Logging Skipped Event Metadata to a File in a Custom TA I am building a custom Technology Add-on (TA) where I need to silently drop specific events using nullQueue but also ... by asees Explorer in Splunk Search 09-09-2025 0 5	0	5
	Dashboard Studio display time range in markdown Using Splunk Enterprise 9.4I have created a data source name TimeRange with the SPL Query:\| makeresults \| addinfo \| e... by Wooly Explorer in Splunk Search 09-08-2025 0 1	0	1
	User could not act as admin in splunk Hi Team, We are seeing error like"user could not act as admin in splunk" for the Rest API call "/servicesNS/admin/... by msunilreddy New Member in Splunk Search 09-05-2025 0 3	0	3
	skip step in foreach Hi, any help, please?Here is the code\| makeresults \| eval tmp_1=1\| eval tmp_2=""\| eval tmp_3=3\| eval tmp=""\| foreach ... by spisiakmi Contributor in Splunk Search 09-05-2025 0 4	0	4
	Detection: Kerberos User Enumeration Hey All,Recently, while browsing through Splunk’s official research site, I came across a SPL (Search Processing Lang... by rafalpachulski Engager in Splunk Search 09-04-2025 0 4	0	4
	JSON Extraction of Values and Fields Logs Using SPATH or rex Hello. I've been trying for days now and can't make the following work. Let me show you what I have.My search looks l... by JossPRG Engager in Splunk Search 09-01-2025 0 5	0	5
	Using event count with a table Hi all,Here is my current search:source=health.log REGION=region1 STATE=down TYPE=type1What I want to do: I want the ... by thisemailwillbe Explorer in Splunk Search 08-29-2025 0 2	0	2
	events correlation rules hi,how to correlate event with event correlation rule ? so, how can i write a correlation rule ?Thanks a lot by trazomtg New Member in Splunk Search 08-29-2025 0 5	0	5
	Deleting historical logs Is there a commonly accepted most efficient method of deleting logs? Occasionally I'll have a use case for deleting l... by Joey3848 Loves-to-Learn in Splunk Search 08-28-2025 0 12	0	12
	IF alternatives Is there an alternative to IF(<condition>, <true>, <false>) ? I ask because I've got a couple dozen conditions to get... by spm807 Explorer in Splunk Search 08-27-2025 0 2	0	2
	UNION just like SQL.... Hi, I think i am in the right way to use the union concept in splunk search query but wanted to confirm I have 6 diff... by Raj_Splunk_Ing Path Finder in Splunk Search 08-27-2025 0 14	0	14
	Field extraction discrepancy between Prod and Dev We are seeing a large discrepancy in field extraction counts between our Prod and Dev environments for sourcetype=xxx... by koyachi Explorer in Splunk Search 08-27-2025 0 1	0	1
	Search to show mismatches in a version field Hello,The table below are the results from a REST query that shows the installed Apps/TA's from various servers (4 in... by TheJagoff Communicator in Splunk Search 08-27-2025 0 6	0	6