Splunk Search

Community Activity

events correlation rules hi,how to correlate event with event correlation rule ? so, how can i write a correlation rule ?Thanks a lot by trazomtg New Member in Splunk Search 08-29-2025 0 5	0	5
Deleting historical logs Is there a commonly accepted most efficient method of deleting logs? Occasionally I'll have a use case for deleting l... by Joey3848 Loves-to-Learn in Splunk Search 08-28-2025 0 12	0	12
IF alternatives Is there an alternative to IF(<condition>, <true>, <false>) ? I ask because I've got a couple dozen conditions to get... by spm807 Explorer in Splunk Search 08-27-2025 0 2	0	2
UNION just like SQL.... Hi, I think i am in the right way to use the union concept in splunk search query but wanted to confirm I have 6 diff... by Raj_Splunk_Ing Path Finder in Splunk Search 08-27-2025 0 14	0	14
Field extraction discrepancy between Prod and Dev We are seeing a large discrepancy in field extraction counts between our Prod and Dev environments for sourcetype=xxx... by koyachi Explorer in Splunk Search 08-27-2025 0 1	0	1
Search to show mismatches in a version field Hello,The table below are the results from a REST query that shows the installed Apps/TA's from various servers (4 in... by TheJagoff Communicator in Splunk Search 08-27-2025 0 6	0	6
Index Health and Welfare Tstats count I am trying to run a daily report that tells me all the indexes that have had 0 events in the past 24 hours. From oth... by RobK700000 Engager in Splunk Search 08-27-2025 0 3	0	3
Multiple Timestamps - How to filter/select? Good day!I am currently working on a search which provides data from two different event types (connection informatio... by sarge338 Path Finder in Splunk Search 08-26-2025 0 5	0	5
Why do I see old data in my lookup table in a search head cluster? I have a lookup file in a particular app that I use to enrich data from a particular index. This file, lookup_file.cs... by laytonj76 Explorer in Splunk Search 08-26-2025 0 9	0	9
_time related... Hi, it might be very simple but i am missing somethingwhen i look at the _time value along with other fields in the s... by Raj_Splunk_Ing Path Finder in Splunk Search 08-25-2025 0 2	0	2
How does throttle work I wonder how the throttling works if the last pipeline of the search is to redirect the results to different tools/so... by lucas4394 Path Finder in Splunk Search 08-25-2025 0 2	0	2
Correlating DNS logs with HTTP logs within Zeek/Corelight Good day, I've been tasked with gathering a list of all users who've accessed an internal site over a couple months. ... by dtaylor Path Finder in Splunk Search 08-24-2025 0 3	0	3
Efficiently Search All Email Logs For Earliest Occurrence of Email Domain I'm building out a search to look through email logs. The main search is fine, but I'd like to add fields showing whe... by dtaylor Path Finder in Splunk Search 08-23-2025 0 3	0	3
Why Isn't My Search Job Expiring? The "Zombie" Job Theory Hi everyone,I'm looking for some help with a Splunk issue I recently encountered. A user's search job consumed a larg... by RookieSplunker Engager in Splunk Search 08-22-2025 0 4	0	4
Splunk UI is very slow I'm trying to learn Splunk and i installed the Splunk Free trial version 9.1.2I've been using this free version for o... by rsruthi48 Observer in Splunk Search 08-22-2025 0 3	0	3
Only execute if greater than or equal to x mins Hello looking for way to create an alert based off the difference between times and only execute if the time is great... by hl Path Finder in Splunk Search 08-20-2025 0 3	0	3
How to get distinct values and their counts from fields arrays I got a stream of events in a following format:[ { "name": "event 1" "attributes": ["a", "b"], }, { ... by karol Engager in Splunk Search 08-19-2025 0 2	0	2
Number of Conditions in case() Statement Is there a limit to the number of conditions we can use in a case() statement?I've reached a point where my ORs and A... by michaelsplunk1 Path Finder in Splunk Search 08-19-2025 1 4	1	4
Getting Ingestion data spanning 9 months Hi folks,We use Splunk Cloud Platform for our logging needs.We would like to know the following all for the last 9 mo... by sabbas Explorer in Splunk Search 08-18-2025 0 2	0	2
How to find highly recurring events Hello!We use Splunk cloud platform for logging.We wanted to know how we can find highly recurring events.We have many... by sabbas Explorer in Splunk Search 08-18-2025 0 3	0	3
Chart labels disappear when too small to display My specific situation concerns a bar chart, but I think it applies to all charts. When I have so many bars that the ... by helenashton Path Finder in Splunk Search 08-18-2025 1 8	1	8
how to route the data based on event filed Hi,I'm running a test setup with some live kubernetes data and I want to do the following indexer:1) Route all data m... by syaseensplunk Loves-to-Learn Lots in Splunk Search 08-17-2025 0 20	0	20
Append command is not working Hello Splunkers!!I want to combined both the queries by using append but it doesnot work. its always giving me only o... by uagraw01 Motivator in Splunk Search 08-17-2025 0 13	0	13
Query giving multiple results in the same field, how to parse? Doing a query on AD events for adding users to groups. There are 3 events, one for each type of group. 2 of them ar... by MacAllen Engager in Splunk Search 08-15-2025 0 2	0	2
Dashboard studio: join data from basesearch Dear expertsI'm trying to move old xml dashboards to Dashboard Studio. Now I'm running into issues with a join which ... by Ste Path Finder in Splunk Search 08-14-2025 0 6	0	6