Splunk Search

Community Activity

Multiple Timestamps - How to filter/select? Good day!I am currently working on a search which provides data from two different event types (connection informatio... by sarge338 Path Finder in Splunk Search 08-26-2025 0 5	0	5
Why do I see old data in my lookup table in a search head cluster? I have a lookup file in a particular app that I use to enrich data from a particular index. This file, lookup_file.cs... by laytonj76 Explorer in Splunk Search 08-26-2025 0 9	0	9
_time related... Hi, it might be very simple but i am missing somethingwhen i look at the _time value along with other fields in the s... by Raj_Splunk_Ing Path Finder in Splunk Search 08-25-2025 0 2	0	2
How does throttle work I wonder how the throttling works if the last pipeline of the search is to redirect the results to different tools/so... by lucas4394 Path Finder in Splunk Search 08-25-2025 0 2	0	2
Correlating DNS logs with HTTP logs within Zeek/Corelight Good day, I've been tasked with gathering a list of all users who've accessed an internal site over a couple months. ... by dtaylor Path Finder in Splunk Search 08-24-2025 0 3	0	3
Efficiently Search All Email Logs For Earliest Occurrence of Email Domain I'm building out a search to look through email logs. The main search is fine, but I'd like to add fields showing whe... by dtaylor Path Finder in Splunk Search 08-23-2025 0 3	0	3
Why Isn't My Search Job Expiring? The "Zombie" Job Theory Hi everyone,I'm looking for some help with a Splunk issue I recently encountered. A user's search job consumed a larg... by RookieSplunker Engager in Splunk Search 08-22-2025 0 4	0	4
Splunk UI is very slow I'm trying to learn Splunk and i installed the Splunk Free trial version 9.1.2I've been using this free version for o... by rsruthi48 Observer in Splunk Search 08-22-2025 0 3	0	3
Only execute if greater than or equal to x mins Hello looking for way to create an alert based off the difference between times and only execute if the time is great... by hl Path Finder in Splunk Search 08-20-2025 0 3	0	3
How to get distinct values and their counts from fields arrays I got a stream of events in a following format:[ { "name": "event 1" "attributes": ["a", "b"], }, { ... by karol Engager in Splunk Search 08-19-2025 0 2	0	2
Number of Conditions in case() Statement Is there a limit to the number of conditions we can use in a case() statement?I've reached a point where my ORs and A... by michaelsplunk1 Path Finder in Splunk Search 08-19-2025 1 4	1	4
Getting Ingestion data spanning 9 months Hi folks,We use Splunk Cloud Platform for our logging needs.We would like to know the following all for the last 9 mo... by sabbas Explorer in Splunk Search 08-18-2025 0 2	0	2
How to find highly recurring events Hello!We use Splunk cloud platform for logging.We wanted to know how we can find highly recurring events.We have many... by sabbas Explorer in Splunk Search 08-18-2025 0 3	0	3
Chart labels disappear when too small to display My specific situation concerns a bar chart, but I think it applies to all charts. When I have so many bars that the ... by helenashton Path Finder in Splunk Search 08-18-2025 1 8	1	8
how to route the data based on event filed Hi,I'm running a test setup with some live kubernetes data and I want to do the following indexer:1) Route all data m... by syaseensplunk Loves-to-Learn Lots in Splunk Search 08-17-2025 0 20	0	20
Append command is not working Hello Splunkers!!I want to combined both the queries by using append but it doesnot work. its always giving me only o... by uagraw01 Motivator in Splunk Search 08-17-2025 0 13	0	13
Query giving multiple results in the same field, how to parse? Doing a query on AD events for adding users to groups. There are 3 events, one for each type of group. 2 of them ar... by MacAllen Engager in Splunk Search 08-15-2025 0 2	0	2
Dashboard studio: join data from basesearch Dear expertsI'm trying to move old xml dashboards to Dashboard Studio. Now I'm running into issues with a join which ... by Ste Path Finder in Splunk Search 08-14-2025 0 6	0	6
Discrepancy in events count of metrics index Hi All, I need one help. I have created a savedsearch that writes data to metrics index. Timerange : -2m to -1mschedu... by Poojitha Communicator in Splunk Search 08-14-2025 0 3	0	3
Rex field from a field help Hello,I am terrible at Regex and am in need of help on rexing a field from another field. So an event snippet is:"In... by tdavison76 Path Finder in Splunk Search 08-13-2025 0 7	0	7
Calculate Ticket Counts for Each Shift Good day, I feel like this should be a simple problem, but I've looked at it too long and need some help. I have a CS... by dtaylor Path Finder in Splunk Search 08-13-2025 0 4	0	4
MLTK - What algorithm should I use? Hello,Here is what I have.Lookup file containing 52K rowsFields: DATE, USER, COUNTRequire forecasting user access, on... by genesiusj Builder in Splunk Search 08-13-2025 0 4	0	4
Fuzzy Match Between Two LARGE Lookups Hello,We have a lookup csv file: 1 million records (data1); and a kvstore: 3 million records (data2). We need to comp... by genesiusj Builder in Splunk Search 08-13-2025 0 8	0	8
Parsing a variable to a lookup command Dear Splunk gurusI am trying to get the lookup command to accept the lookup table name from a variable. Example: \| ev... by maigaard New Member in Splunk Search 08-12-2025 0 4	0	4
Change Column Color - Splunk Dashboard Good afternoon,I need help changing the colors of two columns in my <panel>.I need to change the colors of the "Value... by isac_santana Explorer in Splunk Search 08-12-2025 0 2	0	2