Splunk Search

Community Activity

	make a table for a csv Hi my data is comma delimited , there are 2 rows with a header. I'fd like the columns to be split by the comma int... by Soonerseast Loves-to-Learn in Splunk Search 06-13-2025 0 3	0	3
	Data not showing on map Hello, I have lookup file uploaded and now I want to see the data, I am not able to see it on map , I can see the det... by rishabhpatel20 Explorer in Splunk Search 06-13-2025 0 2	0	2
	How to modify a dashboard Hi, i'm searching for a way to modify my app/dashboard to be able to modify the entries of a table (such as delete/du... by AleCanzo Explorer in Splunk Search 06-13-2025 0 2	0	2
	Fields from lookup with Join missing I have a query that detects missing systems. the lookup table has fields System, Location, responsible.I am trying t... by cdevoe57 Path Finder in Splunk Search 06-12-2025 0 8	0	8
	Is there a way to be more efficient in writing this query - Regex/Wildcard/Substitution question I have the below query I've written - I am used to SQL, SPL is still new to me. I feel like there has to be some way ... by ripvw32 Explorer in Splunk Search 06-12-2025 0 5	0	5
	Issue with Dropping Events via props.conf and transforms.conf Hi Splunk Community,We’re currently trying to drop specific logs using props.conf and transforms.conf, but our config... by Cybers1 Engager in Splunk Search 06-11-2025 0 5	0	5
	support for fill-forward or "last observation carried forward" Does splunk support fill-forward or "last observation carried forward".I want to create a daily based monitoring.One ... by Kemark Explorer in Splunk Search 06-11-2025 0 10	0	10
	There is a way to send some fileds of an alert to a kvs lookup? Hi, this is my first interaction with Splunk Community so be patient please  I'm trying to output some fields from a... by AleCanzo Explorer in Splunk Search 06-11-2025 0 3	0	3
	Need a query to find count of substring within string I need a query that will tell me the count of a substring within a string like this ..."This is my [string]" and I ne... by caschmid Observer in Splunk Search 06-10-2025 0 5	0	5
	Events with duplicate field extractions Good afternoon,I have a monitoring architecture with three nodes with the Splunk Enterprise product. One node acts as... by cfernaca Explorer in Splunk Search 06-10-2025 0 4	0	4
	URL aggregation in splunk query Hello Everyone,Below is my splunk query:index="my_index" uri="/experience/" \| stats count as hits by uri \| sort -h... by super_edition Path Finder in Splunk Search 06-09-2025 0 7	0	7
	Find searches that reference indexes that no longer exist Hi,I'm trying to clean up an old splunk cloud instance. one thought that occurred to me is find scheduled searches th... by dashe Engager in Splunk Search 06-09-2025 0 3	0	3
	Skipped search error on CMC \| The maximum number of concurrent running jobs.....on this cluster has been reached Hi Team,I have been observing 1 skipped search error indicating on my CMC. Error is -"The maximum number of concurren... by mchoudhary Explorer in Splunk Search 06-09-2025 0 2	0	2
	need demo of PKI Spotlight Add-on for Splunk by jcm New Member in Splunk Search 06-06-2025 0 2	0	2
	transaction command rows for large dataset Here is my code:index=example sourcetype=wineventlog computer_name="example"\| transaction computer_name startswith="e... by N3gativeSpace Engager in Splunk Search 06-05-2025 0 3	0	3
	Problems with adding multi-value field through /var/spool/splunk Hi Fellow Splunkers,How can I add multi-value field (array) directly to the index through `/var/spool/splunk`.I tried... by orpiczy Splunk Employee in Splunk Search 06-05-2025 0 1	0	1
	install splunk uba opt/caspida/bin/Caspida setuphadoop ...............................Failed to run sudo -u hdfs hdfs namenode -format >... by kn450 Explorer in Splunk Search 06-05-2025 0 1	0	1
	Grouping IP subnet and also show the IPs that it has grouped I currently have this to group IPs into subnets and list the counts, I want it to also show the IP it has listed aswe... by anlePRH Observer in Splunk Search 06-05-2025 0 3	0	3
	tstats query taking very long time to execute Hi everyone!I am working on building a dashboard which captures all the firewall, Web proxy, EDR, WAF, Email, DLP blo... by mchoudhary Explorer in Splunk Search 06-05-2025 0 6	0	6
	How to efficiently match events to lookup with wildcards across multiple fields (prefer most specific match)? I'm working with a CSV lookup that contains multiple fields which may include wildcard (*) values.The lookup is stru... by tomapatan Contributor in Splunk Search 06-05-2025 0 1	0	1
	How to apply role based filtering on Splunk Cloud Platform Hello folks,We use Splunk cloud platform (managed by Splunk) for our logging system. We want to implement role based ... by sabbas Explorer in Splunk Search 06-04-2025 0 1	0	1
	Why Splunk search jobs stuck at "finalizing job" status for few days? Symptoms: It usually happen in the next couple of hours after we manually deleted the stuck search jobs It only happ... by sdubey_splunk Splunk Employee in Splunk Search 06-04-2025 0 3	0	3
	The xpath command does not work with XML prolog header lines (e.g. ) The xpath command does not work if the XML event contains valid prolog header lines (https://www.w3schools.com/xml/xm... by yeahnah Motivator in Splunk Search 06-03-2025 0 2	0	2
	search results different between splunk UI/portal and splunk API Hi,I have this very simple splunk search query and i was able to run in splunk search portal or UI and I am using the... by Raj_Splunk_Ing Path Finder in Splunk Search 06-03-2025 0 10	0	10
	eval to handle 2 scenarios Hi, I have this field in this format and i am using eval to convert but sometimes there is an extra space in itafter ... by Raj_Splunk_Ing Path Finder in Splunk Search 06-03-2025 0 7	0	7