Splunk Search

Discussions

Thread Info

Splunk Answers Content Calendar May 2025!

Hello Splunk Community! Welcome to another week of fun curated content as a part of our Splunk Answers Community C...

by Community Manager in

Can Splunk Federated Search be configured for bidirectional search?

I want to configure Federated Search so that Deployment A can search Deployment B, and Deployment B can also search D...

by Builder in

srchFilter usage in backend with multiple roles

We will create two indexes per application one for non_prod and one for prod logs in same splunk. They create 2 AD gr...

by Communicator in

Generate a list of users and assigned roles for them

We are having multiple roles created in Splunk restricted by their index and users will be added to this role via AD ...

by Communicator in

Sort command not sorting as expected

The Splunk documentation says that the order rule is lexicographic. I am trying to sort the following values:| makere...

by Engager in

Need to change the span based on hour of day

Hello , I am trying to change in the search itself to change the span in timechart. So if the hour is say greater ...

by Engager in

Mule Cloudhub integration with Splunk Cloud

We are looking for feasible to integrate with Mule Cloudhub with Splunk Cloud directly for logs ingestion. Please sug...

by New Member in

Need help in framing SPL query

| loadjob savedsearch="userid:search:hostslists" | lookup lookupname Hostname as host OUTPUTNEW ...

by Explorer in

Hardcoded time parameters inside a search doesn't work with v9.4.3

Hello Splunkers,The hardcoded time parameters inside a simple search don't work with v9.4.3. It only takes the input...

by Observer in

Percentage of devices using an IPv6 address versus an IPv4 address.

I have devices using a specific v4 address range and a specific v6 address range. I'd like to get the percent of devi...

by New Member in

Splunk query - lookup utilization

Hello all, I am working on an Splunk query which suppose to filter some logs by utilizing data from lookup. Consider ...

by Explorer in

Giving access to Single Shared Summary index for multiple app teama

Sorry for everyone that I am posting multiple posts for my issue. Just summarising everything here.. please help me w...

by Communicator in

Restrict search command usage (rest in particular)

I am looking to restrict the use of certain search commands for particular users / roles. In particular I would like ...

by Path Finder in

How to filter a list of timestamps less than _time

I need to filter a list of timestamps which are less than _time. this works: | makeresults count=1 | eval tim...

by Communicator in

Delete existing summary index and move its data to new summary index

Before one week I created a summary index named waf_opco_yes_summary and it is working fine. Now they asked to change...

by Communicator in

Eval multiple services in single query

I am attempting to run a query that will find the status fo 3 services and list which ones are failed and which ones ...

by Explorer in

How can I get the time difference between multiple events to know the time it took per process?

I am trying to find the time taken by our processes. I wrote a basic query that fetch a start, end time, and the diff...

by Explorer in

How to improve readability with template formatted log messages in Splunk search?

I have a dotnet application logging template formatted log messages with serilog library and since everything is in J...

by Engager in

Creating a Hierarchical Search

Hello! I have the following query with the provided fields to track consumption data for customers. action=load O...

by Engager in

table view using spl

{ "abcdxyz" : { "transaction" : "abcdxyz" , ...

by Loves-to-Learn Lots in

How to default stats to zero when no rows returned?

I have a query similar to the one below. index = "idx" source = "mysource" |spath path=myField output=res|stats ...

by Explorer in

Color cell from table conditionally on comparison between values

Hi everyone,I'm working on a dashboard that's comparing two different applications. One of the tables has their perfo...

by Path Finder in

Skipped search - The maximum number of concurrent running jobs for this historical scheduled search on this cluster has

Hi Team,I have been getting a skipped search notification in my CMC overview under Health from quite some time.It is ...

by Explorer in

How to pass multiselect token values from main dashboard A to drilldown dashboard B

Hi, I have a simple multi-select filter as below on my main dashboard. <input type="multiselect" token="projects"...

by Builder in

Remove string from field using REX

I am trying to remove a field which has a suffix of sophos_event_input after the username. Example Username_Field ...

by Explorer in

Joining records in a table

I have an audit table with before and after records of changes made to a user table. So every time an update is made ...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Splunk Answers Content Calendar May 2025!

Can Splunk Federated Search be configured for bidirectional search?

srchFilter usage in backend with multiple roles

Generate a list of users and assigned roles for them

Sort command not sorting as expected

Need to change the span based on hour of day

Mule Cloudhub integration with Splunk Cloud

Need help in framing SPL query

Hardcoded time parameters inside a search doesn't work with v9.4.3

Percentage of devices using an IPv6 address versus an IPv4 address.

Splunk query - lookup utilization

Giving access to Single Shared Summary index for multiple app teama

Restrict search command usage (rest in particular)

How to filter a list of timestamps less than _time

Delete existing summary index and move its data to new summary index

Eval multiple services in single query

How can I get the time difference between multiple events to know the time it took per process?

How to improve readability with template formatted log messages in Splunk search?

Creating a Hierarchical Search

table view using spl

How to default stats to zero when no rows returned?

Color cell from table conditionally on comparison between values

Skipped search - The maximum number of concurrent running jobs for this historical scheduled search on this cluster has

How to pass multiselect token values from main dashboard A to drilldown dashboard B

Remove string from field using REX

Joining records in a table

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Splunk Developers: Go Beyond the Dashboard with These .Conf25 Sessions

Index This | How do you write 23 only using the number 2?

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions