Splunk Search

Discussions

Thread Info

How to integrate Splunk with Heroku?

Hi, I want to use Splunk for logs for Heroku apps. How to integrate Splunk with Heroku. Can you please help me wit...

by Loves-to-Learn in

Splunk says bundle directory contains a large lookup file in .delta file but the .delta file does not contain a large lookup

Hi all, We receive the warning : The current bundle directory contains a large lookup file that might cause bundle re...

by Explorer in

How to compare today vs last week same hour stats and give percentage?

I have this working query which needs some additional detailing.index=_internal earliest=-1h@h latest=@h| lookup api ...

by Explorer in

How to compare today hourly stats and previous week same day hourly stats?

is there a way to alert an email if today's hourly stats are 25% higher than the previous week same day hourly stats?

by Communicator in

How to enable drilldown for only one column in the table of multiple fields?

Hi,Can someone suggest me on how to enable drilldown for specific column .For example ,if i have 5 columns and i have...

by Explorer in

How to take output from base search and search in lookup for all rows?

Hi I have a lookup having two fields| inputlookup ID-Client-Lookup.csv | fields ClientId ClientNameI have a base sear...

by Explorer in

How to compare past 30 days vs today?

I want to have a table or chart where I can see the failure % of the past 30 days, vs. today, and output the differen...

by Explorer in

How to replace all "confusable" characters in field in data model?

Hello, I am attempting to replace a large unwieldy macro with a data model. Part of the macro is a rex command that f...

by Explorer in

How to filter logs with different and same fields?

Hi. Subject is confusing so here goes. I have 3 log lines: org=A Status=Success org=A Status=Fail org=B Stat...

by Path Finder in

How to run multiple query based on condition?

Hi Everyone, I am looking for idea to implement a case where subqueries will be run based on the user choice from c...

by Engager in

How to use values from outputlookup file?

I created a outputlookup file with just one column ...My search | table D_ID | outputlookup Total.csv I wa...

by Path Finder in

Migration Qradar data to Splunk

Hey SMEs, Has anyone having any prior experience of migrating existing Qradar data to Splunk. Any docs or somet...

by Explorer in

Why is transaction not working when finding time between events?

I'm new to Splunk, so apologies if this is a silly question. I have a log file that reads: 2023-0...

by Engager in

Why does lookup file works for me but no on else?

I have a .csv file that I have uploaded as a lookup file that works fine when I run a search. If I ask another user ...

by New Member in

How to find Network Traffic Outliers?

Hello Everyone, I am trying to find outliers in connection duration on a specific subnet but having trouble gettin...

by Engager in

What are the differences between join and lookup?

What are the big differences?

by Communicator in

Detecting CVE-2023-23397 in office content?

CVE-2023-23397 is all the rage right now.Has anyone figured out a way to detect this in office content?I've checked a...

by Path Finder in

How to do a comparison with lookup?

Hello everyone, I have events which contains such fields user1=..., user2=...., user3... etc And I have lookup...

by Contributor in

How to remove weak ciphers?

I am trying to pair down the list of ciphers we are using. When I remove AES256-GCM-SHA384 I begin to get the below ...

by Communicator in

How to extract a string from _raw?

I have a string like below and unable to extract accuratly with rex command please suggest any alternative way. _...

by Explorer in

How to extract the fields in json format?

I am trying to extract the fields in json format. But not able to fetch the data.PFB screenshot for reference: ...

by Path Finder in

How to set an alert for high amount of events?

Hello Splunkers, I would like to have to set an alert if a sudden high amount of events are received. I have t...

by Communicator in

How to calculate average of specific fields?

Hi,I am formatting data as required and getting it in below format. Now I want to calculate average of only highlight...

by Builder in

How to update a lookuptable?

So I couldn't find anything in splunk community that answers my question about pushing an update to a lookup table. I...

by Communicator in

Bulk-deleting expired search jobs?

Hello, We have an application pulling search results from a scheduled search using Splunk API periodically, but en...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to integrate Splunk with Heroku?

Splunk says bundle directory contains a large lookup file in .delta file but the .delta file does not contain a large lookup

How to compare today vs last week same hour stats and give percentage?

How to compare today hourly stats and previous week same day hourly stats?

How to enable drilldown for only one column in the table of multiple fields?

How to take output from base search and search in lookup for all rows?

How to compare past 30 days vs today?

How to replace all "confusable" characters in field in data model?

How to filter logs with different and same fields?

How to run multiple query based on condition?

How to use values from outputlookup file?

Migration Qradar data to Splunk

Why is transaction not working when finding time between events?

Why does lookup file works for me but no on else?

How to find Network Traffic Outliers?

What are the differences between join and lookup?

Detecting CVE-2023-23397 in office content?

How to do a comparison with lookup?

How to remove weak ciphers?

How to extract a string from _raw?

How to extract the fields in json format?

How to set an alert for high amount of events?

How to calculate average of specific fields?

How to update a lookuptable?

Bulk-deleting expired search jobs?

OpenTelemetry for Legacy Apps? Yes, You Can!

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

.conf25 Community Recap

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions