Splunk Search

Community Activity

How to take output from base search and search in lookup for all rows? Hi I have a lookup having two fields\| inputlookup ID-Client-Lookup.csv \| fields ClientId ClientNameI have a base sear... by amitrinx Explorer in Splunk Search 03-22-2023 0 3	0	3
How to compare past 30 days vs today? I want to have a table or chart where I can see the failure % of the past 30 days, vs. today, and output the differen... by alakhotia Explorer in Splunk Search 03-22-2023 0 5	0	5
How to replace all "confusable" characters in field in data model? Hello, I am attempting to replace a large unwieldy macro with a data model. Part of the macro is a rex command that f... by jasmartin Explorer in Splunk Search 03-22-2023 0 4	0	4
How to filter logs with different and same fields? Hi. Subject is confusing so here goes. I have 3 log lines: org=A Status=Success org=A Status=Fail org=B Status=Succes... by nmayafit Path Finder in Splunk Search 03-22-2023 0 8	0	8
How to run multiple query based on condition? Hi Everyone, I am looking for idea to implement a case where subqueries will be run based on the user choice from c... by apand84 Engager in Splunk Search 03-21-2023 0 1	0	1
How to use values from outputlookup file? I created a outputlookup file with just one column ...My search \| table D_ID \| outputlookup Total.csv I want to use... by Mike6960 Path Finder in Splunk Search 03-21-2023 0 15	0	15
Migration Qradar data to Splunk Hey SMEs, Has anyone having any prior experience of migrating existing Qradar data to Splunk. Any docs or something u... by pm2012 Explorer in Splunk Search 03-21-2023 0 4	0	4
Why is transaction not working when finding time between events? I'm new to Splunk, so apologies if this is a silly question. I have a log file that reads: 2023-03-22 00:57:09,51... by algol2 Engager in Splunk Search 03-21-2023 0 3	0	3
Why does lookup file works for me but no on else? I have a .csv file that I have uploaded as a lookup file that works fine when I run a search. If I ask another user ... by just4bs New Member in Splunk Search 03-21-2023 0 2	0	2
How to find Network Traffic Outliers? Hello Everyone, I am trying to find outliers in connection duration on a specific subnet but having trouble getting t... by Hisae Engager in Splunk Search 03-21-2023 0 2	0	2
What are the differences between join and lookup? What are the big differences? by changwoo Communicator in Splunk Search 03-21-2023 1 5	1	5
Detecting CVE-2023-23397 in office content? CVE-2023-23397 is all the rage right now.Has anyone figured out a way to detect this in office content?I've checked a... by DaveBunn Path Finder in Splunk Search 03-21-2023 0 5	0	5
How to do a comparison with lookup? Hello everyone, I have events which contains such fields user1=..., user2=...., user3... etc And I have lookup which... by bosseres Contributor in Splunk Search 03-21-2023 0 3	0	3
How to remove weak ciphers? I am trying to pair down the list of ciphers we are using. When I remove AES256-GCM-SHA384 I begin to get the below ... by coreyCLI Communicator in Splunk Search 03-21-2023 0 4	0	4
How to extract a string from _raw? I have a string like below and unable to extract accuratly with rex command please suggest any alternative way. _raw... by avadhutha Explorer in Splunk Search 03-21-2023 0 2	0	2
How to extract the fields in json format? I am trying to extract the fields in json format. But not able to fetch the data.PFB screenshot for reference: not a... by vineela Path Finder in Splunk Search 03-21-2023 0 5	0	5
How to set an alert for high amount of events? Hello Splunkers, I would like to have to set an alert if a sudden high amount of events are received. I have this ba... by norbertt911 Communicator in Splunk Search 03-21-2023 0 7	0	7
How to calculate average of specific fields? Hi,I am formatting data as required and getting it in below format. Now I want to calculate average of only highlight... by Ashwini008 Builder in Splunk Search 03-21-2023 0 4	0	4
How to update a lookuptable? So I couldn't find anything in splunk community that answers my question about pushing an update to a lookup table. I... by Abass42 Communicator in Splunk Search 03-20-2023 0 3	0	3
Bulk-deleting expired search jobs? Hello, We have an application pulling search results from a scheduled search using Splunk API periodically, but encou... by w564432 Explorer in Splunk Search 03-20-2023 0 2	0	2
How to calculate field to replace value of field? Hello - I have a table with the following:host HOSTFQDNDNS_NAMEHOST_MATCHINDEXhostalphahosta.mydomain.comhostafalsein... by jason_hotchkiss Communicator in Splunk Search 03-20-2023 0 2	0	2
How to extract field between double quotes using rex? Hi all, I have the following events source_host=lioness1 source_host_description="This is the main server" source_hos... by MaratD Explorer in Splunk Search 03-20-2023 0 7	0	7
Search same index & source to get total of all & single value for top 10? Individually these searches work: ```#1 sum all values in field repeat_count in all threat logs that are M,H,C severi... by TerryM Engager in Splunk Search 03-20-2023 0 5	0	5
How to create the Splunk query Search? Hello Splunkers!! I have mentioned below query and from the below query I want a results as shown below in the excel.... by uagraw01 Motivator in Splunk Search 03-20-2023 0 8	0	8
How to export raw events instead of statistics? Hi,I have a query which gives a table of results. Now instead of exporting the table, I need to export the raw events... by Woodpecker Path Finder in Splunk Search 03-20-2023 0 3	0	3