Splunk Search

Community Activity

How to search freetext after a join? I'm looking for a way to search for freetext after a join.It is easy when the field is known. For instance, there is ... by Konrad_Schlude Explorer in Splunk Search 03-23-2023 0 3	0	3
Is there a way to export raw logs from specific time? I have a specific source type and hosts that I want to export the raw logs for the past 24h is there a way to do that... by tb582 Explorer in Splunk Search 03-23-2023 0 10	0	10
Regex- Help with extracting field Can someone please help me in extracting the field Specific_DL_Testing from the below sample log. instance of the "\S... by Dayalss Engager in Splunk Search 03-23-2023 0 9	0	9
How to join two tables with different rows but same columns? Hello amazing community! I'm now stuck with a problem that most probably has a really simple solution  I have a tab... by PeterGian Engager in Splunk Search 03-23-2023 0 3	0	3
How to calculate median, avg for total results? hey, I need to build a report, that contains approx 500 thousand events. the requirement is that the report will con... by badbuda Loves-to-Learn Lots in Splunk Search 03-23-2023 0 6	0	6
How to get logs to show fieldnames Hi everyone!I'm still fairly new to Splunk so sorry if it is a simple question.I have some logs that does not show th... by NJ Path Finder in Splunk Search 03-22-2023 0 7	0	7
How to integrate Splunk with Heroku? Hi, I want to use Splunk for logs for Heroku apps. How to integrate Splunk with Heroku. Can you please help me with i... by nikita29 Loves-to-Learn in Splunk Search 03-22-2023 0 6	0	6
Splunk says bundle directory contains a large lookup file in .delta file but the .delta file does not contain a large lookup Hi all, We receive the warning : The current bundle directory contains a large lookup file that might cause bundle re... by fboeje Explorer in Splunk Search 03-22-2023 0 6	0	6
How to compare today vs last week same hour stats and give percentage? I have this working query which needs some additional detailing.index=_internal earliest=-1h@h latest=@h\| lookup api ... by DougiieDee Explorer in Splunk Search 03-22-2023 0 1	0	1
How to compare today hourly stats and previous week same day hourly stats? is there a way to alert an email if today's hourly stats are 25% higher than the previous week same day hourly stats? by mikeyty07 Communicator in Splunk Search 03-22-2023 0 5	0	5
How to enable drilldown for only one column in the table of multiple fields? Hi,Can someone suggest me on how to enable drilldown for specific column .For example ,if i have 5 columns and i have... by knanaiah001 Explorer in Splunk Search 03-22-2023 0 5	0	5
How to take output from base search and search in lookup for all rows? Hi I have a lookup having two fields\| inputlookup ID-Client-Lookup.csv \| fields ClientId ClientNameI have a base sear... by amitrinx Explorer in Splunk Search 03-22-2023 0 3	0	3
How to compare past 30 days vs today? I want to have a table or chart where I can see the failure % of the past 30 days, vs. today, and output the differen... by alakhotia Explorer in Splunk Search 03-22-2023 0 5	0	5
How to replace all "confusable" characters in field in data model? Hello, I am attempting to replace a large unwieldy macro with a data model. Part of the macro is a rex command that f... by jasmartin Explorer in Splunk Search 03-22-2023 0 4	0	4
How to filter logs with different and same fields? Hi. Subject is confusing so here goes. I have 3 log lines: org=A Status=Success org=A Status=Fail org=B Status=Succes... by nmayafit Path Finder in Splunk Search 03-22-2023 0 8	0	8
How to run multiple query based on condition? Hi Everyone, I am looking for idea to implement a case where subqueries will be run based on the user choice from c... by apand84 Engager in Splunk Search 03-21-2023 0 1	0	1
How to use values from outputlookup file? I created a outputlookup file with just one column ...My search \| table D_ID \| outputlookup Total.csv I want to use... by Mike6960 Path Finder in Splunk Search 03-21-2023 0 15	0	15
Migration Qradar data to Splunk Hey SMEs, Has anyone having any prior experience of migrating existing Qradar data to Splunk. Any docs or something u... by pm2012 Explorer in Splunk Search 03-21-2023 0 4	0	4
Why is transaction not working when finding time between events? I'm new to Splunk, so apologies if this is a silly question. I have a log file that reads: 2023-03-22 00:57:09,51... by algol2 Engager in Splunk Search 03-21-2023 0 3	0	3
Why does lookup file works for me but no on else? I have a .csv file that I have uploaded as a lookup file that works fine when I run a search. If I ask another user ... by just4bs New Member in Splunk Search 03-21-2023 0 2	0	2
How to find Network Traffic Outliers? Hello Everyone, I am trying to find outliers in connection duration on a specific subnet but having trouble getting t... by Hisae Engager in Splunk Search 03-21-2023 0 2	0	2
What are the differences between join and lookup? What are the big differences? by changwoo Communicator in Splunk Search 03-21-2023 1 5	1	5
Detecting CVE-2023-23397 in office content? CVE-2023-23397 is all the rage right now.Has anyone figured out a way to detect this in office content?I've checked a... by DaveBunn Path Finder in Splunk Search 03-21-2023 0 5	0	5
How to do a comparison with lookup? Hello everyone, I have events which contains such fields user1=..., user2=...., user3... etc And I have lookup which... by bosseres Contributor in Splunk Search 03-21-2023 0 3	0	3
How to remove weak ciphers? I am trying to pair down the list of ciphers we are using. When I remove AES256-GCM-SHA384 I begin to get the below ... by coreyCLI Communicator in Splunk Search 03-21-2023 0 4	0	4