Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to Convert dbxlookup results of one to many

genesiusj
Builder
‎07-01-2022 05:15 AM

Hello,

Trying to find an efficient way to take the results from a dbxlookup - where a single userID would bring back more than one record, -  into multiple multiple row output.

Example: I have a list of 10 userIDs and run a dbxlookup against a d/b containing login/logout times. I want to see how many times each userID logged in/out, as well as their first login/out of the month, and their most recent login/out.

I will supply my SPL shortly, but I wanted to see if anyone might have experienced this issue in the past and has a solution.

Thanks and God bless,
Genesius

Labels (1)
Labels
Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...