Hi,
Can someone please help me with a query to find Long DNS sessions?
For anyone to help, you will need to give sample data, or at least let people know which data log your Splunk is searching. And what is "long"? What defines a "session" in your data? (Keep in mind that this is a Splunk forum. Not everyone deals with the same set of data or even remotely familiar with your application.)