I'm trying to use the python sdk to build a custom search command. In my commands.conf, I have "chunked = true" set. I should therefore be using version 2 of the search command language. In my python...
...ver 5 minutes to return from a simple lookup search.
ie. | localop |inputlookup session_kv | stats count
Runtime : 326 seconds.
This is running on a standalone hardware search head S...
Does Splunk have a command that could be used in the search field that would echo the response in the search results. It would operate similar to a Linux echo.
echo foo
> foo
Thanks
Hi,
How can I configure a Correlation Search in ES to add risk to 2 objects (src & dest)? I can only configure a Adaptive Response Action once from the drop down menu.
Savedsearches.conf s...
Hello, I'm a bit new to Splunk and I'm trying to run a query that shows me users in Active directory that are still enabled but haven't logged in for past 30 days. I've tried searching through ...
Using | stats count is often useful to do a quick test
| stats count | some search where you do not need event data
I wanted to use that mechanism/pattern in a macro that does modifications ...
Hi,
I"m running the Enterprise Security app and I"m facing the following issue:
Notable events or Incidents are created on the Search Head, and stored localy on it (in the "notable" index for i...
Hi, I downloaded (installed via Splunk GUI) and am testing out the GeoIP app on my 4.1.4 search head. I'm having an issue though. When I run a search against my proxy data I get no returned informa...
I have an IP (216.3.51.108) that I'm trying to geolocate, but the City and Region fields are returning as Null. When I geolocate using the Maxmind 'GeoIP2 City Database Demo', I get all the values I ...