Hello everyone, I'm working on a project ''Splunk Enterprise: An organization's go-to in detecting cyber threats'' please how/where can I get datasets and logs that I will use for my project.
From 8.2.x, i get always the window for EXPLORE SPLUNK ENTERPRISE always open, also if i CLOSE it. In previous version (7+), when i closed it in Launcher app, instance set it as closed until i re-o...
Hi! I try to accelerate only one dataset in datamodel with multiple datasets. How i can do it through datamodel.conf or in web ui? In webui i cant choose acceleration in edit drilldown(
I'm totally and utterly new to splunk. Just ran the dockerhub sample, and followed the instructions: https://hub.docker.com/r/splunk/splunk/
I opened the search tab and most search commands s...
In the documentation on dataset literals there is an example query:
FROM
[
{ state: "Washington", abbreviation: "WA", population: 7535591 },
{ state: "California", abbreviation: "CA", population: 3...
Hello im newbie with Splunk search Can you please help me I have HF request which return: -AAA datetime_of_change -BBB datetime_of_change Every halfhour i get the same dataset from DB to I...
...xisting lookup if that is possible.
Or perhaps there is a better way of combining the information without using transaction at all.
The downside of the dataset is that transactions can occur o...
Hello all,
I have a search technique I've been using to compare smaller sets of data, to find the difference, however I'm running into the subsearch limit with a new set of data. I'm hoping s...