Hi,
So i have this search:
| tstats prestats=true count WHERE index=*_ot (source="*sgre*" OR o_wp="*sgre*") AND (source="*how02*" OR o_wp="*how02*") BY _...
Running 9.0.x now, and I'm getting messages about kvstore issues on indexers, etc. I understand I can disable kvstore on some systems, but not all. Where do I need it upgraded to wiredTiger and where...
I am trying to build my own kvstore geo data, so far i can run | inputlookup geobeta
| where endIPNum >= 1317914622 and startIPNum <= 1317914622
| table latitude,longitude
That returns: l...
When I use my code, I can see this error. " Error in 'where' command : The operator at ',127.542 - 0.001' is invalid. The problem code is this. | where time >= $max_value$ - 0.001 When I...
In a recent "Splunk Enterprise 9.0 Data Administration" class, the documentation says that Ingest Actions should be implemented on a Deployment Server. Am I correct that this only refers to Ing...
...tilsateur, DC=abc, DC=def I need to filter the events where OU=Admin or OU=Utilisateurs and DC=abc So i am doing this in my search after the stats | where match(ObjectD,"OU=Admin|OU=Utilisateurs),D...
I'm going to upgrade Splunk Enterprise to version 8.2.10, as per the instruction https://advisory.splunk.com/advisories/SVD-2023-0209.
However, I can not find the downloading of version 8.2.10...
...andom value 1"))) as value_1,
count(eval(match(_raw, "random value 2"))) as value_2
by source
| where value_1 > 0 AND value_2 > 0
| table source
And t...
I have a 10GB Dev Licence including ITSI: Splunk Developer Personal License DO NOT DISTRIBUTE (with ITSI). How can I download ITSI? Where can I get the download link?