We have indexed access logs into index="mpsapp", When we do a stats search or filter any records for these data for a particular month, it's extremely slow (took more than 1.5 hours for first query)....
I have a search like this:
index= foo earliest=-3d |rex field=summary "(?{.*)" | spath input=json_data |stats count by Version | search Version < 30401942 |sort -Version.
it reads abou...
Hi Splunkers,
I have the events getting ingested as below:
timestamp patch_version
hostname
Now,I want to create one lookup csv named 'PatchDate' which contains columns with values
...
Hi,
I have the query below which involves 2 joins. I know joins are not the best way but I'm a Splunk noob and there is a bit of time pressure 🙂
The top section before the "=======" works fine....