I am looking for SPL which we can check the who can update the whitelist in lookup table and also the what changes are done , compare with previous one.
Thanks,
Sahil
We are using Splunk Enterprise 9.0.1 OnPrem, with SplunkAppforLookupFileEditing version 3.6.0. We need to get a user to modify a column in a lookup, so we give him access and capabilities t...
Hello, We have upgraded Lookupeditor app to latest version but looks like there is a bug when editingthelookup. When I am changing some thing in lookup and try to save lookup those changes are n...
...bxquery query=" SELECT * from Table_Test"
the scheduled report for summary index will add something like this: summaryindex spool=t uselb=t addtime=t index="s...
Our splunk implementation has SERVERNAME as a preset field, and there are servers in different locations, but there is no location field. How can I count errors by location? I envision something l...
Hello Splunkers,
I keep getting the error message "Could not load lookup=LOOKUP-app_proto" in multiple apps on multiple dashboards. I have checked settings and neither thelookupfile or d...
...indexers. Without thelookup command, the query takes 3 seconds to complete over 17 million events. With lookup added, it takes an extra 165 seconds for some reason with the accelerators turned on....
...EnterpriseSecuritySuite) from etc/shcluster/apps to etc/apps folder Ran the upgrade command – (/opt/splunk/bin/splunkinstallapp ./splunk-enterprise-security_620.spl -update 1) Ran the essinstall command as per theinstall...