Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Search
Splunk Community
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
7,415 results
Sort by:
02-29-2024
01:56 AM
...ntermediate forwarder, so sometimes I can see data ingested by an HF coming from another HF). What about data sent not with a Splunk agent/host? For example, suppose I have this flow: Log source w...
Labels
11-17-2023
01:15 AM
Hi, I would like to ask a question regarding the lookups table. I am managing logs about login and I want to be sure that on a specific host you can access only with a specific IP address, o...
Labels
- Labels:
-
lookup
01-11-2021
01:04 PM
Hey guys I've been having trouble finding documentation about removing indexed data. After looking through the "meta woot!" app I saw my hosts were growing a few thousand a day and my estreamer a...
Labels
- Labels:
-
host
06-26-2019
01:09 PM
...hem if they go down. We've created this search so far to accomplish this:
sourcetype=tandem* "Host is OFFLINE" OR "Host is ONLINE"
| rex field=Text "Host is (?P\w+)"
| stats latest(Status) as S...
07-18-2022
01:04 PM
...eturns a count of 1.
|inputlookup file.csv | join type=left host [|tstats count by host]
About a dozen hosts return counts; the rest return null values.&n...
Show results in replies (9)
-
In order to show the hosts where there is no data, your search should look like | tstats count w...
-
...ay too many hosts, but I can search for them directly using the same syntax (i.e. index=* and s...
-
...he correct number of hosts but around 10% then erroneously return 0 events. E.g. | t...
-
You should not do dedup - that's wrong. The whole point of stats is to do the aggregation of hosts...
-
...uery look for all hosts in the default indexes and joins those results with the lookup file. Hosts...
-
...ny lower case hosts in there any more
-
...ndex=* by host But it doesn't include hosts from the lookup that have no events, which I want t...
-
...0% of hosts showing up with different-case duplicates - one with appropriate event counts, and one w...
-
...esults I expect. The only zero hosts now are true zeros. Success! You're the best! Thanks so much for s...
07-14-2023
01:58 PM
...urrently active but was not active before... Query 1: index=anIndex sourcetype=aSourceypte earliest=-17m@m latest=-2m@m | rex field=_raw "^(?:[^,\n]*,){2}(?P<LoginUserID>\w+\.\w+)" | dedup host L...
05-05-2021
03:48 AM
Hi, I successfully created an SPL that does what I need for a single host but I cannot get it to work for all hosts. This works index=<my_index> host=<specific_host> s...
08-15-2014
09:48 AM
1 Karma
I want to check the Splunk forwarder versions of about 70-90 hosts. Is there any way to do this? Is it possible from the deployment server or search head?
06-28-2022
05:37 AM
Hi, Unfortunately I inherited a Splunk deployment where the previous admin co-located multiple roles to one Splunk host. The admin put Deployment Server, SHC Deployer, and M...
Labels
