I am running following query in Splunk
index=appName build=xyz logLevel=ERROR | timechart span=1d count As value.
if there are any events, then it will return the data in the following c...
...roups of events that would have pairs with the start and end of each node selection/release. In the above example I would want to retrieve 2 complete pairs: 1) The events at 14:33:23 and 14:34:1...
Hi Splunkers.
I am trying to retrieve Windows event logs from and endpoint using a universal forwarder.
Having problems doing this where the log location contains a hyphen in the path/name.
N...
...leartext, only metadata about it.
0 SPLUNK_ARG_0 Script name
1 SPLUNK_ARG_1 Number of events returned
2 SPLUNK_ARG_2 Search terms
3 SPLUNK_ARG_3 Fully qualified query string
4 S...
hi I use this search in order to retrieve events between 9h and 17h Now I also want to catch the events only between the monday and the friday How to do this please? `C...
Hi,
I have a scenario where I need to check if a customer has placed an order when he has been offered an offer.
So suppose there are total 100 customers who has been offered a particular offer...
...in span 15 duration | stats dc(userid) as Users by duration But this isn't quite doing what I want it to do. And, I also get events where there's no duration.
...oom: 28 2021-05-21 16:34:08 UserId:123 Exit Room: 25 2021-05-21 16:33:59 UserId:123 Go To Room: 28 2021-05-21 16:33:52 UserId:123 Exit Room: 23 How should I go about this to retrieve the events...
Hello I use the search below in order to display the list of HOSTNAME which have a SITE field that matches | inputlookup lookup_cmdb
| search HOSTNAME= aaa
OR HOSTNAME= bbb
...
How do I pass an event's field value into a subsearch to retrieve another field?
At the moment, I can't use join because the records at the other sourcetype racks up to millions. Due to l...