I apologize if the following question might be a bit basic. But I'm confused with the results. When I append the following code into the "search" line, it returns a shortened l...
...re 270 results returned and when I check the 'Sourcetype' field on the left it does show that all 270 events are now in the new Sourcetype - ba.com:authentication:dob
However, when I click on t...
I recently enabled Splunk tokens (using SAML authentication) and am able to successfully execute basic API calls (such as the one below).
curl -H "Authorization: Bearer <token>" -X G...
Hi splunk community, I feel like this is a very basic question but I couldn't get it to work. I want to search my index for the last 7 days and want to group my results by hour of the day. So t...
hi I use a basicsearch which returns results by site | stats count(x) as x, count(y) as y by site In a lookup I have also a site list | inputlookup site.csv...
...pp, count
When I run the search I do get some results but the src_details_combined and dest_details_combined fields always return as "notfound" - even though I know the IPs should m...
...xpected results.
While logged into the search head, when I search for data specific to data hosted by Indexer01, I receive the expected results. However, when I search for data hosted by I...
...creenshot of the searchresults when I just searched for "60286da6ca69eb29". I want to find that "record" via "RayID=60286da6ca69eb29". And really, I just want that record, that starts with the RayID f...
...s enabled. In this scenario for correlation searches the tstats command looks into the tsidx file to get the searchresults. My question here is how Splunk scans multiple indexes in my case the d...