Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
33 results
Sorted by:
06-07-2017
10:50 AM
...ollowing:
06/01/2017 09:23:45 server1 I am broken Unknown Unknown
06/01/2017 10:11:34 server2 I am not well Unknown Unknown
It looks like the Time-based...
10-25-2019
12:40 PM
I have a CSV lookup table with a field that contains latest_event and the value is in format "12/25/2019 12:10" (%m/%d/%Y %H:%M) and the time zone is CST. I am comparing latest_event filed with s...
- Tags:
- splunk-enterprise
2 weeks ago
02-06-2018
12:07 PM
I'm trying to configure a time-based lookup (temporal lookup) but it doesn't seem to be working as expected. Any advice would be great. Thanks! I'm using the Expiration field to configure time-based...
11-04-2014
10:23 AM
...MI:WinEventLog:Security" | lookup activeusers user (based on: http://stratumsecurity.com/2012/07/03/splunk-security/)
I also tried:
| inputlookup users.csv | search search sourcetype="W...
08-22-2012
10:40 AM
6 Karma
In a lookup file, how can I configure more than one time-based fields (ex. start_date , update_date , expire_date )?
Within this doc for configuring field lookups it appears to say that only o...
- Tags:
- lookup
12-03-2020
06:28 AM
01-27-2023
03:28 PM
Hello Splunk experts,
I would like to simplify some complex SPL queries that search for certain events and apply tags to them according to various business rules based on both keyword searching a...
Labels
- Labels:
-
development
-
using Splunk Enterprise
04-07-2016
02:38 PM
1 Karma
...ommand, it generates two warnings "Script for lookup table 'LOOKUP NAME' returned error code 47. Results may be incorrect." And the same with error code 1.
Based on other threads here, I tried r...
02-24-2015
07:48 AM
3 Karma
...s time-based. Once you've defined the lookup table, you can invoke the lookup in a search (using the lookup command) or you can configure the lookup to occur automatically.
