Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
29 results
Sorted by:
06-07-2017
10:50 AM
...ollowing:
06/01/2017 09:23:45 server1 I am broken Unknown Unknown
06/01/2017 10:11:34 server2 I am not well Unknown Unknown
It looks like the Time-based...
10-25-2019
12:40 PM
I have a CSV lookup table with a field that contains latest_event and the value is in format "12/25/2019 12:10" (%m/%d/%Y %H:%M) and the time zone is CST. I am comparing latest_event filed with s...
- Tags:
- splunk-enterprise
02-06-2018
12:07 PM
I'm trying to configure a time-based lookup (temporal lookup) but it doesn't seem to be working as expected. Any advice would be great. Thanks! I'm using the Expiration field to configure time-based...
11-04-2014
10:23 AM
...MI:WinEventLog:Security" | lookup activeusers user (based on: http://stratumsecurity.com/2012/07/03/splunk-security/)
I also tried:
| inputlookup users.csv | search search sourcetype="W...
08-22-2012
10:40 AM
6 Karma
In a lookup file, how can I configure more than one time-based fields (ex. start_date , update_date , expire_date )?
Within this doc for configuring field lookups it appears to say that only o...
- Tags:
- lookup
12-03-2020
06:28 AM
04-07-2016
02:38 PM
1 Karma
...ommand, it generates two warnings "Script for lookup table 'LOOKUP NAME' returned error code 47. Results may be incorrect." And the same with error code 1.
Based on other threads here, I tried r...
02-24-2015
07:48 AM
3 Karma
...s time-based. Once you've defined the lookup table, you can invoke the lookup in a search (using the lookup command) or you can configure the lookup to occur automatically.
07-11-2019
05:45 PM
...tamp for that date. I'd like to do this to save space on my indexer since I have limited resources to use.
I initially created a csv based lookup file with a search that pulled the _time and app v...
04-27-2021
06:19 PM
...poch time fields? The epoch time is the time when the value is registered. i know what there is exist that " Configure time-based lookup" on lookup table. Can I use this to configure ttl? I w...
Labels
- Labels:
-
lookup
-
search job inspector
-
table
