Hello Splunkers!!
I want a listof dashboards and those dashboards are using saved searches & macros. How I can achieve those details by using rest command. So far I have tried the b...
Only the saved APP saved-searchlist is displayed.
How do I get other APP saved-searchlistings?
command : $SPLUNK_HOME/bin/splunk list saved-search
Do not display saved-searchof o...
i all I'm tasked with performing an audit of our Splunk (Cloud) Search Heads (2) as many Apps \ Add-Ons have been sporadically installed onto them over the years and problems are occurring. The a...
Created a custom streaming command that concatenates an event's fields and field values into one field (since the events that we're dealing with has an unpredictable listof fields, I couldn't f...
...reated as part of an earlier base search and then find all events with that build number.
I get the following "Error in 'where' command: Typechecking failed. The '==' operator received different types....
So, I know I can get a listof saved searches by doing:
| rest /servicesNS/-/MYAPP/saved/searches | table title
However, I want to list all saved searches from all Apps (which need to be d...
I have the following search that looks for a count of blocked domains per IP:
index=indexname
|stats count by domain,src_ip
|sort -count
|stats list(domain) as Domain, list(count) as count by s...
...ield1,"|"),1)
| search "*search-val2*"
I am trying to create a dashboard with one of the search as above. I get the field1 value from dropdown list in dashboard. Something like
| eval f...
I have tried to create a search that uses a csv file for inputting a listing of hosts that I want to search for a particular EventID and if I find the ID we will create a ticket. I can list out the i...
...ield that has an email address.
I am trying to search and list all QP_* fields that have email addresses in them. How can I do it?
I tried using foreach command, but no luck in the s...