Hello,
I'm looking to create a query that is a timechart that timewraps every week, for x number of weeks, showing the count of a given field on a variable span within a given set of time on a c...
...ervice_family_tok$=GMM
But, I need to use these queries as part of a string for a look up query variables but need to convert to lowercase as "gmm" and "caa".
Text in query is => "lookup t...
Hello,
sharing my experience for beginners, especially new Splunk customers 😊
Connected UF / forwarders :
index=_internal source=*metrics.log group=t...
Hello, We have been using this query to list out hosts that are not sending logs since past 24h. It has been working well and for some unknown reason it has now suddenly stopped working....
My query is for searching users...i.e david OR tom OR cindy...
The results are:
David
david
Tom
tom
Cindy
cindy
What do I have to change in my search to get just the small names.....
Hi All, I have 2 different queries and I want to combine their results. These 2 queries return a single value output I want these 2 values in the same search result. Thanks for any help.
&n...
Hi Splunk Community, I need some help with the following query:
(index=* OR index=*) (sourcetype=A OR sourcetype=C OR sourcetype=D) (a_location=* OR b_location=* OR c_location=* OR d...
...ervice_family_tok$=GMM
But I need to use chosen token values in a query to look up a table f s but the lookup variables is in lowercase not uppercase CAA and GMM.
Text in query is => "lookup t...
Hi All,
Below is my search query -
index="idx-network-firewall" (sourcetype="fgt_traffic" OR sourcetype="fortigate_traffic") | stats latest(_time) values(srcname) as src latest(app) as app by s...