I need to create a dashboard panel merging two different search queries. I have below two queries: Kindly help on this request. index=test_index source=/applications/test/*instance_abc* ("&...
...etting printed and. Is there any way to achieve the desired result. index = test "testrequest" | rex "(?:.+email\=)(?<Email>[a-zA-Z0-9_\-\@\.]+)" | rex "(?:.+trasactionId\=)(?<T...
Splunk Enterprise 7.1.3, SCCM Current Branch with univesal forwarder configured to forward event logs and WMI.
I have written the following query, with the goal of identifying whenever the status ...
was using this below Search,
***| rex field=_raw "<measResults>\d+\s\d+\s\d+\s\d+\s\d+\s\d+\s\d+\s\d+\s(?<active_state>\d{0,3})\s\d+\s(?<idle_state>\d{0,3})"
| eval date_mon...
Hello,
I am trying to have timespan to show results for every 2 mins but it seems to reflect the default of 5 mins
earliest=-180m
index=apps
sourcetype=pos-generic:prod
"com.grubhub.p...
I would want to know how to view those deleted messages from the splunk bar? Example, if i accidentally deleted a messages from the splunk bar, how can i view those messages again either from t...
What is the role capability required to view all the indexes in splunk cloud settings?
We have below capabilities in place
accelerate_datamodel accelerate_search acs_conf admin_all_objects a...