Hello splunker, i want to write an SPL to list email senders excluding emails in a predefined lookup table. here's my command: index=email eventtype="email-events" action=delivered [ | inpu...
I'm trying to find the quickest way to run a large search against a large dataset which will have a large set of results that I want exported to a large .csv file.
So far, running a search via G...
If I have two searches, one generates fields "key A" and "Column A" and the second search generates fields "key B" "Column B" and I want to join them together, keep all keys in "key A" and update t...
...oing to be search 15 months worth of authentication data to see if users have logged in within the previous 15 months. We'll have to do this search for 700,000 different user IDs. So the speed of t...
CAN I ADD FEDERATED SEARCH AS ROOT SEARCH IN DATASETS?
I WAS ABOUT TO CREATE A DATAMODEL FOR A DASHBOARD WITH MULTIPLE SPLUNK DEPLOYMENT.
HOWEVER, WHEN I USED FEDERATED INDEXES IN DATASETS. I G...
Hi Splunkers,
I have tried stats dc(sourcetype) as count by commonfield | where count > 1. I assume this search is fetching all records to SH and doing statistics as a results its consuming s...
I am trying to setup a federated index, on a federated search head, but i am only able to select an index as the remote dataset. the drop down for dataset type does not offer any other option. How d...
Hi,
I need a help in creating a daily csv export to a file from a data set for 24 hrs . I have a data set under Search & Reporting >>Datasets >>my dump report. now when i click on t...
...oreach is supposed to look for matches, it does, but I think it is only comparing the side by side column not searching the entire column for each entry in users. Thanks any help would be greatly a...