Hello to everybody, we are trying to set a search that makes a diff between two files of two different days. This is the working search: | set diff
[| search index=myindex source="*2021-08-...
Hi, I want to store earliest and latest times of my search in variables to use them in further operations.
But I am unable to do so. I am trying like below.
| makeresults | eval j...
...nder the same time? Or maybe join both events in one? The main goal is to display both values in one graph and be able to monitor long term usage. I found a way with using multisearch, but it t...
Hi,
I'm trying to configure macros to use as a variable in my source. In my macro, I use strftime(relative_time(time(), "-1d"), "%Y%m%d%H") , to get it to print the date string in YYYYMMDDHH , w...
...d in a formula.
Example: You select 24 hours. Using the earliest and latest timevariables, I want to calculate the time being search I.E. 24 hours or 1440 minutes.
I then want to take the 1...
...abel>
<default>now</default>
</input>
</fieldset>
I'm wanting to not use a timepicker, but instead, give them two text boxes where they can specify a d...
Hello everyone
I'm am trying to find if you can use fields from events to populate email alert variables. As an example, say I have the following event that triggers an alert:
Sample log f...
Hi,
I need to run a scheduled search to export some logs every certain amount of time. The search I am using is this:
outputtext usexml=false | rename _xml as raw | fields raw | f...
Dear All,
I was going through a Splunk conf 21 where the narrator explained to use the index time instead of search timeusing a Macro
Out of curiosity, I went to understand the query a...
Hallo again,
is it possible to usevariables in splunk to count something? For example if a string match something the variable "X" increase by one.
Perhaps there is another way to solve my p...