We are using Splunk Enterprise 9.0.1 OnPrem, with SplunkAppforLookupFileEditing version 3.6.0. We need to get a user to modify a column in a lookup, so we give him access and capabilities t...
Our splunk implementation has SERVERNAME as a preset field, and there are servers in different locations, but there is no location field. How can I count errors by location? I envision something l...
...hip thelookupfileintheapp because then when the customer upgrades to a maintenance release of theapp, theshipped lookupfile will unexpectedly overwrite all of their local edits.
I'd love t...
...indexers. Without thelookup command, the query takes 3 seconds to complete over 17 million events. With lookup added, it takes an extra 165 seconds forsome reason with the accelerators turned on....
I am looking forSPL which we can check the who can update the whitelist inlookup table and also thewhat changes are done , compare with previous one.
Thanks,
Sahil
Hi Guys, I have a .csv lookupfile that maintain the 'inactive' accounts list. can anyone help me with a query to remove one of the username from the list?
When we try to change thestatus and update a notable event from theIncident Review dashboard we are prompted with a banner stating
"Theincident review lookupfile is currently being edited, p...