My current search is - | tstats count AS event_count WHERE index=* BY host, _time span=1h | append [ | inputlookup Domain_Computers | fields cn, operatingSystem, o...
...ype" values. Splunk is parsing the JSON just fine, so these fields can be referenced as "message_info.message_set{}.type" in searches. I'd like to set up an inputlookup that maps these numerical v...
Hello Splunkers,
Please if someone can help me with a Splunk query,
I have a list of IPs I imported in lookup table, I want to grab the FW traffic where dest_ip in the FW logs matches my lookup l...
...2 NOT ([ inputlookup FP_malware.csv]) | eval time=strftime(_time,"%Y-%m-%d %H:%M:%S")|stats count by time hip hdn etdn p2 | dedup p2
it seems not working . So how can i fix this ????? Many t...
I am trying to build my own kvstore geo data, so far i can run | inputlookup geobeta
| where endIPNum >= 1317914622 and startIPNum <= 1317914622
| table latitude,longitude
That returns: l...
Apologies, I am quite new to Splunk so not sure if this is possible, I have the following simple query: | inputlookup appJobLogs
| where match(MessageText, "(?i)general e...
Hi I cross the results of a subsearch with a main search like this index=toto [inputlookup test.csv |eval user=Domain."\\"Sam |table user] |table _time user Imagine I need to add a new lookup i...
VERY new to splunk. I have a query that scans a vulnerability report for critical vulnerabilities: index=vulnerability severity=critical | eval first_found=replace (first_found, "T\S+", "") ...