Hi all, Because we have Splunk running in multiple security environments, we have two separate indexer clusters. For some data we need to send data to either both or only one of the indexer clusters...
...ND <=600, "Between 5 & 10 Minutes")
The problem I have is around this part >300 AND <=600, where I would like say where "The value is greater than 300 But Less Than Or Equal to 600"....
I have the output of a firewall config, i want to make sure that our naming standard is consistent with the actual function of the network object.
I have a table of the name of the object and the ...
...ifferent event (with a different event message) with the same timestamp may occur towards the bottom of the log.
It is totally acceptable to have log events where the timestamps are exactly equal....
...ut how to configure condition value to be not equal to *
<input type="dropdown" token="mso_selection" searchWhenChanged="true">
<label>Select a MSO</label>
<s...
In my data I have event which contain requests and answers for that requests
In the initial request i have a field "RequestId" In the answer the value of that field is filled in the field 'Previous...
Hello splunker, i want to write an SPL to list email senders excluding emails in a predefined lookup table. here's my command: index=email eventtype="email-events" action=delivered [ | inpu...
I need help with a splunk query to return events where an array of object contains certain value for a key in all the objects of an array Event 1: {
list: [
...
Hi All, I have a code, that gives below output. CODE: | inputlookup ONMS_nodes.csv
| table nodelabel OUTPUT : nodelabel LANCUA005 LANCUA008 LANCUA012 LANCUA014 LANC...