Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Search
Splunk Community
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
64 results
Sort by:
05-03-2011
08:56 AM
Is there any way to start a macro with a generator command? I get the error "The command must be the first command of a search."
- Tags:
- macro
09-02-2024
07:10 AM
2 Karma
Hi All I did a look around for a syntax definition for SPL in Notepad++ and didn't find one. Attached is my attempt. Feel free to use. if you have any suggestions, changes etc then post a reply. Th...
spl.xml (7 KB)
04-24-2024
07:23 AM
...t doesn't work for me. The closest I have come is this: | localop | rest .... ```first search key field``` |eval soar_uuid= id+"_RecordedFuture" |append [search index=rf-alerts soar_uuid|rename s...
04-20-2021
02:29 PM
I've got two searches I'm trying to join into one. | localop
| ldapsearch domain=my_domain search="(&(objectCategory=Computer)(userAccountControl:1.2.840.113556.1.4.803:=xxxx))"
| t...
03-26-2025
01:45 PM
I maintain an app on Splunk, the AbuseIPDB App. This app uses a collection that holds a set of key-value pairs for things like user state and settings, and it's looked up on every command (i.e. abuse...
Show results in replies (3)
-
...treaming command or use e.g. localop command https://docs.splunk.com/Documentation/Splunk/9.4.1/S...
-
...e to only use the command on the SHs, e.g. after a |stats, |tstats, etc. - or if need be |localop.
-
...ommand on the SHs, e.g. after a |stats, |tstats, etc. - or if need be |localop. I guess setting l...
02-09-2015
02:14 PM
So I am attempting to perform two lookups in a single query, and i'm receiving an error. if I remove the second lookup (doesn't matter which one) then my search returns results normally.
Q: is t...
05-27-2019
02:48 AM
In the fundamentals 1 course lab 8 tells us to:
"As a best practice and for best performance, place dedup as early in the search as possible." (page 4)
But the quick refence guide tells us that:...
- Tags:
- splunk-enterprise
08-23-2017
12:18 PM
Has anybody experienced installing xmlutils app in Splunk clustered environment? I receive below error with 'xmlprettyprint' command only shcluster installation:
[myindexer1insite1] Search Factory:...
05-23-2013
04:29 PM
1 Karma
...he script. This fails, however, due to the firewall not being open for the script to run.
I have local=true set on the lookup command, and also used localop
Search:
| head 1 | localop | l...
04-17-2013
07:59 AM
Hi,
There are 2 splunk servers( A and B) that have differente data and indexes. I have setup distributed search from A to B and B to A.
searches done from A to B: everything is working as expec...
- Tags:
- distributed
