we are using iplocation command i see that the GeoLite2-City.mmdb file is since 2019 [splunk@ilissplsh01 bin]$ ll /opt/splunk/share/GeoLite2-City.mmdb -r--r--r-- 1 splunk s...
Hello. I've been watching a few lookup videos but they mostly concentrate on extracting data from a lookup file. None of them are addressing a case where you have to correlate a field from a query t...
...nstalled) which in turns call my enrichment script. I followed these solutions ( first and second ) to no avail.
What happens is that i run my lookup but it seems like the os.execv command doesn't r...
Hello, I am a big fan of using Join for combining results of different sourcetypes and indexes (especially with a type=left parameter) but I do see alot of hate in the community towards the usage o...
Hello,
This is my first time creating a external lookup, and I think am missing something. The error I am getting is "Error in 'lookup' command: Could not find all of the specified lookup fields i...
...ategories: News/Media and Reference.
The Bluecoat app handles this by applying a makemv command to the category value, which effectively counts the usage for this record (1071 bytes) twice for reporting p...
...nd sum them and get final top 5 host count.
Final output should be in lookup file for further usage:
host count
-----------------
host1 12
host2 23
host3 34
host4 45
host5 56
host6 60
host7 70
...ast 24 hours with search, and has 3 months accelerated.
2) How to debug extremly high memory usage (over 12 GB) on searchhead if I start a query and run it for last 30 days?
Report search looks l...