I recently enabled Splunk tokens (using SAML authentication) and am able to successfully execute basic API calls (such as the one below).
curl -H "Authorization: Bearer <token>" -X G...
...re 270 results returned and when I check the 'Sourcetype' field on the left it does show that all 270 events are now in the new Sourcetype - ba.com:authentication:dob
However, when I click on t...
Hi splunk community, I feel like this is a very basic question but I couldn't get it to work. I want to search my index for the last 7 days and want to group my results by hour of the day. So t...
hi I use a basicsearch which returns results by site | stats count(x) as x, count(y) as y by site In a lookup I have also a site list | inputlookup site.csv...
...xpected results.
While logged into the search head, when I search for data specific to data hosted by Indexer01, I receive the expected results. However, when I search for data hosted by I...
...creenshot of the searchresults when I just searched for "60286da6ca69eb29". I want to find that "record" via "RayID=60286da6ca69eb29". And really, I just want that record, that starts with the RayID f...
...earn: The power of Splunk Search, as we like to call “Schema on the Fly” A beginner’s level introduction to Search, SPL, and Pivots What you can do with your searchresults using reports, alerts, d...
...s enabled. In this scenario for correlation searches the tstats command looks into the tsidx file to get the searchresults. My question here is how Splunk scans multiple indexes in my case the d...
I have a scheduled search that runs each minute, and the basic premise is that the resulting events get passed to a Python script for external action by another system. I need to create a t...