...ndexed logs...
when i usethe same search only writted differently like so:
index="index" sourcetype="sourcertype" NOT (field1!="*" field2!="*")
I get all the indexed data as expected...
H...
I want to list what commands in thesearchlanguage are being used. I think its possible in the same _audit index and I want to be able to do is count the number of times each c...
...xample:
Let's say we have Data Base Manager tool which is managing all the DB Connections/Sessions. Users should log on to DB Manger tool first using their personal account and then initiate a connection t...
How can this sql "like" query be translated into something the Splunk searchlanguage can understand?
select count(*) from LOG start from X time till Y time
select uniquecount(deviceGUID) f...
Are all these OK?
* | STATS COUNT
* | stats count
* | STATS count
* | stats COUNT
Conclusion: search lang keywords (what I meant) break down as so:
Must be uppercase: OR, NOT
Must b...
Do you need to return output from one section of a chain search to another, like when writing a function in a programming language I've assumed that a chained search would, as a user, act in a s...
Hello,
I was curious if there was a way to reference a search duration for use within thesearch? Primarily for use inside a dashboard. If the timepicker selects a 5 day duration then thesearch s...