×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
neonmonarch
Engager
Member since: ‎02-23-2014
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 2
Karma Received 1
Member Since ‎02-23-2014
Activity Feed
View All

Re: Lookup table not giving results.

by in Splunk Search
‎03-20-2014 07:05 PM
‎03-20-2014 07:05 PM
You deserve a cookie! Thank you very much. ... View more

Lookup table not giving results.

by in Splunk Search
‎03-20-2014 06:02 PM
‎03-20-2014 06:02 PM
Hi all, I've trying to establish a lookup table that is used in a query (query below). I've setup the lookup table in Defintions & Files. When I run the query, I get matching events but with 0 results. I have the index, time range and status details. Have removed company specific information. | eval srcip=dstip | lookup lt1 cidr_value AS srcip OUTPUT network AS srcnet, cidr_value AS srccidr | replace internal_private WITH "Internal private" IN srcnet | replace internal_public WITH "Internal public" IN srcnet | replace Unknown WITH "Uknown" IN srcnet | eval srccidr=if(srccidr="Unknown", srcip, srccidr) | stats c(id) AS "# incidents", values(srcnet) AS "netid" by srccidr | eval net=replace(srccidr, "\/+", "") | geoip net | table srccidr netid net_country_name "# incidents" | rename srccidr AS "Network", netid AS "Classification", net_country_name AS "Origin" | sort 15 - "# incidents" | fillnull value="-" If anyone has some ideas on how to produce results. Thanks ... View more

Using a result from a subsearch as

by in Splunk Search
‎02-25-2014 02:38 PM
1 Karma
‎02-25-2014 02:38 PM
1 Karma
Hi all, I've been searching for the last day or so trying to find an answer, but unable to find one. I think I maybe on the incorrect path. Apologies in advance for the newbie question. I am trying to write a query that will search the index that to find what a destination IP address is in syslog as a subsearch, and then take that result and use it as a filter to search on the source IP. This is to correlate the top talkers that are listed as a dst and then find those IP's that are returning as a source. I've been trying: index=daily scrip="$dstip" [search index=daily remark=internet dstip="*"] This search runs, I get a subsearch message that it has reached it's limit of 10000, but I get 0 matching events. Help me Splunk answers, you're my only hope. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All
Karma given to
View All