I have a file in a directory, whose timestamp is changed everyday using "touch" command. The contents might change after 3 months but not daily. I need to monitor this file in splunk and read the contents even if they are same. ... View more

I want to monitor a cfg/csv file daily. The file does not get updated daily, it gets updated once a month or once a quarter. Can splunk monitor/read the file daily so that i don't have to specify timestamp like earliest=30d or earliest=90d File does not have a datetime stamp in it. ... View more

I have a search from where i get a result i ndex=abc sourcetype=file|table Name --- Result XYZ Now my lookup is Tables ABC LMN I want to append column name with lookup , expected result Tables Name ABC XYZ LMN XYZ ... View more

I have 2 fields as below Field1 Field2 abc abc def jkl ghi wxy jkl pqr wxy I have to compare values in Field1 with all values in Field2 and return "Success" if both are same and "Fail" if both are not same. Expected Result: Field1 Field2 Result abc abc Success def jkl Fail ghi wxy Fail jkl Success pqr Fail wxy Success Index is same with different sourcetypes ... View more

My 1st search: earliest=-2mon@mon latest=-1mon@mon index=linux (host=abc OR host=xyz) COMMAND=LMN|dedup host,PID|stats count(PID) AS Value1 My 2nd search: earliest=-1mon@mon latest=@mon index=linux (host=abcOR host=xyz) COMMAND=LMN|dedup host,PID|stats count(PID) AS Value2 I want to find Value1-Value2 or difference in count .. When I ran individual searches i got the count as 1441 and 1347 but when i used append the 2nd count reduced to 925 instead of 1347, same happens for join.. How can i find exact difference in counts? ... View more

I have dashboard with avg cpu usage 30 days but now i want to break it with timeframe like: • One window for 12am-8am, one window from 8am-4pm, one window from 4pm-12am ... View more