×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
mansinchu
New Member
Member since: ‎10-26-2018
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎10-26-2018
Activity Feed
View All

Re: Can you help me with my query within a query?

by in Splunk Search
‎10-29-2018 06:50 AM
‎10-29-2018 06:50 AM
Thank you. ... View more

Can you help me with my query within a query?

by in Splunk Search
‎10-26-2018 09:06 AM
‎10-26-2018 09:06 AM
Hi, I am trying to see if this type of query is possible I am creating an alert base on 2 conditions. The first condition must be met and then check the second condition First Condition: tid result be unique and more than 4 results return Second Condition: host must be unique and must be more than 1 hosts Query: ("ERROR")|dedup tid|eval hostname=substr(host,1,5) It will return something like this Original host name is londn1 londn2 eurpn1 eurpn2 The eval will give me londn and eurpn I am able to get the first condition working. Once I get the first condition met, I will need to check the result to make sure it comes from more than 1 host (without the 1 and 2 in the hostname). How should I go about this? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM