Hi! use tostring(X, "duration") in your own query: | makeresults limit=1 | eval foo=303030 | eval duration=tostring(foo,"duration") ... View more

I'd answer the same like skoelpin, maybe I can add that you can save your queries as reports and your users can access them whenever they need. ... View more

Hi! Have a look here: https://docs.splunk.com/Documentation/Splunk/8.0.2/Forwarding/Forwarddatatothird-partysystemsd ... View more

Well, I'd use this slightly modified version ... | eval dest_port = case (rule="SSH-ACL" AND isnull(dest_port), 22, rule="NTP-ACL" AND isnull(dest_port), 123, 1==1, dest_port) ... View more

Hi! Where do you use this SPL? Are you building a new panel in a dashboard? If this is your case, you can add a timepicker and link your panel with it. But anyway, you can restrict your search like this: index=servicenow eventtype=snow_change* sourcetype="snow:change_request" (change_state_name="Work Complete" OR change_state_name=Closed) earliest=-30d latest=now | dedup ....... More info and options here: https://docs.splunk.com/Documentation/Splunk/8.0.2/SearchReference/SearchTimeModifiers https://docs.splunk.com/Documentation/Splunk/8.0.2/Search/Specifytimemodifiersinyoursearch ... View more

Hi koshyk, I've just asked for the same to ansif, but where did you find enough information, docs, pdfs to prepare your exam? Thanks in advance! ... View more

Hi ansif did you pass the exam? where did you find enough docs and info to prepare your exam? ... View more

Maybe you can use your own custom search command using Splunk SDK for Python, have a look here: http://dev.splunk.com/view/python-sdk/SP-CAAAEU2 ... View more

Hi! Have a look to this post, it may help you: https://splunkonbigdata.com/2019/02/27/send-specific-events-to-a-specific-index/ J. ... View more

Hi! Can you add more details? Query that you are using, alert configuration, ... ... View more