×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
curtgran
Explorer
Member since: ‎07-27-2011
‎06-05-2020
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎07-27-2011
Activity Feed
View All

Re: Correlating two logs help, newbie

by SplunkTrust in Splunk Search
‎11-01-2020 11:22 PM
‎11-01-2020 11:22 PM
Hi @curtgran, as @fk319 said, you could use the transaction command, but this is a very slow command, so I hint to use it only if you haven't any other solution. I usually use stats command correlating events by the common key (in your sample AssignedIP and src_ip). Something like this: (search_one) OR (search_two) | rename src_ip AS AssignedIP | stats values(username) AS username earliest(_time) AS _time values(dest_ip) AS dest_ip values(traffic) AS traffic BY AssignedIP I listed all the fields you have, obviously you can use only the ones you need in your use cases. ciao. Giuseppe ... View more

Re: group ports by IP

by Splunk Employee in Splunk Search
‎04-24-2012 01:15 PM
‎04-24-2012 01:15 PM
I might try something with stats, e.g. <search> ... | stats list(port) as portlist by ip | table ip, portlist ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma from
View All