×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
gsteffen
Explorer
Member since: ‎01-26-2015
‎06-05-2020
Community Statistics
Posts 4
Solutions 0
Karma Given 1
Karma Received 4
Member Since ‎01-26-2015
Activity Feed
View All

How monitor logs on a UNC path?

by in Getting Data In
‎03-06-2015 11:42 AM
‎03-06-2015 11:42 AM
Hello, I've been given the task of finding out how we can setup Splunk to monitor logs on a UNC path. What are the steps in completing such a task? New to Splunk and I've done some research and I see that the inputs.conf file needs to be configured other than that, not sure where to start. -Both the Splunk server and the logfiles reside on Linux boxes. -Let me know if you need additional information. Any help would be appreciated. Thank you in advance. ... View more

Re: How would I combine two searches and remove du...

by in Splunk Search
‎03-04-2015 01:08 PM
2 Karma
‎03-04-2015 01:08 PM
2 Karma
Yes. Thank you! dedup on the end did the trick ... View more

Re: How would I combine two searches and remove du...

by in Splunk Search
‎01-27-2015 12:13 PM
1 Karma
‎01-27-2015 12:13 PM
1 Karma
Thank you for your response. I'll give that a try. ... View more

How would I combine two searches and remove duplic...

by in Splunk Search
‎01-26-2015 12:45 PM
1 Karma
‎01-26-2015 12:45 PM
1 Karma
Hi, I have two searches that I would like to combine but I would like to remove the duplicate with the Latest_Time. My two searches: | metadata type=hosts **index=os** | convert ctime(recentTime) as Latest_Time | table host, Latest_Time, totalCount | sort Latest_Time Example output: host Latest_Time totalCount addc1-pprd 1/14/2015 13:21 105 adfsproxy01-pprd 1/14/2015 13:41 1603 adfs02-pprd 1/28/2015 15:10 55 | metadata type=hosts index=msad | convert ctime(recentTime) as Latest_Time | table host, Latest_Time, totalCount | sort Latest_Time Example output: Index=msad host Latest_Time totalCount addc1-pprd 1/26/2015 11:24 39685239 adfsproxy01-pprd 1/26/2015 11:23 7090659 adfs02-pprd 1/26/2015 11:24 4624827 ADDC2-PPRD 1/26/2015 11:24 49067658 I would like to see the search to generate this information: Combined host Latest_Time totalCount addc1-pprd 1/26/2015 11:24 39685239 adfsproxy01-pprd 1/26/2015 11:23 7090659 adfs02-pprd 1/28/2015 11:24 55 ADDC2-PPRD 1/26/2015 11:24 49067658 I'm guessing that a dedup would be used but I'm a bit stymied Thanks in advance for your help! ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All
Karma given to
View All