SPL command are the commands to process and parse the data....
To best of my knowledge there is no SPL command to do so.......
With the help of script, you can call the dash board in a web page using SDK's...
... View more
Logically you can do that by appending.... but practically your report going to end up clumsy state mixing of all the events in a single report.
Difficult to understand...
... View more
I am not sure..
There is a option PDF schedule delivery.
You can save your search as dashboard panel view and in the settings on the top right corner and schedule PDF delivery.
When define the CRON scheduler, it runs the dash boards view of the search and email it you.
This is the one of the option you can opt for .
... View more
Give a shot hope fully it solves your query
index=* | eval latest=now()|table index latest converttime |eval converttime=strftime(latest,"%m/%d/%y %H:%M:%S") |dedup index latest
... View more
base search [|inputlookup lookup.csv|rename SubnetIP AS IP|table IP] --> it returns the results matching with the event and the lookup table
to derive city from the lookup table |lookup lookup.csv SubnetIP AS IP OUTPUT CITY
The total search query is going to be
base search [|inputlookup lookup.csv|rename SubnetIP AS IP|table IP]||lookup lookup.csv SubnetIP AS IP OUTPUT CITY | table Date URL IP City
... View more