Hello splunkers, I don't now if my title makes sense but here is the situation : I have an alert called buy signal and another called sell signal. I want to make sure that only my buy signal alert can be triggered ONCE and after i want to make sure only my sell signal alert can be triggered ONCE etc etc .. Do you now a parameter that can do this ? Thank you for your help ... View more

Hi splunkers, After several days to be block with an issue regarding lookup, I try to have a little help here, Here is my problem, I have an asset which brings me alerts, sometime the same alert so I want to exclude the duplicates ones, for this, I create a lookup that save the research of my alert's query. This part work great, and after I want to exclude the event that is not matching ALL the field of the lookup. So my lookup is like this : duplicate.csv subject,source,dest,malware null,null,null,null The field of my search event has the SAME name that my lookup field. Here is my query at the moment index=xxxxxx | search NOT [| lookup duplicate.csv subject AS source,dest AS dest,malware AS malware | outputlookup append=true duplicate.csv I don't know how to create the link between search field and lookup field because they share the same name. And I don't now how I do to display the event ONLY if they match all the field in my lookup (4) Thank for your help. This is a lovely community 🙂     ... View more

Hello I got a problem, I recovered through a wifi scan application several wifi access point with their positions, the end result is a csv file that I imported on splunk, however when I make my request, it does not place me wifi access points according to their different location here are the fields of my csv This is my request source="wifiscan-export.csv" | geostats latfield=Latitude longfield=Longitude count by SSID The access points are all located in the same place instead of in their respective coordinates. ... View more