cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
vpao
Engager
Member since: ‎07-29-2016
‎06-05-2020
Community Statistics
Posts 4
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎07-29-2016
Activity Feed
View All

How to search for events with latest time down to ...

by in Splunk Search
‎08-01-2016 10:38 AM
‎08-01-2016 10:38 AM
Hi, My Splunk indexes event time down to the millisecond (e.g., 01/14/2016 23:59:59.326 AM). I know this can find events down to the second: index=index1 sourcetype=sourcetype1 earliest=01/08/2016:00:00:00 latest=01/14/2016:23:59:59 Is there a way to find events down to the millisecond? ... View more

Re: Can a search that populates a summary index ad...

by in Knowledge Management
‎07-29-2016 10:48 AM
‎07-29-2016 10:48 AM
@somesoni2 That's awesome. I wasn't successful in excluding events with the stats command. I changed to the table command and verified the search works. Thanks! index=index1 NOT [search index=summary | table primaryKeyField ] | addinfo | collect index=summary ... View more

Can a search that populates a summary index add a ...

by in Knowledge Management
‎07-29-2016 07:31 AM
‎07-29-2016 07:31 AM
Hello, I am populating a summary index with a search: index=index1 | addinfo | collect index=summary I want to schedule the above search to run multiple times a day, but due to the nature of the data, this will introduce duplicate events into the summary index. Is there a way for the populating search to add a field to index1, called isProcessed="true", so that the populating search can filter events by isnull(isProcessed) and duplicate events won't be added to the summary index? ... View more

Does lookup command support OR Boolean operation?

by in Splunk Search
‎07-29-2016 05:28 AM
‎07-29-2016 05:28 AM
Hello, I have events in index 1 and I have lookup table 1 created from a CSV file. I want to lookup events from index 1 in lookup table 1 by following a hierarchical logic: lookup where tail number OR flight ID OR operator matches AND lookup where airport matches My search currently looks like this and it works. Is there a way to simplify it so that one lookup checks tail number then flight id then operator? index=index1 | lookup lookuptable1 id as tailNo airport as iataAirport OUTPUT start_date/time as start_date | lookup lookuptable1 id as flightId airport as iataAirport OUTPUTNEW start_date/time as start_date | lookup lookuptable1 id as operator airport as iataAirport OUTPUTNEW start_date/time as start_date ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma given to
View All