cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
splunkyboy2
Explorer
Member since: ‎09-16-2020
‎09-25-2020
Community Statistics
Posts 8
Solutions 1
Karma Given 3
Karma Received 6
Member Since ‎09-16-2020
Activity Feed
View All

Re: tstats commands

by in Splunk Enterprise
‎09-24-2020 07:37 AM
‎09-24-2020 07:37 AM
i have made the index a data model , but still getting errors that i cant work out  ... View more

How to use tstats to make a search faster (getting...

by in Splunk Enterprise
‎09-24-2020 04:41 AM
‎09-24-2020 04:41 AM
i am attempting  to use tstats to make this search faster  index="wss_events" sourcetype=symantec:websecurityservice:scwss-poll [| inputlookup "WSSIOC4.csv" | rename match as query | fields query ] i get an an error that i dont understand . Can anyone tell me what i need to correct to use tstats , or am i trying to do something impossible ?   ... View more
Labels

Re: lookup table

by in Splunk Search
‎09-22-2020 12:04 AM
1 Karma
‎09-22-2020 12:04 AM
1 Karma
it works using a single column ( match) lookup with the syntax below, thanks for all your help index="wss_events" sourcetype=symantec:websecurityservice:scwss-poll  [| inputlookup "WSSIOC4.csv" | rename match as query | fields query ] ... View more

Re: lookup table

by in Splunk Search
‎09-21-2020 09:38 AM
1 Karma
‎09-21-2020 09:38 AM
1 Karma
i tried breaking it down , but no results   i have made a new lookup with two columns  , one called info is a mix of ip addresses and urls, and the second column just has the word match against all fields i tried the search index=xxxxxxx | inputlookup xxxxx.csv | rename info as query | fields query should that work if anything in the info field is present in the data ? ... View more

Re: lookup table

by in Splunk Search
‎09-21-2020 08:10 AM
1 Karma
‎09-21-2020 08:10 AM
1 Karma
i put an ip address i found in my data into the lookup to test the search, but it didnt bring back any results as i dont really understand the search, its hard to see where its not working i guess ... View more

Re: lookup table

by in Splunk Search
‎09-21-2020 07:42 AM
1 Karma
‎09-21-2020 07:42 AM
1 Karma
so is this the search i need to run below ? index=myindex ( [ | inputlookup my lookup | rename IPs as query | fields query ] OR [ | inputlookup my lookup | rename URLs as query | fields query ] ) ... View more

Re: lookup table

by in Splunk Search
‎09-21-2020 07:31 AM
1 Karma
‎09-21-2020 07:31 AM
1 Karma
Thanks for the reply, im new to splunk, so pardon my silly questions how would i script a search that compares ether column of the lookup against data in the index using what you sent , would that be index=myindex ( [  | inputlookup my lookup | rename IPs as query | fields query ] OR [ | inputlookup my lookup | rename URLs as query | fields query ] ) thanks for your help your_search ([ | inputlookup your_lookup | rename IP AS query | fields query ] OR [ | inputlookup your_lookup | rename URL AS query | fields query ])   ... View more

lookup table

by in Splunk Search
‎09-21-2020 07:08 AM
1 Karma
‎09-21-2020 07:08 AM
1 Karma
Hi   can anyone help me with a lookup table i have a 2 column lookup with column headings IPs and URLs, and i want to see if information in either csv field appears in the index data at all some fields on the csv just have a url, some just have an ip , some both is there a search string that will search the contents of either column against data held in index Thanks in advance Helppppp ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎09-25-2020 06:00 AM
Karma from
View All
Karma given to
View All