cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
diirn
Explorer
Member since: ‎02-10-2021
‎08-06-2021
Community Statistics
Posts 5
Solutions 0
Karma Given 3
Karma Received 0
Member Since ‎02-10-2021
Activity Feed
View All

Re: Tstats on lookup hosts

by in Splunk Cloud Platform
‎08-06-2021 06:53 AM
‎08-06-2021 06:53 AM
Thank you very much, I think the problem is solved!  ... View more

Re: Tstats on lookup hosts

by in Splunk Cloud Platform
‎08-06-2021 12:40 AM
‎08-06-2021 12:40 AM
I think here is the error: " 08-06-2021 07:34:37.521 ERROR TsidxStats [60531 searchOrchestrator] - Incorrect WHERE clause : [ AND 1000 csv host inputlookup list return server splunk [ OR index::* [ AND index::_internal sourcetype::splunkd ] ] ]  " 08-06-2021 07:34:37.521 ERROR TsidxStats [60531 searchOrchestrator] - WHERE clause is not an exact query     ... View more

Re: Input lookup and matadata truncates the logs

by in Splunk Search
‎02-12-2021 02:29 AM
‎02-12-2021 02:29 AM
Thank you so much for your kind assistance! That query worked as a charm!  ... View more

Re: Input lookup and matadata truncates the logs

by in Splunk Search
‎02-10-2021 01:04 PM
‎02-10-2021 01:04 PM
Hi @bowesmana, Thank you very much for your swift response and valuable feedback.  There are around ~20k hosts in this CSV file. I just need the hostnames from that file.  I have tried your suggestion and the results are also truncated.    Kind regards, Diirn ... View more

Input lookup and matadata truncates the logs

by in Splunk Search
‎02-10-2021 08:47 AM
‎02-10-2021 08:47 AM
Hi All, Can you please help me with my problem? I would like to check all the hosts in the CSV file which are for some reason truncated due to too many records.  I have modified the search which was provided on the other posts by some good soul 🙂  Here is my search:     | inputlookup my_lookup_definition | join type=left [metadata type=hosts] |dedup host lastTime firstTime | eval age = now()-lastTime | convert ctime(lastTime) | eval field_in_ddhhmmss=tostring((age) , "duration") |rename field_in_ddhhmmss as "Time Offline" lastTime as "Last Time" | sort + "lastTime" | table host "Time Offline" "Last Time"     My main goal is to search all hosts from the CSV file, check which one of them have been reporting to Splunk and which ones have stopped.  The above search would do the trick, but the logs are truncated 😞 Is there any other way to achieve my goal without modifying the config files?        [subsearch]: Subsearch produced 100000 results, truncating to maxout 50000. [subsearch]: Metadata results may be incomplete: 100000 entries have been received from all peers (see parameter maxcount under the [metadata] stanza in limits.conf), and this search will not return metadata information for any more entries.       I would be very grateful for your assistance here.     Kind regards, Diirn ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎08-06-2021 10:13 AM
Karma given to
View All