×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
mhensonagain
Engager
Member since: ‎03-16-2021
‎03-06-2025
Community Statistics
Posts 2
Solutions 0
Karma Given 14
Karma Received 0
Member Since ‎03-16-2021
Activity Feed
Topics I've Started
No posts to display.
View All

Re: new field using information from other sourcet...

by in Splunk Search
‎09-13-2024 12:18 PM
‎09-13-2024 12:18 PM
Apologies for the lack of answers etiquette 😀. join ended up working for me:   index=firewalls sourcetype=pan:traffic dest_zone=untrust dest_port=443 | join dest [ search index=firewalls sourcetype=pan:threat dest_zone=untrust dest_port=443] | stats sum(bytes) as total_bytes by dest_hostname     ... View more

Re: new field using information from other sourcet...

by in Splunk Search
‎09-13-2024 07:56 AM
‎09-13-2024 07:56 AM
I have this use case and want to report on bytes by dest_hostname. After adjusting for current Palo field names, the provided answer yields no results: index=firewalls sourcetype=pan:traffic dest_zone=untrust dest_port=443 [search index=firewalls sourcetype=pan:threat | fields dest_hostname] | stats sum(bytes) BY dest_hostname   ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎03-06-2025 07:11 PM
Karma given to