×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
grasshopper_
Loves-to-Learn
Member since: ‎06-23-2021
‎06-24-2021
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎06-23-2021
View All

Re: Ignore if a certain string is present in the ...

by in Splunk Search
‎06-24-2021 08:06 AM
‎06-24-2021 08:06 AM
 I keep adapting it. If you wanted to make sure that string1 and string2 are from the same host, at what point would you put that? Thanks ... View more

Ignore if a certain string is present in the next...

by in Splunk Search
‎06-23-2021 08:57 AM
‎06-23-2021 08:57 AM
Hi,  I am working on a search that looks for instances of "string1", but only those that are not followed by instances of "string2" in X minutes of time. The search runs once every 24hrs and should produce a total count of the instances found. I am trying to search with bin command. | index=x | search "string1" NOT "string2" | bin _time span=5min The problem is that this search looks for 5min in the past, as well as 5min in the future. So if "string2" is present within -5min from "string1",  that instance does not get counted, and it should be. It should only be excluded if "string2" is after  "string1". Many Thanks ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-24-2021 12:42 PM