×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
iiRajMahalii
Explorer
Member since: ‎10-11-2021
‎02-04-2022
Community Statistics
Posts 3
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎10-11-2021
Activity Feed
View All

Re: Filtering out one field by time in a search

by in Splunk Dev
‎10-11-2021 08:12 AM
‎10-11-2021 08:12 AM
Thank you! That did the trick. I added this to the string right after the lookup.csv is being called.  ... View more

Re: Filtering out one field by time in a search

by in Splunk Dev
‎10-11-2021 06:42 AM
‎10-11-2021 06:42 AM
So far I just have it being listed as top 10 from the list.  | stats count by dest_ip | sort -count | head 10 | rename dest_ip as LIST, count as "Events" | table LIST, "Events" | lookup Lookup.csv LIST OUTPUT FirstSeenDate,LastSeenDate,TotalSeenCount |rename LIST as "IP"| table "IP", "Events", FirstSeenDate,LastSeenDate,TotalSeenCount The format of the FirstSeenDate is YYYY-mm-dd  HH:MM:SS I want to have the results give me the top 10 events by count which it already does but also filter the FirstSeenDate as only list  the top 10 events from the last 3 months.   Thank you ... View more

Filtering out one field by time in a search

by in Splunk Dev
‎10-11-2021 05:42 AM
‎10-11-2021 05:42 AM
I have a lookup table with a few fields (FirstSeenDate, LastSeenDate, IP, etc...). I have a search created to show me the top 10 events in the table by count. What I want to do is add a part in the search to filter out anything that is older than 90 days in the FirstSeenDate column.  ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎02-04-2022 06:03 PM
Karma given to
View All