Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About leftinnerouter
leftinnerouter
Explorer
Member since:
07-28-2022
08-11-2022
Community Statistics
| Posts | 6 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 07-28-2022 |
Activity Feed
- Posted Re: Why is my join not working? on Splunk Search. 08-10-2022 05:13 AM
- Posted Is there a way to monitor the status of all lookup files through a search? on Monitoring Splunk. 08-09-2022 06:54 PM
- Posted Re: Why is my join not working? on Splunk Search. 08-09-2022 06:31 PM
- Posted Re: Why is my join not working? on Splunk Search. 08-09-2022 06:30 PM
- Posted Can a lookup be recreated and use the existing lookup definition? on Splunk Search. 08-09-2022 06:27 PM
- Posted Why is my join not working? on Splunk Search. 07-28-2022 11:50 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
08-10-2022
05:13 AM
@bowesmana @gcusello thank you for your help. I've reverted to a simple search.
... View more
08-09-2022
06:54 PM
Is there a way to monitor the status of all lookup files through a search query.
I would like to specifically show all lookups that are unreadable and alert on these.
... View more
08-09-2022
06:31 PM
Yes I would like to check if the IP from the main search in 4 hours was present in the previous 7 days.
... View more
08-09-2022
06:30 PM
Sorry for the late response. There are less than 50,000 results and I have attempted adding a limit as suggested. Unfortunately this is still not working for me as expected.
... View more
08-09-2022
06:27 PM
The scenario is,
A lookup csv has become unreadable. A lookup definition exists for it.
The lookup was deleted and recreated. The existing definition was not changed.
My question is: Can a lookup be recreated and use the existing lookup definition?
... View more
Labels
- Labels:
-
lookup
07-28-2022
11:50 AM
Basically my query should search an index for an ip in the last 4 hours and return 1 event. Then it should left join on IP to a second index and search for results over the last 7 days. The IP i am searching exists in both indexes. Why are no results being returned? earliest=-4h latest=now() index=data1 Source_Network_Address=10.1.1.1
| head 1
| rename Source_Network Address as IP
| join type=left IP max=5
[search earliest=-7d latest=now() index=data2
| fields IP, DNS]
| table index, _time, IP, DNS
... View more
Labels
- Labels:
-
join
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-11-2022
10:43 AM
|
