×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
David_M
Explorer
Member since: ‎08-02-2022
‎04-22-2025
Community Statistics
Posts 10
Solutions 0
Karma Given 5
Karma Received 2
Member Since ‎08-02-2022
Activity Feed
View All

Re: Finding reports via the cli

by in Splunk Enterprise
‎04-22-2025 09:40 AM
‎04-22-2025 09:40 AM
@David_M  Good to know that adding the outputcsv command resolved the issue. ... View more

Re: Splunk report copy permission

by in Reporting
‎01-29-2024 04:39 AM
1 Karma
‎01-29-2024 04:39 AM
1 Karma
Yep, that got it working. ... View more

Re: Search combined with inputlookup

by SplunkTrust in Splunk Enterprise
‎12-05-2023 10:43 AM
2 Karma
‎12-05-2023 10:43 AM
2 Karma
You would not be the first person to conflate the inputlookup and lookup commands.  This is a classic use case for lookup.  Insert the lookup command late in the query to pull the reason from the CSV. index=vulnerability severity=critical | eval first_found=replace (first_found, "T\S+", "") | eval first_found_epoch=strptime(first_found, "%Y-%m-%d") | eval last_found=replace (last_found, "T\S+", "") | eval last_found_epoch=strptime(last_found, "%Y-%m-%d") | eval last_found_65_days=relative_time(last_found_epoch,"-65d@d") | fieldformat last_found_65_days_convert=strftime(last_found_65_days, "%Y-%m-%d") | where first_found_epoch>last_found_65_days | sort -first_found | dedup cve | lookup mylookup.csv ScanHost as asset_fqdn target-CVE as cve OUTPUT Reason | rename severity AS Severity, first_found AS "First Found", last_found AS "Last Found", asset_fqdn AS Host, ipv4 AS IP, cve AS CVE, output AS Description | streamstats count as "Row #" | table Severity,"First Found","Last Found",Host,IP,CVE,Description,Reason Pro tip: do everything you can to avoid using hyphens in field names.  Splunk sometimes interprets it as a minus operator, which can break a query. ... View more

Re: Searching field output

by in Splunk Search
‎11-18-2022 06:20 AM
‎11-18-2022 06:20 AM
Well that did the trick Rich!  Thank you... ... View more

Re: Finding next log entry

by in Splunk Search
‎08-02-2022 11:59 AM
‎08-02-2022 11:59 AM
Hello TWhisperer,     Well that didn't quite do it.  But after pouring over my DHCP logs and some packet captures I figured out to do what I want is going to require my DHCP server adding the DHCP transaction ID to syslog, if that's possible.  Getting the log entries around the target entry still doesn't narrow things down enough.  But that you for th suggestion, I'm sure I'll be using it at some point. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎04-22-2025 05:14 AM
Karma from
Karma given to