×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
srlakshm
New Member
Member since: ‎08-10-2022
‎10-28-2022
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎08-10-2022
View All

Re: Splunk Search query to track the OS migration ...

by in Splunk Search
‎10-28-2022 01:59 AM
‎10-28-2022 01:59 AM
  Thanks for the query, unfortunately the coalesce is not working as expected. The LastSeen and FirstSeen value is taking the first field value win_LastSeen for both OS. Have observed the same issue previously as well. the coalesce command not working for lookup files as expected.    ... View more

Re: Splunk Search query to track the OS migration ...

by in Splunk Search
‎10-27-2022 07:32 AM
‎10-27-2022 07:32 AM
Yes, The both lookup are updated every day at once, The lookup file contain these are the fields hostname, os, lastseen, firstseen ... View more

Re: Splunk Search query to track the OS migration ...

by in Splunk Search
‎10-27-2022 07:30 AM
‎10-27-2022 07:30 AM
Hi Gusello, Thank you for the response,    I have tried a similar search query and got the same result. The challenge on the results are multivalue value fields with below format.  lastSeen -                             OS                         firstSeen 26-10-2022 13:07:16      windows             26-10-2022 13:07:16  8/29/2022 1:52                 linux                     8/29/2022 1:52  I am expecting the below results. hostname     os                     firstSeen          lastSeen abcde            windows        25-08-2022     26-10-2022 abcde            Linux                26-10-2022       27-10-2022  ... View more

How to search to track the OS migration on the hos...

by in Splunk Search
‎10-27-2022 07:02 AM
‎10-27-2022 07:02 AM
Hi folks, I need your support to build a search query to track the migration activity. We have a requirement to track the host which will be migrated from windows os to linux os. The search should visualize the movement of migration activity. I have two lookup files, one is windows os host details. Another one is linux os host . So I need to compare how many machines migrated from Windows to Linux over the time. (last 7 days). | inputlookup windows.csv | fillnull value="windows" OS | inputlookup linux.csv append=1 | fillnull value="linux" OS | stats dc(OS) as count values(lastSeen) as LastSeen, values(FirstSeen) as Firstseen by hostname | where count > 1 | mvexpand OS The above query doesn't show expect the result  I would really appreciate, if someone has any ideas or suggestions on this.        ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎10-28-2022 11:36 AM