×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
suspense
Explorer
Member since: ‎11-13-2022
‎06-27-2023
Community Statistics
Posts 13
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎11-13-2022
Activity Feed
View All

Re: Multiple sourcetypes with where condition

by in Splunk Search
‎04-04-2023 02:11 AM
‎04-04-2023 02:11 AM
Glad to help! ... View more

Re: Search in logs if value appeared before

by SplunkTrust in Splunk Search
‎03-20-2023 02:06 AM
‎03-20-2023 02:06 AM
Try something like this index=* sourcetype=maillogs (earliest=-30d@d latest=-5d@d) OR (earliest=-24h) | eventstats earliest(_time) as earliest_time latest(_time) as latest_time by sender | where earliest_time < relative_time(now(),"-24h") AND latest_time >= relative_time(now(),"-24h") ... View more

Re: $user$ and user=$user$ difference

by in Splunk Search
‎03-01-2023 06:23 AM
‎03-01-2023 06:23 AM
Hmmm ok, that just makes sense 🙂 I thought there is something more behind this 😄 ... View more

Re: BotS - Error in 'lookup' command: Could not fi...

by in Splunk Search
‎12-13-2022 03:47 AM
‎12-13-2022 03:47 AM
BTW. If you look at this website -theirs syntax with lookup and list that they attached in a link - this syntax just cannot work. I tested in my lab and it does not work. But you helped me to understand that last 'song' must be 'Song' 🙂 Thank you. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-27-2023 05:54 AM
Karma given to
View All