Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About gauravu_14
gauravu_14
Explorer
Member since:
01-03-2023
03-28-2024
Community Statistics
| Posts | 8 |
| Solutions | 0 |
| Karma Given | 4 |
| Karma Received | 0 |
| Member Since | 01-03-2023 |
Activity Feed
- Posted How to identify the hosts (Primary or Secondary) that have stopped reporting to Splunk using lookup table on Splunk Search. 03-28-2024 01:20 PM
- Tagged How to identify the hosts (Primary or Secondary) that have stopped reporting to Splunk using lookup table on Splunk Search. 03-28-2024 01:20 PM
- Tagged How to identify the hosts (Primary or Secondary) that have stopped reporting to Splunk using lookup table on Splunk Search. 03-28-2024 01:20 PM
- Karma Re: How to compare event data with lookup data to find missing field values? for richgalloway. 03-28-2024 01:04 PM
- Posted Re: How to compare event data with lookup data to find missing field values? on Splunk Search. 10-02-2023 03:18 AM
- Posted Re: Why is Splunk tag for key value pair not appearing for fields of notable events? on Splunk Enterprise Security. 09-28-2023 10:16 AM
- Posted How to compare event data with lookup data to find missing field values? on Splunk Search. 09-28-2023 10:01 AM
- Karma Re: Error in 'eval' command: unexpected character at 86400 for richgalloway. 09-28-2023 09:51 AM
- Posted Why is Splunk tag for key value pair not appearing for fields of notable events? on Splunk Enterprise Security. 06-06-2023 06:32 AM
- Tagged Why is Splunk tag for key value pair not appearing for fields of notable events? on Splunk Enterprise Security. 06-06-2023 06:32 AM
- Tagged Why is Splunk tag for key value pair not appearing for fields of notable events? on Splunk Enterprise Security. 06-06-2023 06:32 AM
- Posted Re: Error in 'eval' command: unexpected character at 86400 on Splunk Search. 01-30-2023 10:31 AM
- Karma Re: Error in 'eval' command: unexpected character at 86400 for richgalloway. 01-30-2023 10:30 AM
- Posted Re: Error in 'eval' command: unexpected character at 86400 on Splunk Search. 01-30-2023 09:30 AM
- Karma How can I solve this error: Data model 'Cloud_Infrastructure' was not found? for kvnpichon. 01-03-2023 02:55 AM
- Posted Re: Data model 'Cloud_Infrastructure' was not found on Knowledge Management. 01-03-2023 02:54 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
03-28-2024
01:20 PM
All, I am looking for a solution to identify the hosts that have stopped reporting to Splunk using lookup table. However, the condition is there are Primary and Secondary hosts for some data types. I do not want to get alerted if either of the hosts (Primary or Secondary) is reporting. At the same time I would like to map these hosts to their respective index. So if a host(both primary and secondary in some cases) from a particular index stops reporting an alert should trigger (will probably have another column for index mapping the hosts). Any solution would be highly appreciated!!
... View more
Labels
- Labels:
-
lookup
10-02-2023
03:18 AM
I would like to know which values are missing in the events compared to the lookup and output those field-values
... View more
09-28-2023
10:16 AM
This was a bug from in current ES version. They would be fixing it in the next update
... View more
09-28-2023
10:01 AM
I need to compare the values of 2 fields from the Splunk data with the field-values from the lookup and find the missing values from the Splunk data and output those missing field value pairs For ex: index=test sourcetype=splunk_test_data fields: field1, field2 lookup: test_data.csv Fields: field1, field2 The output should show missing values from the Splunk data and output those missing values Any help would be appreciated Thanks
... View more
- Tags:
- splunk search
Labels
- Labels:
-
lookup
06-06-2023
06:32 AM
I have created a tag for a key-value pair (dvc=IP_Address) and shared it will all the apps. Which doing a search for the logs related to the above device, I can see the tag appearing for that key value pair (dvc=IP_Address(Tag_Name)). However, this tag is not working for the notable events. It does not appear for the notables under Incident Review of Splunk ES. These tags were working prior to the new ES update. Looking for the solution regarding the same
... View more
- Tags:
- splunk tags
- tags
Labels
01-30-2023
10:31 AM
Thanks, the SPL did work this time. However, there was no result for the mentioned string and yet I am seeing that error
... View more
01-30-2023
09:30 AM
After running the SPL query, I am getting the below error: "Error in 'where' command: Regex: unmatched closing parenthesis"
... View more
01-03-2023
02:54 AM
I am facing the the same issue, unable to find the solution yet
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
03-28-2024
05:19 PM
|
