So I have two columns one with an index and the other with the amount of hosts that index has, I just want to query that data from my lookup to that data I have in Splunk. Sorry if I have confused you 🙂
... View more
I have a lookup which in column A is the index and column B is the number of hosts, I have this as a lookup. I would like to be able to query the number of hosts per index I have i.e. if I have three hosts in my lookup but splunk returns two I would like to see that number.
Probably a difficult query but one I am struggling with - thanks in advance!
... View more
So I have a search I run for an alert which looks for a missing event, it's a simple tstats that shows stuff within the last 30 days I would like to compare the 90 days variant in the same search and determine the missing events.
Any ideas?
... View more