×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
rest_assured
Loves-to-Learn Everything
Member since: ‎02-24-2023
‎02-24-2023
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎02-24-2023
View All

Re: Find host diff from two searches in the same i...

by in Splunk Search
‎02-24-2023 06:20 AM
‎02-24-2023 06:20 AM
I'm looking for hosts list generated by query 1 minus hosts list generated by query 2. I must find unique hosts in both and then use simple math to calculate a diff. If possible list hosts as table.  ... View more

How to find host diff from two searches in the sam...

by in Splunk Search
‎02-24-2023 03:47 AM
‎02-24-2023 03:47 AM
I've been trying to solve this problem for days now with no success. Maybe I can find ultimate salvation here.  I have a single index where I need to run 2 queries.  First query finds all hosts that generate logs for a particular app called APP.  I need to count totals. Second query searches for a hosts that were scanned by the APP. Problem: I need to deduct hosts detected in Query 2 from hosts found in Query 1. That will generate a list of hosts that were potentially not scanned in a selected period of time. Query 1: index=demon source="/opt/app/logs/*" Query 2: index=demon source="*scan.log" "scan Finished" From what I learnt so far |multisearch appears to be the best candidate however when I run the below query I only get 1 variable listed, I guess because of host that can be attributed only once.   I'm sure there are multiple ways of achieving this goal.   Thanks   ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎02-24-2023 12:36 PM