×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
shashilendraman
Explorer
Member since: ‎03-23-2023
‎03-24-2023
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎03-23-2023
Activity Feed
View All

Re: How to search field in two indexes?

by in Splunk Search
‎03-23-2023 11:23 PM
‎03-23-2023 11:23 PM
Hi Gcusello, output is blank for  below query. index=*asa* [search index=otx sourcetype="otx:indicator" type=IPv4 indicator=* |rename indicator as dst_ip|fields dst_ip]|dedup src_ip|table src_ip. how ever i manually ping/trace 1 ip address which is in indicator field for testing purpose and i can see those IP in ASA  logs in splunk.   Thanks shashi       ... View more

Re: Search field in 2 index

by in Splunk Search
‎03-23-2023 09:07 PM
‎03-23-2023 09:07 PM
ASA ... View more

Re: Search field in 2 index

by in Splunk Search
‎03-23-2023 08:57 PM
‎03-23-2023 08:57 PM
yes , you correct , but i am not getting desire output. i am attaching ASA index output , otx index output and Correlation SPL which i prepared as you suggested. Correlation SPL     ... View more

How to search field in two indexes?

by in Splunk Search
‎03-23-2023 03:34 AM
1 Karma
‎03-23-2023 03:34 AM
1 Karma
how to search value of "Dst_IP" field from "ASA" index to "otx" index "indicator" field and display the scrip" field from "ASA" index. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎03-24-2023 04:44 AM
Karma from
View All