×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Foolish_Rogue
Engager
Member since: ‎07-10-2023
‎10-27-2025
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎07-10-2023
Activity Feed
Topics I've Started
View All

Re: Compliance Dashboard

by SplunkTrust in Splunk Search
‎10-17-2025 01:19 PM
1 Karma
‎10-17-2025 01:19 PM
1 Karma
First and foremost - don't use join. There are some rare cases when join can be useful but this isn't one of them. As a rule of thumb - this is not SQL, joins are a no-no. Just do your  index=installed-apps (DisplayName IN (App1, App2, App3, App4)) | fields DisplayName host to get your initial "report" of the data from the index. Check if it's good. Now we use a neat trick to save ourselves the need to write all those evals. | eval have{DisplayName}=1 This way if you have an event where DisplayName was named "App1", you'll get a field called haveApp1 with a value of 1. Now you can simply do | stats values(have*) as * by host And you have the table from your indexed data. If you want to filter it by your lookup, you just do | lookup AD_servers.csv host output host as matched | search matched=* If you want to show rows even for hosts which are in the lookup but which aren't in your index, you'll have to go another way. Instead of immediately statsing your data you go | inputlookup append=t AD_servers.csv And now you can do your  | stats values(have*) as * by host ... View more

Re: Splunk Enterprise 9.4.0 Integrity Check warnin...

by in Splunk Enterprise
‎04-23-2025 05:13 AM
‎04-23-2025 05:13 AM
Hello, I received this same error in upgrading from 9.3 to 9.4 versions of Splunk Enterprise.  I found a helpful article posted by Splunk Support that resolved my issue.  Please see the link below.   http://splunk.my.site.com/customer/s/article/File-Integrity-checks-found-41-files-that-did-not-match-the-system-provided-manifest  ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎10-27-2025 08:55 AM