×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Temuulen0303
Explorer
Member since: ‎10-09-2023
‎07-18-2024
Community Statistics
Posts 8
Solutions 2
Karma Given 3
Karma Received 2
Member Since ‎10-09-2023
Activity Feed
Topics I've Started
No posts to display.
View All

Re: Count the number of field

by in Splunk Search
‎05-15-2024 12:08 AM
‎05-15-2024 12:08 AM
you can use fieldsummary command:    index=example sourcetype=example | fieldsummary And count fields using:    index=example sourcetype=example | fieldsummary | table field | stats count more about fieldsummary here: fieldsummary - Splunk Documentation ... View more

Re: How to configure time picker for dashboard in ...

by in Getting Data In
‎05-14-2024 12:33 AM
1 Karma
‎05-14-2024 12:33 AM
1 Karma
yes you are doing it right. After adding time picker you can click on this icon: and 1) select edit on your query 2) Go to "Time Range" 3) Click on Input and select your Time picker token ... View more

Re: update old values in lookup table and add new ...

by in Splunk Search
‎05-08-2024 09:24 PM
1 Karma
‎05-08-2024 09:24 PM
1 Karma
You can fetch results of lookup using search: | inputlookup your_lookup.csv Replacing lookup data would be: ```your search here``` | outputlookup your_lookup.csv And then you can add(append) rows using: ```your search here``` | outlookup append=true your_lookup.csv ... View more

Re: Timechart span=1d count by new users not seen ...

by in Splunk Search
‎05-08-2024 09:15 PM
‎05-08-2024 09:15 PM
You need historic data of users to compare. You would need to configure Assets&Identities or save users to simple lookup. You can store results daily, weekly, monthly using this search: index=your_users_index ``` Add or configure neccessary fields | eval bunit="your_bunit", startDate=strftime(now(),"%Y-%m-%d %H:%M:%S"), | stats count by email, identity, nick, UserId, "first", "last", JobTitle, phone, bunit, work_country, work_city, startDate | table email, identity, nick, UserId, "first", "last", JobTitle, phone, bunit, work_country, work_city, startDate | search NOT [| inputlookup users.csv | fields email ] | outputlookup append=true users.csv And later you can sort users startDate using this search: | inputlookup users.csv | sort - startDate Or get last month's new users: | inputlookup users.csv | eval epoch=strptime(startDate, "%Y-%m-%d %H:%M:%S") | where epoch>relative_time(now(), "-20d") ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎07-18-2024 01:07 AM
Karma from
View All
Karma given to
View All