Data model datasets have a hierarchical relationship with each other, meaning they have parent-child relationships. Data models can contain multiple dataset hierarchies. There are three types of dataset hierarchies: event, search, and transaction. Dataset types You can work with three dataset types. Two of these dataset types, lookups, and data models, are existing knowledge objects that have been part of the Splunk platform for a long time. Table datasets, or tables, are a new dataset type that you can create and maintain in Splunk Cloud, and after you download and install the Splunk Datasets Add-on in Splunk Enterprise. Which would be the correct answer, please? @admin please don't delete my question. ... View more

is there a messaging option available here please. I want to send a direct message to someone, it is for professional purposes only. Or is there a way to send the question to one person without others seeing it Regards Suman P. ... View more

Once compressed, Splunk data cannot be changed? Can someone guide me to the proper reference article ... View more

Hi @gcusello hope you are doing good, As far as I understand, m@d means, beginning of the day, and -45m@d means, 45 minutes before the beginning of the day. Kindly correct me, I am always confused with this ... View more

Please share the power user pdf with me. Can you. I want to prepare on my own reading it. ... View more

I have used the following source="C:\Users\spali\Downloads\products\*" host="DESKTOP-K35HBNT" | top product_name price by Code limit=5 Code product_name price count percent A Mediocre Kingdoms 24.99 1 100.000000 B Dream Crusher 39.99 1 100.000000 C Final Sequel 24.99 1 100.000000 D World of Cheese 24.99 1 100.000000 E World of Cheese Tee 9.99 1 100.000000 F Puppies vs. Zombies 4.99 1 100.000000 G Curling 2014 19.99 1 100.000000 H Manganiello Bros. 39.99 1 100.000000 I Manganiello Bros. Tee 9.99 1 100.000000 J Orvil the Wolverine 39.99 1 100.000000 K Benign Space Debris 24.99 1 100.000000 L SIM Cubicle 19.99 1 100.000000 M Holy Blade of Gouda 5.99 1 100.000000 N Fire Resistance Suit of Provolone 3.99 1 100.000000 O Grand Theft Scooter 24.99 1 100.000000 P SIM Cubicle Tee 9.99 1 100.000000 I should have got only 5, Why is that I am getting more than that? ... View more

@gcusello 9:37 -30m@h Sorry for asking this again. As far as I understand, I will tell you kindly correct me. @h is current hour, which goes to 9. -30m which is 30 minutes before current hour, so it will be 8:30 - 8:59. 9:37 -30m@d @d is current day at 0:00 hours. so -30m would be yesterday 23:30 to 23:59. ... View more

2020-01-05 22:14:20 India Standard Time Splunk Web login attempts search Real-time High Per Result View results | Edit search | Delete 2020-01-05 22:14:20 India Standard Time login search Real-time Medium Digest View results | Edit search | Delete I set alert to medium severity and I set it to Once, not per result. I made 5 login failures continuously. At first, I got medium as expected but then I got High. Why is this behavior? ... View more

I have created a lookup table suppose productext.csv. I went to the Automatic lookup screen and selected the dropdown of lookup table field. I don't find the table. I am in the same app though. Can you please tell me what might be the reason? @gcusello ... View more

Why does when we run timechart, search mode changes to verbose? I ran this with smart mode and suddenly see it in verbose mode ... View more