×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
nandkumar90
New Member
Member since: ‎05-13-2017
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎05-13-2017
Activity Feed
View All

Re: Not able to read windows registry using SPLUNK...

by SplunkTrust in Monitoring Splunk
‎11-21-2017 05:18 AM
‎11-21-2017 05:18 AM
Exceeding your license is the result of indexing too much data. It's unrelated to searching except for being blocked from doing searches until the violation is resolved. Windows logs are very verbose so it's very easy to exceed a small license just by indexing Windows events. Review what you are indexing and reduce it to only the minimum. Then contact Splunk for a key to unlock your ability to search. ... View more

Re: How to add filter specific to each column in S...

by in Dashboards & Visualizations
‎05-13-2017 04:27 PM
‎05-13-2017 04:27 PM
Like this: | multisearch [ |makeresults | eval _time = " Search Time", message = " Search Message" ] [ YOUR ORIGINAL SEARCH HERE ] If you need it to be tokenized, then like this: | multisearch [ |makeresults | eval _time = " " . $time_token$, message = " " . $message_token$ ] [ YOUR ORIGINAL SEARCH HERE ] ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM