cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
prakashsbk
Explorer
Member since: ‎03-17-2023
‎04-05-2024
Community Statistics
Posts 4
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎03-17-2023
Activity Feed
View All

Re: Splunk Query to check two Conditions

by in Splunk Search
‎10-10-2023 12:49 AM
‎10-10-2023 12:49 AM
Thanks a lot for your quick help and support , Query is working as expected.     ... View more

Splunk Query to check two Conditions

by in Splunk Search
‎10-09-2023 07:48 AM
‎10-09-2023 07:48 AM
Hi All We are trying to get the incidents which are in open state (ie AlertStatus only equal to CREATE) . Table Out is below : Here IncidentID 1414821 has both AlertStatus = CLEAR and CREATE , this Incident ID should not get displayed . We need IncidentID only with Alertstaus = CREATE. we ran with | eval IncidentID=case(AlertStatus="CREATE" AND AlertStatus!="CLEAR",IncidentID) | table IncidentID AlertStatus  When we run an Query it should only Display IncidentID value 1437718   Thanks and Regards       ... View more
Labels

How to check SmartStore features?

by in Splunk Enterprise
‎03-17-2023 03:30 AM
‎03-17-2023 03:30 AM
Hi All We have installed Installed SmartStore in our environment . Need your help in validating SmartStore Features. Have followed the below links and able to verify  the connectivity and remote store.   basic testing is fine. [SmartStore] How to verify splunk indexer connecti... - Splunk Community and Troubleshoot SmartStore - Splunk Documentation BUT, Need to know if there are any SPL Query or steps to show that after installing smartstore it have improved the performance. Keen on steps or data that will give as evidence that will justify Smartstore features    Thanks and Regards   ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎04-05-2024 07:50 AM
Karma given to
View All