If you use verbose mode to search a VIX, note that Splunk Analytics for Hadoop does not start a MapReduce job for that search. This is because verbose mode searches search for all events as well as any reports that you might be running. The benefits of MapReduce jobs in that ca...
| dedup physicalElementId | sort -deviceName the problem is that the resulting table has holes on them because of the join type=left. devProductId is absent in sourcetype = A. devProductId is present in sourcetype = B. I'm thinking, i will need to create another Table - Table C. ...
If you have a device like F5 in your network, configure the virtual IP and fail-over rules there Send syslog to both Splunk and perform a Dedup before index the data - waste of bandwidth/load? Send syslog to both Splunk but one of the destinations will be off-line or bl...
So as you may have gathered, I am new to splunk... Not sure what you mean by "using a form" is that like creating a lookup file? Say using the search to store results in a lookup and then use the lookup to find the other field values? From a high level, is there...
What is your search? I did a dummy search like this, index=_internal sourcetype=splunkd_ui_access | erex METHOD examples="GET , POST" | table METHOD | dedup METHOD and I was able to see logs like this 2020-05-04 17:14:29,457 -0700 INFO FieldLearning:62 - GENERATING RULE...
| dedup InvoiceNumber | outputcsv inbound_invoice_list_4152015.csv The SourceSystem fields are how we differentiate what comes in and what comes out. Also we group the other fields by bp_context_id as this is the unique identifier for each transaction. Let me know if I c...
dedup = 0 earliest = 1340776800.0 latest = 1341986400.0 maxjobs = 1 namespace = SplunkDeploymentMonitor reverse = 1 saved_search = All indexers - regenerator seed = 1342017493.05 status = 2 totaljobs = None disabled = 1 ...followed by a restart of Splunk, but it is still runni...