Splunk has become a front runner among big players in the tech sector because of its diverse and flexibility in machine learning. It does not stop there it is always adding more functionality to its infrastructure making it more user friendly. At its current rate of growth the competition is ...
So as you may have gathered, I am new to splunk... Not sure what you mean by "using a form" is that like creating a lookup file? Say using the search to store results in a lookup and then use the lookup to find the other field values? From a high level, is there...
| dedup physicalElementId | sort -deviceName the problem is that the resulting table has holes on them because of the join type=left. devProductId is absent in sourcetype = A. devProductId is present in sourcetype = B. I'm thinking, i will need to create another Table - Table C. ...
Keep in mind as well, any piped commands after the first reduce (dedup here, stats, etc.) or centralized streaming command naturally continue on the search head only. Nothing for the indexers to do because they don't know the reduced result. 1 Karma Reply marti...
If you have a device like F5 in your network, configure the virtual IP and fail-over rules there Send syslog to both Splunk and perform a Dedup before index the data - waste of bandwidth/load? Send syslog to both Splunk but one of the destinations will be off-line or bl...
dedup = 0 earliest = 1340776800.0 latest = 1341986400.0 maxjobs = 1 namespace = SplunkDeploymentMonitor reverse = 1 saved_search = All indexers - regenerator seed = 1342017493.05 status = 2 totaljobs = None disabled = 1 ...followed by a restart of Splunk, but it is still runni...
What is your search? I did a dummy search like this, index=_internal sourcetype=splunkd_ui_access | erex METHOD examples="GET , POST" | table METHOD | dedup METHOD and I was able to see logs like this 2020-05-04 17:14:29,457 -0700 INFO FieldLearning:62 - GENERATING RULE...