![]() ![]() One advantage is that we can define arbitrary fields for grouping, independent of the values of url. The end of the time range is the beginning of the current minute. Splunk lookups also support wildcards, which we can use in this case. ![]() Specifying a narrow time range is a great way to filter the data in your dataset and to reduce query time and avoid producing more results.Īn example of using a time range in a search that goes back 5 minutes, snapping to the beginning of the minute. Is it possible to do a wildcard check and get every result based on the main domain 0 3 3 comments Best Add a Comment hdjunkie 2 yr. ago Posted by ttrreeyy Can you do wildcards with inputlookup For example, I have 30 sub domain variations of mydomain.tld in a CSV file. Splunk search best practices, a quick guidelines on splunk search, write better search to improve your search quality and boost query time. Can you do wildcards with inputlookup : r/Splunk 2 yr. Fill the all mandatory fields as shown below. Then it will open the dialog box to upload the lookup file. Go to the Settings and click on Lookups and select Automatic Lookup.
0 Comments
Leave a Reply. |