Hi  Is it possible to restore archive data from one single host consider we have an index=windows ,we want to restore archive data only for one host ie;index=windows host=xxx . Is it possible someway?   Thanks in advance ... View more

Hi    I have a lookup which looks like this no  name     student     rollno 1      john           yes           12 2       George     no             2345 3      jin                yes          111   How can i iterate through this lookup by the 'no' field and display each entry as a result . I only need one result at a time so when i first run the search the result should be no  name     student     rollno 1      john           yes           12   When i run the same search after a minute the result should be   no  name     student     rollno 2       George     no             2345     Please help ... View more

Hi Team I want to collect source ip from an alert triggered /search ran and then add that to a .txt file exposed on a separate server.(https://urlofserver/ipfile.txt)   What is the best way to achieve this   ... View more

Hi I have an extracted field from regex, ie Time_extract which gives hour. Now I want to get the logs between a period of time, ie time_extract>=10 AND time_extract<23 ..how to go about that? Current search: Date_extract="10/29/16" | stats count by severity | where Time_extract>=12 AND Time_extract<23 ... View more

Hi Team My Splunk Enterprise Security Incident Review is not loading...It just shows "loading" for a long time. I created a notable event and also tried copying the same code to create a separate incident review button, but no luck...please help Thanks in advance ... View more