Quantcast
Channel: Questions in topic: "splunk-enterprise"
Viewing all articles
Browse latest Browse all 47296

How to search 5 min interval after summary index is populated

$
0
0
Hello, I have a search that will extract a field to a summary index and I want to search that field in a specific index after 5 min Ex; index=applications message="Request from suspicious actor*" | fields srcIp | | collect index=siem-summary source=example-summary then 5 min later, i would like to lookup that srcIp in network=index Thanks in advance!

Viewing all articles
Browse latest Browse all 47296

Latest Images

Trending Articles



Latest Images