Solved: Error in Splunk GitHub Content

Hysteresis · ‎10-08-2024

I'm trying to implement the Splunk Machine Learning Toolkit Query, found here: https://github.com/splunk/security_content/blob/develop/detections/cloud/abnormally_high_number_of_c...

Actually just the first part:

| tstats count as all_changes from datamodel=Change_test where All_Changes.object_category=* All_Changes.status=* by All_Changes.object_category All_Changes.status All_Changes.user

But I'm getting this error

How do I fix this?

sainag_splunk · ‎10-08-2024

can you try adding this below line to the end of your search? and give it a try?

| noop search_optimization.predicate_push=f

https://docs.splunk.com/Documentation/SplunkCloud/latest/SearchReference/Noop#Managing_specific_sear...

Hope this Helps. Karma would be appreciated.

View solution in original post

sainag_splunk · ‎10-08-2024

can you try adding this below line to the end of your search? and give it a try?

| noop search_optimization.predicate_push=f

https://docs.splunk.com/Documentation/SplunkCloud/latest/SearchReference/Noop#Managing_specific_sear...

Hope this Helps. Karma would be appreciated.

Error in Splunk GitHub Content

troubleshooting

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

New This Month in Splunk Observability Cloud - Synthetic Monitoring updates, UI ...