Other Usage

Community Activity

How to Break the eval condition in 3 line? Hi All, I am trying to build a search query for an alert and below is the condition- \| eval status=if(((src="DB_Rebui... by man03359 Communicator in Other Usage 08-30-2023 0 5	0	5
Why is Alert action not triggering when using real time? -I am running an alert which is not triggering email actions when using real-time option. The alert is used to sea... by theprophet01 Explorer in Other Usage 08-29-2023 0 2	0	2
Why is Dashboards showing csv files in dropdown input? Good afternoon, I am trying to show information from a csv which is static, but will be replaced as time goes on I aw... by splunk_user4 Explorer in Other Usage 08-28-2023 0 1	0	1
How to create one report to generate multiple emails based on results? I have a single report that features a list of devices broken up by the group that supports them. I want to have that... by bamartinez Explorer in Other Usage 08-28-2023 0 4	0	4
What is the Manual work around for Pausing/disabling some alerts during a release but not all alerts? Here is what I am proposing as a manual workaround to pause some alerts but not all alerts during an release weekend ... by sjringo Contributor in Other Usage 08-26-2023 0 0	0	0
Why am I receiving "No matching visualization found for type: network-diagram-viz" message? Hi,I am trying to use this visualization but I am getting the following error: Can you please help?Many thanks,Patric... by POR160893 Builder in Other Usage 08-22-2023 0 4	0	4
How to Send a report from Splunk Cloud Search head to Shared Network Drive? Hi All, We have created multiple reports in our Splunk Cloud Search head so once we schedule it we want the reports ... by anandhalagaras1 Contributor in Other Usage 08-21-2023 0 3	0	3
splunk SPL for who deleted user account Hi,Just wanted to know Ad account activity who deleted user account ? by AL3Z Builder in Other Usage 08-21-2023 0 9	0	9
How to combine multiple alerts into one single alert I have an alert set up to detect multiple invalid user credential sign in attempts, which runs once every 24 hours at... by jhilton90 Path Finder in Other Usage 08-21-2023 0 5	0	5
How to disable multiple alerts? Hello I'm using Splunk Cloud and im looking for an option to disable multiple alert using rest api or script so it wi... by SplunkySplunk Explorer in Other Usage 08-21-2023 1 1	1	1
How can I create a search job using the REST API? Following the documentation here:https://docs.splunk.com/Documentation/Splunk/latest/RESTTUT/RESTsearches#Create_a_se... by ww9rivers Contributor in Other Usage 08-20-2023 0 4	0	4
Schedule window vs scheduling mode Hi,I want to prevent alerts from being skipped and I'm fine, that the alerts don't run at a specific time. I prefer t... by peterschloenske Explorer in Other Usage 08-19-2023 0 3	0	3
How to create a splunk query for the following problem? Hi , Below is my raw data {<!-- --> timestamp: 2023-09-10 Version:1 Kubernetes.namespace: X Kubernetes.node: Y App_id:12345... by suvi6789 Path Finder in Other Usage 08-18-2023 0 4	0	4
How to avoid duplicate alerts for 1 month of timespan Hi,I have a alert scheduled to monitor, if 2 different users who are accessing same device for authentication from ok... by sasankganta Path Finder in Other Usage 08-16-2023 0 6	0	6
How to create a Splunk alert cron for monday to friday 7:30 to 8PM ? Hi, I am not able to give cron exp for alert to run every 10 min, for Mon to Fri for time 7:30AM to 8:00PM, can anyo... by taslimsama21 Loves-to-Learn Lots in Other Usage 08-16-2023 0 10	0	10
what does this cron mean ? 1-30/10 * * * * what does this cron mean ? 1-30/10 * * * *one place its given - Every 10 minutes, minutes 1 through 30 past the hourn... by taslimsama21 Loves-to-Learn Lots in Other Usage 08-16-2023 0 2	0	2
how to add Alert name and triggered time to lookup file Hi,I would like to add alert name and its triggered time to a lookup file once the alert is triggered.I don't need th... by visvar90 Engager in Other Usage 08-16-2023 0 4	0	4
How to map multiple MITRE ATT&CK Techniques to single rule? Using the Map Rule to Technique, I select a Rule Name, then I add multiple MITRE ATT&CK Techniques. Is there a limit ... by legrena New Member in Other Usage 08-15-2023 0 0	0	0
How to remove extra space between column headers as well as from the field values table? Attached snapshot for reference. As well as how to reduce the table size to small one by kirthika26 Explorer in Other Usage 08-14-2023 0 1	0	1
Summary index for non aggregated data: How to read only delta data each time? Hi,I'm working with a large amount of data.I wrote a main report that extracts all events (let's call them events A,B... by maayan Path Finder in Other Usage 08-13-2023 0 6	0	6
Splunk Cloud: No longer able to save a Real-time alert A couple of weeks ago I took a screenshot of the "Save As Alert" window. Alert type Real-time was available.Today, my... by SeanBatt Explorer in Other Usage 08-10-2023 0 2	0	2
How to create alert only if the lookup table values matches with the field in the search? Hi ,I am trying to make a search only if the values of lookup table i.e groups.csv fields username matches with ... by AL3Z Builder in Other Usage 08-10-2023 0 6	0	6
Why is regex not working? Hi all! I have a field called "correlation id" in my search output, out of which I am trying to extract another field... by man03359 Communicator in Other Usage 08-10-2023 0 5	0	5
Why sistats doesn't work after lookup? Hi,I wrote a report that merge the result with lookup table to add fields (like machineName). the lookup table contai... by maayan Path Finder in Other Usage 08-10-2023 0 1	0	1
how many splunk alerts are send to single User for an Application? Hi Team,So i am new to splunk, therefore excuses for my stupid question.We have an Application, and multiple alerts/r... by pratibha0610 Explorer in Other Usage 08-08-2023 0 1	0	1