Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How I can compare 1 day security metric to another day and also generate a metric report that shows low and high

ngwodo
Path Finder
‎12-28-2020 07:08 AM

I need help on how I  can compare 1 day security metric to another day and also generate a metric report that shows low and high and compare it to the security metric in the spreadsheet.

Below is the splunk query I have:

 

 

index=security sourcetype="Computers" "Computer Status"=Enabled earliest=-12mon@mon
| bin _time span=1day
| dedup _time sAMAccountName
| timechart span=1day count
| stats avg(count) AS avg stdev(count) AS stdev min(count) AS min max(count) AS max latest(count) AS latest_count
| eval min_thres=5000, max_thres=7500
| eval alert=if((latest_count<min_thres OR latest_count>max_thres), 1, 0)

Tags (1)
0 Karma
Reply

ngwodo
Path Finder
‎12-30-2020 06:26 AM

The Splunk query did not run. I am just giving you an update.

0 Karma
Reply

to4kawa
Ultra Champion
‎12-29-2020 02:27 PM

sample:

| tstats count where index=_internal earliest=-2w@w latest=-2w@w+1d by _time span=1h
| append [| tstats count where index=_internal earliest=-1w@w latest=-1w@w+1d by _time span=1h ]
| eval time_range=if(_time <= relative_time(now(),"-1w@w-1"),"last_week","current_week")
| eventstats avg(count) AS avg stdev(count) AS stdev min(count) AS min max(count) AS max latest(count) AS latest_count by time_range
| eval time=strftime(_time,"%T")
| xyseries time time_range *
| rename "*: current_week" as current_week:*, "*: last_week" as last_week:*

xyseries would be a good choice.

0 Karma
Reply
Get Updates on the Splunk Community!

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...