- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to get list of users for specific search,How t...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to get list of users for specific search,How to get list of users for message
Hi All,
I am very new to splunk, wanted to get the list unique users for below criteria.
I need query to get the actor which was a user .
Unable to retrieve the content 7ec12461-b0db-4a7b-a210-7da0b2a1542e ph924_8bc4e8a6-6tr-oipo-zcvv-ea281ba6b101 Actor raja.
Unable to retrieve the content 7ec12461-b0db-4a7b-a210-7da0b2a1542e ph924_8bc4e8a6-950f-rtey-ggff-qwrq42342435 Actor shekar.
Unable to retrieve the content 7ec12461-b0db-4a7b-a210-7da0b2a1542e ph924_8bc4e8a6-khj-4ce6-khjk-gdgdfshghgfg Actor Madhu.,
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
index=yours sourcetype=yours
| rex "Actor (?<user>\S+)"
| stats values(user) as unique_users_list
references:
https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Rex
https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Stats
https://docs.splunk.com/Documentation/Splunk/latest/SearchTutorial/WelcometotheSearchTutorial
https://www.splunk.com/en_us/training/courses/splunk-fundamentals-1.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for ur reply
when "exception: Error occurred. Unable to retrieve document, please contact the helpdesk." occurred,
then need to get actor from message section, Please advise
exception: Error occurred. Unable to retrieve document, please contact the helpdesk.
logger: com.web.controller.DocumentController
message: 2020-05-14T13:12:47.753Z [taskExecutor-50] ui-prd-140-wttsz UI
ERROR c.o.d.d.w.c.DocumentController:-1 - Unable to retrieve the content for source Actor Raja.
com..exception.DocumentNotFoundException: Error occurred. Unable to retrieve document, please contact the helpdesk.
at com.web.controller.DocumentController$1$4.extractData(Unknown Source)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:662)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:635)
at com.web.controller.DocumentController$1.call(Unknown Source)
at com..web.controller.DocumentController$1.call(Unknown Source)
at org.springframework.web.context.request.async.WebAsyncManager$5.run(WebAsyncManager.java:327)
at co.elastic.apm.agent.impl.async.SpanInScopeRunnableWrapper.run(SpanInScopeRunnableWrapper.java:64)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.NullPointerException: null
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
when ...
Are you going to make alert?
rex is no problem.
Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!
Logs to Metrics
Developer Spotlight with Paul Stout
