Splunk Search

Real time select today's data

puneethgowda
Communicator

Hi

I wonder if i could do this.

I am able to select real time for last one hour ,24 hours etc and i want to select today as real time so results should be 00 hours to current time.

1.example if i add bookings in dashboard it should show the booking for today from 00 hours to current time.

  1. Below image shows each booking sequence number last generated time which also explain all servers are up or down and what is the last booking generated time for each server.

Here we want to add one more column that is minutes ( 10,20,30) like since how many minutes server is down and of it is more than 10 minutes show red color if not show green color in stat table

so column 1 Sequencemcoulm 2 Start date which means booking created column 3 = current time - start time = how many minutes back server was up!

Thanks
Thanks in advance

Regards,

Puneeth

Tags (1)
0 Karma
1 Solution

niketn
Legend

@puneethgowda, you have missed the screenshot....
Please see performance impact of running RealTime Dashboard and use the same only if that is absolutely required : https://docs.splunk.com/Documentation/Splunk/latest/Search/Realtimeperformanceandlimitations

earliest=rt-0d@d latest=rt

For your second query, you can make use of reltime command to compute now()-_time in human readable format. Or else you can make use of eval command to do the same yourself (result will be in seconds) Refer Splunk documentation : https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Reltime

<Your Base Search>| reltime
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

puneethgowda
Communicator

Hi niketnilay and all

Can any one help me with password change notification to the user

What exactly we need is if we create new user and share to them in their first login it should as notify them to change the password like when we install Splunk it ask for changeme.

And password expiry option also helpful we should notify them to change the password every 3 months.

Thanks

Puneeth

0 Karma

niketn
Legend

@puneethgowda Can you post this as separate question as this is completely unrelated. Also, may i know whether you want to implement password expiry in Splunk or you want to track password expiry of an Application being monitored via Splunk?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

puneethgowda
Communicator

posted new question see the link https://answers.splunk.com/answers/509106/notify-users-to-change-password-on-their-first-log.html

1.When i share username password to users once they login they should get notification to change password and current password will expire within 7 days
2.User should get password expiry message every three month
3.Can we restrict a login to be active for one user only?

0 Karma

niketn
Legend

@puneethgowda, you have missed the screenshot....
Please see performance impact of running RealTime Dashboard and use the same only if that is absolutely required : https://docs.splunk.com/Documentation/Splunk/latest/Search/Realtimeperformanceandlimitations

earliest=rt-0d@d latest=rt

For your second query, you can make use of reltime command to compute now()-_time in human readable format. Or else you can make use of eval command to do the same yourself (result will be in seconds) Refer Splunk documentation : https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Reltime

<Your Base Search>| reltime
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

puneethgowda
Communicator

Super

Thanks

0 Karma
Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...