Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
All Posts
Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- All Posts
All Posts
10-04-2023
06:00 AM
What if we need to communicate with controller via proxy, but not with the monitored services (i.e. when using extensions for kafka etc.)? Are there any parameters like -Dappdynamics.http.nonProxyHos...
See more...
What if we need to communicate with controller via proxy, but not with the monitored services (i.e. when using extensions for kafka etc.)? Are there any parameters like -Dappdynamics.http.nonProxyHost to whitelist them? Or how do we solve this problem?
10-04-2023
05:52 AM
Hi @davesplunk01 , I'm having the same senario like this, after the above steps that you had mentioned, I can see the total on the top along with the line, I don't need line, Can yo...
See more...
Hi @davesplunk01 , I'm having the same senario like this, after the above steps that you had mentioned, I can see the total on the top along with the line, I don't need line, Can you please help me in this. Thanks in Advance! Manoj Kumar S
10-04-2023
05:31 AM
What is EventCode 4624? Is that a log on, a log off or either? If it is either, how do you distinguish between the two? If it is one or the other, which events signify the other event? Essentially, h...
See more...
What is EventCode 4624? Is that a log on, a log off or either? If it is either, how do you distinguish between the two? If it is one or the other, which events signify the other event? Essentially, how can you tell from your data when a user logs on and when they log off?
10-04-2023
05:24 AM
Chris, That's what I'm trying to accomplish as I was able to define what is using the rule so I can start putting defined rules in front of it. In this case I was hoping that someone could help me e...
See more...
Chris, That's what I'm trying to accomplish as I was able to define what is using the rule so I can start putting defined rules in front of it. In this case I was hoping that someone could help me easily know what had not used the open rule so I can immediately put a rule in front of it to block any ports that haven't traversed it. I'll just close out my question and do things the slow way with exports to Excel. Thanks, Kimsey
10-04-2023
05:15 AM
1 Karma
@Roy_9 - Are you running the search in the same App where you created the lookup definition?
10-04-2023
05:13 AM
So I am experiencing this same issue as well, what would be the best way to add entity_title into a search or incorporate the field into the notable event/episodes?
10-04-2023
05:12 AM
@VatsalJagani @PickleRick Can you please help me with this?
10-04-2023
04:59 AM
@yuanliu I'm looking for previous 2 "weekday" average. Consider, today is "Wednesday". I want to plot avg of previous 2 Wednesday's as a comparison against live data. Along with this, how can the...
See more...
@yuanliu I'm looking for previous 2 "weekday" average. Consider, today is "Wednesday". I want to plot avg of previous 2 Wednesday's as a comparison against live data. Along with this, how can the search be only limited to the time range selected from the time picker ?
10-04-2023
04:43 AM
In my mind this isn't a Splunk problem - although you could use Splunk to identify the ports being allowed through by the permissive policy. My suggestion would be to add one or more policies befo...
See more...
In my mind this isn't a Splunk problem - although you could use Splunk to identify the ports being allowed through by the permissive policy. My suggestion would be to add one or more policies before the permissive policy that allow through the ports that you definitely want to allow. This will, overtime, reduce the number of ports being allowed through by the permissive policy and, at a point in time, the permissive policy can be removed.
10-04-2023
04:43 AM
https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-No-Enforcement-License/m-p/428446 I will update to 8 and then to 9, in the above link there was something about no enforcement license so...
See more...
https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-No-Enforcement-License/m-p/428446 I will update to 8 and then to 9, in the above link there was something about no enforcement license so checking if the license will still be applicable for 8.1 and later
10-04-2023
04:31 AM
Currently we have below license Splunk Enterprise - No Enforcement (6.5 ) , I was told this license is not supported for new users in splunk anymore. If I upgrade to 8 to 9, will this license still...
See more...
Currently we have below license Splunk Enterprise - No Enforcement (6.5 ) , I was told this license is not supported for new users in splunk anymore. If I upgrade to 8 to 9, will this license still be accepted?
10-04-2023
04:22 AM
@P3G4SUS - You can do that like this: ....
| eval empty_cells = case(isnull(A) AND isnull(B), 2, isnull(A), 1, isnull(B), 1, 1==1, 0)
| stats sum(empty_cells) as total_empty_cells I'm assuming y...
See more...
@P3G4SUS - You can do that like this: ....
| eval empty_cells = case(isnull(A) AND isnull(B), 2, isnull(A), 1, isnull(B), 1, 1==1, 0)
| stats sum(empty_cells) as total_empty_cells I'm assuming your two fields in the table is A and B, but you can replace that with what you have in above query and you should get your answer. I hope this helps!!!
10-04-2023
04:20 AM
So, I am searching for Multiple users logged into a single machine at the same time, or even within the same hour. Initially this is my search query to display how many users log-on in 1 host. ...
See more...
So, I am searching for Multiple users logged into a single machine at the same time, or even within the same hour. Initially this is my search query to display how many users log-on in 1 host. index="windows" sourcetype="WinEventLog" EventCode=4624 | search host!="*$*" | stats dc(user) as user_count by host the problem is it does not count the current user since there's log off events. hope I explained that clearly. Thanks.
10-04-2023
04:10 AM
Hi,
I have submitted my app into Splunk Cloud Platform for vetting process and it is in "Pending" status for more then 3 weeks. Is this timespan normal? Is there anyway to contact the team and c...
See more...
Hi,
I have submitted my app into Splunk Cloud Platform for vetting process and it is in "Pending" status for more then 3 weeks. Is this timespan normal? Is there anyway to contact the team and check for a more specific status? Thanks
- Tags:
- splunk search
Labels
10-04-2023
03:25 AM
This is a bit vague - what events are you dealing with (please provide anonymised samples)? In general, you could assign log on events a value 1 and log off events a value -1, then do a streamstats ...
See more...
This is a bit vague - what events are you dealing with (please provide anonymised samples)? In general, you could assign log on events a value 1 and log off events a value -1, then do a streamstats summing these values and when the sum is above 1 you have multiple users logged on. You would have to take care of the issue of log off events appearing without a preceding log on event, and all this tell you is the change, you might want to consider setting your start time to be when there is known to be zero users logged on.
10-04-2023
03:18 AM
| nomv FieldB
| nomv FieldC
| nomv FieldD
| stats count values(*) as * by FieldA
| foreach FieldB FieldC FieldD
[| eval <<FIELD>>=split(<<FIELD>>,"
")]
10-04-2023
03:12 AM
Please select the logs you wanted to ingest... fine-tune it. thats all. its very simple actually. or simply, go with filesize. order all your ingested files by their size(in DMC----license consu...
See more...
Please select the logs you wanted to ingest... fine-tune it. thats all. its very simple actually. or simply, go with filesize. order all your ingested files by their size(in DMC----license consumed by log sources in last 24hrs dashboard)... if you see any logs in top 10, top20 which is an unwanted log file, then... remove it from inputs.conf (you may be using wildcards in inputs.conf.... if so, add a blacklist for that file)
10-04-2023
02:47 AM
As we are on the Splunk cloud GCP its won't supports the null-queue.
10-04-2023
02:32 AM
I have data like provided below: field A Field B Field C Field D abc.com 1 1 AB CD 1 1 xyz.com 2 2 AB CD 1 1 abc.com 1 1 AB CD 1 1 xyz.com ...
See more...
I have data like provided below: field A Field B Field C Field D abc.com 1 1 AB CD 1 1 xyz.com 2 2 AB CD 1 1 abc.com 1 1 AB CD 1 1 xyz.com 2 2 AB CD 1 1 def.com 1 AB CD 0 I want to group Field A values such that all abc.com value come in 1 row with associated count. I want output like field A count Field B Field C Field D abc.com 2 1 1 AB CD 1 1 xyz.com 2 2 2 AB CD 1 1 def.com 1 1 AB CD 0 if I take path of stats count then it split field C and D which I don't want, I want them to be uniquely compared as a group value. looking for suggestions. Thanks in advance.
