Our problem and question are that the machine agent is installed and IIS there is a consumption of them. It is supposedly a license for all the monitoring, we have a premium license because it reports consumption of them and they are almost finished.

Hi All, I am looking to create an alert based on the following base search. index=wineventlog w19tax.exe app_name=W19TAX . I am specifically looking for the alert to only trigger when the same SID comes up multiple time for the same application. example event: 09/29/2021 04:21:08 PM LogName=Microsoft-Windows-AppLocker/EXE and DLL SourceName=Microsoft-Windows-AppLocker EventCode=8002 EventType=4 Type=Information ComputerName=BPOLCP01S12.rightnetworks.com User=NOT_TRANSLATED Sid=S-1-5-21-2605281412-2030159296-1019850961-762275 SidType=0 TaskCategory=None OpCode=Info RecordNumber=39961045 Keywords=None Message=D:\PROGRAM FILES\LACERTE\19TAX\W19TAX.EXE was allowed to run.

Hi, I have setup the forwarder, however I get the following when I try to run commands: What am I missing and what would the commands be to add them into Raspberry PI os (32bit) newest version? I used the ARM version listed as the newest version Or should I find other linux versions?

Hello, I use the following grid structure to define source and destination filters in one of my dashboards. I would like to add a button to each panel to reset the content of the input text box, however I am struggling to create the CSS code to align the link list input correctly. I would like to move them to the top-right corner of the wide input panels (the position is highlighted with a red box on the screenshot). Could someone please help me write the correct CSS code which would align the button correctly? I have added a run anywhere dashboard with the CSS scripts included. <form theme="dark"> <label>Dashboard CSS Alignment Example</label> <fieldset submitButton="false"></fieldset> <row> <panel id="inputFilterFirstColumnRow1"> <title>Filters</title> <html/> </panel> <panel id="inputFilterSecondColumnRow1"> <input type="link" token="tokClearSrcFilter" searchWhenChanged="true" id="button_clear_src_filter"> <label></label> <choice value="clear_src_filter">X</choice> <change> <condition value="clear_src_filter"> <unset token="tokClearSrcFilter"></unset> <unset token="form.tokClearSrcFilter"></unset> <set token="tokSrcFilter">*</set> <set token="form.tokSrcFilter">*</set> </condition> </change> </input> <input type="text" token="tokSrcFilter" searchWhenChanged="true" id="wideInputBox_SourceFilter"> <label>Source Filter</label> <default>*</default> </input> </panel> <panel id="inputFilterThirdColumnRow1"> <input type="link" token="tokClearDestFilter" searchWhenChanged="true" id="button_clear_dest_filter"> <label></label> <choice value="clear_dest_filter">X</choice> <change> <condition value="clear_dest_filter"> <unset token="tokClearDestFilter"></unset> <unset token="form.tokClearDestFilter"></unset> <set token="tokDestFilter">*</set> <set token="form.tokDestFilter">*</set> </condition> </change> </input> <input type="text" token="tokDestFilter" searchWhenChanged="true" id="wideInputBox_DestinationFilter"> <label>Destination Filter</label> <default>*</default> <initialValue>*</initialValue> </input> </panel> </row> <row depends="$alwaysHideCSSStyleOverride$"> <panel> <html> <style> /* Wide text input box style. Use id="wideInputBox_unique_id" in the input header */ div[id^="wideInputBox"] .splunk-textinput { min-width: 20vw !important; width: 40vw !important; max-width: 40vw !important; color: yellow; } div[id^="wideInputBox"] .splunk-textinput input[type="text"] { min-width: 20vw !important; width: 40vw !important; max-width: 40vw !important; color: yellow; } </style> <style> /* This section sets the width of the three columns of secondary filter panels - 10% - 45% - 45% */ div[id^="inputFilterFirstColumn"]{ width:10% !important; } div[id^="inputFilterSecondColumn"]{ width:45% !important; } div[id^="inputFilterThirdColumn"]{ width:45% !important; } </style> <style> /* Clear Button positioned to the right side of the panel */ div[id^="button_clear"]{ width:20px !important; float: right; } div[id^="button_clear"] button[data-test="option"]{ flex-grow: 0; border-radius: 2px; border-width: thin; border-color: lightgrey; border-style: inset; width: 20px; padding: 2px 2px; } div[id^="button_clear"] label{ display:none; } div[id^="button_clear"] span[data-test="label"]:hover{ } div[id^="panel"].fieldset{ padding: 0px; } </style> </html> </panel> </row> <row> <panel> <table> <search> <query> | makeresults | eval src=$tokSrcFilter|s$, dest = $tokDestFilter|s$ | table src, dest </query> <earliest>-24h@h</earliest> <latest>now</latest> </search> <option name="drilldown">none</option> </table> </panel> </row> </form>  Regards

hello I use a one hour span in my timechart but I dont understand why a two hour span is displayed on the timechart abscissa instead one hour? | timechart span=1h max(debut) as "Début de session", max(fin) as "Fin de session" thanks    

Hello, I need a help with a search that seems very easy, but I'm unable to achieve the results I want. The events are recieved in diferrent days, but no more than 3 days and the date is in the field event.Date. The date format is "yyyy-mm-ddT00:00:00". What I need is to search for all the events within the 3 days and then filter by the date. So i've tried the following search: index=something daysago=3 | eval dayOfSearch = strftime(relative(now(), "-2d@d"), "%Y-%m-%dT%H:%M:%S") | search event.Date = dayOfSearch It does not result to what I was expecting, but if I run the search replacing the variable dayOfsearch with the actual date, like "2021-09-05T00:00:00" it works. What am I doing wrong or is that I better way to achieve this results?   Thank you!