Here is my search in question, the common field is the SessionID
index=eis_lb apm_eis_rdp
|fillnull value="-"
|search UserID!="-"
| rex field=_raw "\/Common\/apm_eis_rdp:ent-eis[:a-zA-Z0-9_.-](?'S...
I am unaware of how to filter or disable the processing of ANSI escape codes as recommended by Splunk, due to the recently announced log injection vulnerability. We have a clustered environment r...
...ave to run a multisearch to keep track of all of my cx reservation codes, payment status and destinations. Because of the way this was implemented in our system, I extract the reservations codes&n...
I have different query result for different query. Can i make it generic one.
For now i have 4 different splunk dashboard url with different queries for 4 applications. can i bring it in one url in...
My inputs.conf from the deployment server (confirmed that it is being pushed to all hosts correctly):
{WinEventLog://Security}
index = wineventlog
sourcetype = WinEventLog:Security
...
Dear team, I need to join the two-index search and print the common ID's count. The below mentioned two different index it work independently, both the index having same correlation_ID but d...
Good Morning I'm trying to download splunk and start it on my terminal but I keep getting this error code:
Exception: <class 'PermissionError'>, Value: [Errno 13] Permission denied: '/o...