...ields? The end goal is to have the ability to perform set/append operations and use search commands and still have things sorted in indexed order.
This leads to curiosity about other useful internal f...
...rying to create a rule to alert on internal IP scanning. Below is my current logic.
index="firewall*"
| bucket _time span=15m@m
| stats dc(dest_ip) as num_dest_ips values(dest_ip) as dest_ips dc(d...
...When I checking the internal logs, the logs below were issued in the internal logs of the two search heads at approximately the same timing (deviation of about 0.4 seconds).
"INFO sendemail:1...
Not technically a question, but pretty sure will be helpful to many. If not helpful to you, please don't upvote.
As we know, Splunk CLI commands are in the form splunk <verb> <o...
Hi
I am trying to control Splunk from windows Prompt but it shows me the above statement,” SPLUNK IS NOT RECOGNIZED AS INTERNAL OR EXTERNAL COMMAND.”
How do i take control over it via windows prompt?
Hi All, On the internal logs i see this eval command error - ERROR EvalCommand - Error in 'eval' command: The expression is malformed. An unexpected character is reached at '*)/86400)'. but i...
...he internal stash source type. License is counted when the original source type is used instead of stash in output_mode=hec https://docs.splunk.com/Documentation/Splunk/9.0.2/SearchReference/C...
...owerShell log,However, I can receive Windows Security log, so I think I might input Invalid stanza in inputs.conf and I can't find an error that related inputs from internal log
Who can tell me h...
...osts for a specified sourcetype. I have used the following SPL to extract my data from the Splunk internal logs:
index=_internal source=*metrics.log group=*sourcetype* series=splunkd
| replace * W...
Hey there, i have wrote a custom command in order to execute whois querys using an internal whois server, which expects csv files and returns json files containing the results. The CSVs a...