...ields? The end goal is to have the ability to perform set/append operations and use search commands and still have things sorted in indexed order.
This leads to curiosity about other useful internal f...
...rying to create a rule to alert on internal IP scanning. Below is my current logic.
index="firewall*"
| bucket _time span=15m@m
| stats dc(dest_ip) as num_dest_ips values(dest_ip) as dest_ips dc(d...
...When I checking the internal logs, the logs below were issued in the internal logs of the two search heads at approximately the same timing (deviation of about 0.4 seconds).
"INFO sendemail:1...
Not technically a question, but pretty sure will be helpful to many. If not helpful to you, please don't upvote.
As we know, Splunk CLI commands are in the form splunk <verb> <o...
Hi
I am trying to control Splunk from windows Prompt but it shows me the above statement,” SPLUNK IS NOT RECOGNIZED AS INTERNAL OR EXTERNAL COMMAND.”
How do i take control over it via windows prompt?
Hi All, On the internal logs i see this eval command error - ERROR EvalCommand - Error in 'eval' command: The expression is malformed. An unexpected character is reached at '*)/86400)'. but i...
I am on ubuntu 18, splunk 8.1.4 I downloaded 5.0.3 and 5.0.2 (for testing) anomali threat detection app from here and when I click "Manage Apps" I get the 500 internal server e...
Hey there, i have wrote a custom command in order to execute whois querys using an internal whois server, which expects csv files and returns json files containing the results. The CSVs a...
Hi all,
Splunk documentation seems to recommend us to use si commands within PostProcess searches:
http://docs.splunk.com/Documentation/Splunk/5.0.2/AdvancedDev/PostProcess
So, my question i...
...he PowerShell log,However, I can receive Windows Security log, so I think I might input Invalid stanza in inputs.conf and I can't find an error that related inputs from internal log
Who can tell me h...