Search

Janani_Krish · ‎09-17-2020

Hi, I tried the below query to fit my model, sourcetype=files command="*cmd.exe*" earliest=-90d@d latest=-1d@d|stats count values(file_path) values(user_name) values(action) by device_name,command...

jip31 · ‎12-22-2020

...ookup host_allIND.csv HOSTNAME as host output SITE DEPARTMENT CATEGORY | stats max(BootTime) as "Boot time" last(SITE) as SITE last(CATEGORY) as CATEGORY last(DEPARTMENT) as DEPARTMENT by host &n...

nishad_tupe · ‎01-30-2020

...he impact. So I wanted to use a custom generating command that gives me flexibility to generate the SeviceNow incident with additional fields as parameters. Here is my search (My alert condition i...

markerton · ‎09-13-2018

...ount by category | sort -count I've tried searching around and trying a few other commands (like useother but can't seem to get it to work out how I want it. Thanks in advance for any help.

jonfrancais · ‎08-13-2016

...ourcetype' with the following configuration: [mySourceType] DATETIME_CONFIG = CURRENT KV_MODE = json AUTO_KV_JSON = true category = Custom pulldown_type = 1 The custom command builds a record with the J...

mrjester · ‎06-21-2012

...ebAsset EventCode=10001 EventType=4 Type=Information ComputerName=dev-web Category=0 CategoryString=none RecordNumber=90606 Message=Message=Save @objId=641 @user=Admin1 @rqstrName=James Doe @alt1RqstrName=J...

jip31

Hello The join comamnd below truncate events because I have results if I execute the ode before the join command but I havent results if I execute the second part Considering that my company dont w...

mansourireza · ‎03-31-2020

I have the following scheduled search that updates a lookup (simple_identity_lookup) by adding new entries that aren't already in it. | datamodel Identity_Management "All_Identities" search | `d...

ra01 · ‎05-23-2016

...| timechart span=1h sum(value) as total by category | streamstats global=f sum(total) as accu_total http://docs.splunk.com/Documentation/Splunk/6.0/SearchReference/streamstats When I t...

ipoluda

...um(bytes_in) as totalBytesIn, sum(bytes_out) as totalBytesOut, values(category) by src_host

Search

Search the Community

fit command in MLTK detecting categorial outliers

Help on basic question concerning lookup command

snowincident command not working, its not getting ...

How do you show only specific categories in return...

Generating custom command with complete JSON field...

Transaction command causing zero results

help on join command which truncate events

Error in 'lookup' command: Could not construct loo...

Why am I unable to get a running total using the s...

How to split stats command results into rows