I am new to Splunk, Can someone please explain me what below query is doing and what does 1 mean at the end of Sourcetype and LIke and what 1=1.
Thanks in advance
| eval UseInSummary=case(
...
I want to set up an organized system of permissions so we can give the right access to the right data and the right Splunk features to the right analysts in my organization. Can I get a sketch of how...
I want to calculate the volume of traffic ( FortiGate firewall) ;
I wrote this query I don't know if it's correct or not.
"index=<my index> sourcetype=<my_sourcetype> |...
Hello, I upgraded our office's Search Head (SH) to 8.1.9 from 8.0.4. On the previous version, MC wouldn't even load. Now that it does, the Overview Window just says "Searching for..." (See s...
I have a search to get an overview of all users with their authorizations: roles, capabilities, indexes (search found somewhere else on this community). I wonder if it is also possible to get an overview...
I have a handful of searches that I want to build into reports and dashboards so I can collaborate with my team. Can you give me a sketch of how Splunk reports and dashboards work?
I've been struggeling for a while and hopefully someone here can help me. Need to figure out if a user have an active session based on session id and user name. Active session is defined as...
What would be the best way to add 'hostname' field to the 'Status Overview' dash under Uptime Monitoring. I noticed under 'Data Inputs' / 'Ping' , a name(hostname) exists as new hosts are added. W...
Is there a quick way on getting a list of all events coming in and all feeds coming in?
Would it also be possible to see which feeds are being used for the data models?
And also getting a list o...
hello after I upgraded Splunk to the 9.1.1 version, some parts of the overview page in the distributed monitoring console were not completed and were empty. other tabs in the distributed m...