Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
1,000 results
Sorted by:
a month ago
...essage and correlate between two. I am looking for numbers 272 and 1,856 from HERE and looking for sample1 and sample2 from THERE
both HERE and THERE will have 272 common and that is the only one....
Labels
- Labels:
-
join
-
stats
-
subsearch
-
transaction
02-10-2022
09:24 PM
Hello peeps,
Does anyone know a better accelerator command that can help to correlate data? Im trying to correlate proxy server logs and AD logs. Please see my base search;
(index=p...
Labels
- Labels:
-
using Splunk Enterprise
Show results in replies (4)
-
That's what groupping in stats is for. So your approach to do | stats values(whatever) by src_ip ...
-
Transaction is meant for something completely different. It looks like you only need to do the sta...
-
...bsp; src index=ad --> src_ip, src I need to correlate this src_ip field from index=proxy w...
-
Got it! Ive removed the transaction command and just leave the stats command. It works. Thank you s...
2 weeks ago
Hello,
Help me please. I'd like to define multiple search or subsearch to merge all relevant information about alerts.
Interesting fields in search are the hosts - as managed_host field and...
Labels
- Labels:
-
subsearch
Show results in replies (5)
-
Try this index=main [search index=main ( managed_host="host_A" OR managed_host="host_B" OR managed...
-
Try something like this index=main [search index=main ( managed_host="host_A" OR managed_host="hos...
-
Thanks for the reply. Almost good. the subseach returns the relevant alert numbers, thats okay.&nb...
-
The subsearch is just returning alert numbers not managed_host values so the outer search should be...
-
Yes, thats the problem... some lines has the number extracted as alert_num, some has not. thats why...
01-05-2021
07:10 AM
Hello, Our environment has this linux server that continually get's hit with Brute force attacks. I am trying to figure out where they are coming from. Since our servers are behind a nated firewall ...
03-17-2021
03:25 AM
...ther than “success” in our ldap logs: index=ldap sourcetype="openldap:access" err!=0 Unfortunately, we can't find a way correlate this event with other events in order to find the username a...
Labels
- Labels:
-
using Splunk Enterprise
06-24-2020
12:03 AM
I want to correlate the login events of aws console to login events of cyberark. people login to aws console via cyberark. so need to correlate the login events of aws with cyberark, that i...
- Tags:
- search
03-10-2021
03:13 AM
Hello, Having defined multiple alerts before starting to use Enterprise Security, is there a way to convert the existing alerts to correlation searches ? Instead of sending emails as a...
Labels
07-28-2021
08:48 PM
Hi Splunkers. I'm looking for a way to delete a correlation search that has been created with the wrong name (as ES doesn't let you rename them). The CS is currently disabled but I don't see a w...
Labels
- Labels:
-
other
10-11-2019
11:52 PM
1 Karma
Sorry for not spelling the problem out in the title, I'm a bit stuck even for the correct language to describe my puzzle. It's best I explain...
I have one index full of log data like the followin...
06-19-2012
03:31 PM
I have two events:
Event 1:
transactionId=123 field_x=x_value
Event 2
transactionId=123 status=success
How can I correlate these two?
I want to create a timechart for “field_x” when “s...
- Tags:
- correlation
