...6:30:59:002 moduleF:[C1]L[143]F[11]ID[123456]
16:30:60:002 moduleZ:[C1]L[143]F[11]ID[123456] need to find module flow for each transaction and find rare flow. challenges: 1- there i...
hello! I have this search, and I want to add more parameters like time etc. the thing is - when I'm using rare its show only the SHA256HashData and count ```index=myindex | stats count by S...
...utomatic lookup table so it has to be replicated to the search peers. The lookup table file is static and rarely changed. My questions are: - Once the replication bundle syncs successfully, will Splunk SH t...
Hi, I'm building a report to count the numbers of events per AWS accounts vs Regions with stats and xyseries. It works well but I would like to filter to have only the 5 rare regions (fewer events)....
I'm finding some splunk commands can detecting unusual event.
For example, each event has username field, usually usernames are same or similar, but sometimes there are some unusual username. So, I...
Hi,
I'm trying to find least common agent useing two commands:
1) sourcetype=access_combined| rare useragent
2) sourcetype=access_combined| stats values(useragent) count by useragent | sort c...
We have a case of a delay of an hour for a certain index that happened last week, while the indexing delays are normally up to half a minute. I'm struggling with the parameters for the MLTK to captur...
I want to search for Okta Logs to find users that logged in from rare countries. So typically, users who logged from USA, UK, Australia is considered BAU but those from Kuwait, Lesotho, etc are rare....
Hey everyone
i have a little bit of a problem with some of my searches, as I am only rarely able to execute them. Splunk Web just keeps showing the "new search" page (in a dashboard it shows "C...