We're using this query to retrieve metrics on our hosts: index=_internal source=*metrics.log group=tcpin_connections
| eval sourceHost=if(isnull(hostname), sourceHost,hostname)
| rename co...
...he IP-HOST association is not respected. 1.1.1.1 connects to host1 ---> OK 1.1.1.1 connects to host2 ---> BAD 2.2.2.2 connects to host1 ---> BAD The connection from host1 should arrive o...
I have a query that gets a list of destination ips per source ip. I also want to add a column for the associated domain name per destination ip. The query I have to get destination ips per source i...
I have JSON event data like this (it is shown as a collapsable tree structure in the event view): {
"data": {
"192.168.1.1": {
"ip": "192.168.1.1",
"n...
Hello,
Is it possible to designate a different splunk instance as the master license server, but through the CLI?
not through the splunk webinterface
Thank you for your time.
Hi
Hope you are doing good..
I want to build one query where I will get user with associate event code or IP for example
If I use stats count by user, event code
I will get&n...
I have an event panel with 5 dropdown boxes as shown to be able to filter the base results based of 5 categories
by app name - there are two Apps BPE and BPO
by sts eg 400's ...
I have created a new entity type for ex:DB_connection and created a new saved search ( "ITSI Import Objects - Database_Connection" ) which populates new DB entities. Now the newly added entities ar...
...ndex in GUI, the size were all under limit. The sum of all were under 250 Gb, which made sense as the size of all index is set to 500GB (default). But when I calculated the size of the data models associate...
..., but it is associated with the same email account as this splunk user account so there's no way I did it. I am hoping someone at Splunk can take a look at this and figure out where the error is. To m...