Activity Feed
- Got Karma for How to search for hosts with an issue where a type of event was not followed by another type within an hour?. 06-05-2020 12:47 AM
- Posted Re: How to search the count and average count of events per hour? on Splunk Search. 08-14-2015 05:26 AM
- Posted How to search the count and average count of events per hour? on Splunk Search. 08-14-2015 03:25 AM
- Tagged How to search the count and average count of events per hour? on Splunk Search. 08-14-2015 03:25 AM
- Posted Re: Is it impossible to combine the results of a normal search and threshold search in a single table on Splunk Search. 06-18-2015 03:10 AM
- Posted Re: Is it impossible to combine the results of a normal search and threshold search in a single table on Splunk Search. 06-17-2015 08:25 AM
- Posted Re: Is it impossible to combine the results of a normal search and threshold search in a single table on Splunk Search. 06-17-2015 06:50 AM
- Posted Re: Is it impossible to combine the results of a normal search and threshold search in a single table on Splunk Search. 06-17-2015 04:46 AM
- Posted Re: Is it impossible to combine the results of a normal search and threshold search in a single table on Splunk Search. 06-17-2015 04:12 AM
- Posted Is it impossible to combine the results of a normal search and threshold search in a single table on Splunk Search. 06-17-2015 03:19 AM
- Posted Need to get stats count by day on Splunk Search. 05-31-2015 06:10 AM
- Tagged Need to get stats count by day on Splunk Search. 05-31-2015 06:10 AM
- Tagged Need to get stats count by day on Splunk Search. 05-31-2015 06:10 AM
- Tagged Need to get stats count by day on Splunk Search. 05-31-2015 06:10 AM
- Posted how to run a schedule search and Set alert conditions for scheduled searches and sent results by mail on Reporting. 03-13-2015 09:15 AM
- Tagged how to run a schedule search and Set alert conditions for scheduled searches and sent results by mail on Reporting. 03-13-2015 09:15 AM
- Posted How to search for and display all hosts that have more than 1 eventtype? on Splunk Search. 12-29-2014 06:59 AM
- Tagged How to search for and display all hosts that have more than 1 eventtype? on Splunk Search. 12-29-2014 06:59 AM
- Tagged How to search for and display all hosts that have more than 1 eventtype? on Splunk Search. 12-29-2014 06:59 AM
- Posted Re: How to search for hosts with an issue where a type of event was not followed by another type within an hour? on Splunk Search. 12-11-2014 04:54 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 0 |
08-14-2015
05:26 AM
THANK YOU VERY MUCH !!!
... View more
08-14-2015
03:25 AM
Hello
Please can you provide a search for getting the number of events per hour and average count per hour?
... View more
- Tags:
- average
06-18-2015
03:10 AM
hi fdi01 , I dont see any mention CPU utlization in the query that you have provided above . Please note that i need to see all other event types + the ones where CPU is higher than 50%
The table should look like this
machine1 - disk failure
machine2 - virus failure
machine4 0- cpu utlization 80
machine5 - ram crash
shellnight · 17 hours ago
I am afraid you are not understanding the request.
I need the list of all problems in machine but exclude the occurences for cpu utlization less than 50
... View more
06-17-2015
08:25 AM
I am afraid you are not understanding the request.
I need the list of all problems in machine but exclude the occurences for cpu utlization less than 50
... View more
06-17-2015
06:50 AM
^^ hi fdi01 , I dont see any mention CPU utlization in the query that you have provided above . Please note that i need to see all other event types + the ones where CPU is higher than 50%
The table should look like this
machine1 - disk failure
machine2 - virus failure
machine4 0- cpu utlization 80
machine5 - ram crash
... View more
06-17-2015
04:46 AM
Sorry ,A correction is required . There are 3 fields
Machine name
problem type
Count
i need the list of machine where the count is higher than 50 for cpu utlization along with normal search
... View more
06-17-2015
04:12 AM
its not just about machine3 , the purpose of the search is to exclude all those results which have cpu utlization less than 50%
... View more
06-17-2015
03:19 AM
Is there any way the results of a normal search and threshold search can be combine and displayed in a single table on the dashboard ?
The data i have is just 2 fields . Machine name and its problem
machine1 - disk failure
machine2 - virus failure
machine 3 - cpu utlization 15%
machine4 0- cpyu utlization 80%
machine5 - ram crash
I want the results to be displayed as below ignoring the machine with CPU with 15% utlization and only display machine with cpu utlization higher than 50%
So the results of the table should be :
machine1 - disk failure
machine2 - virus failure
machine4 0- cpyu utlization 80%
machine5 - ram crash
... View more
05-31-2015
06:10 AM
I need a daily count of events of a particular type per day for an entire month
June1 - 20 events
June2 - 55 events
and so on till June 30
available fields is websitename , just need occurrences for that website for a month
... View more
03-13-2015
09:15 AM
Please let me know as to how we run a schedule search and Set alert conditions for scheduled searches and sent results by mail
Below are the fields. I want to be able to receive an alert when the CPU value cross 80
Servername:
CPU usage :
... View more
- Tags:
- scheduled-search
12-29-2014
06:59 AM
is there a way to search for more than 1 eventtype for a single host and display the same in a stats table
fields available are
hostsname
eventtype= eg disk full, disk crash, cpu high
need to display all hosts which have more than 1 eventtype .eg a hostname with both cpu high and disk full
... View more
12-11-2014
04:54 AM
Hello there
can you please check if there is something wrong in the syntax
... View more
12-10-2014
05:33 AM
Error in 'where' command: The arguments to the 'isnull' function are invalid.
... View more
12-04-2014
04:56 AM
Hi guys
need your help. is there a tool which can monitor and forward logs from windows 2000/2003 servers to Splunk?
... View more
- Tags:
- forwarding
- windows
11-28-2014
07:43 AM
Hello please can you provide update
... View more
11-28-2014
02:11 AM
Hello somesoni2 can you update the query to exclude the events where actiontaken is either partly removed or Unknown so that they show up in search
your base search | transaction maxspan=60m startswith="ActionTaken=None" keeporphans=t | where mvcount(ActionTaken) =1 AND mvindex(ActionTaken,0)="None"
... View more
11-26-2014
01:49 AM
please can you provide a update on this issue
... View more
11-25-2014
02:16 AM
thanks somesoni2 , can you have above search amended so it lists the events within the same hour and also shows computername
The field available are
virusname
hostip
computername
... View more
11-24-2014
11:44 AM
I am trying to detect a virus outbreak in our network. Just want to check if 3 or more hosts have the same virusname in a subnet usually the first 24 bits match
Fields available
VirusName=conficker
Host IP address=X.X.X.X
... View more
11-24-2014
11:38 AM
thank you very much 🙂
It works fine
... View more
11-24-2014
07:36 AM
please can someone help
... View more
11-24-2014
05:34 AM
The search ran for logs of a 1 month period with no errors but failed to retrieve any results
One machine had 3 occurrences of action taken= none and wasnt followed by any removal actions
10/11/2014 20:01 : ComputerName=test1 VirusName=conficker ActionTaken=None
10/11/2014 20:02 "ComputerName=test1 VirusName=conficker ActionTaken=None
10/11/2014 20:03 : ComputerName=test1 VirusName=conficker ActionTaken=None
... View more
11-24-2014
03:17 AM
1 Karma
Need to find hosts where an event of a type was not followed by event of another type within an hour
I need to find hosts where virus infection was detected and it failed to perform any action, where "None" is not followed up by of the other events " Blocked OR removed OR quarantined" in 1 hour
Fields available are
ComputerName=
VirusName=
Action Taken=
Sample log
10/11/2014 20:01 : ComputerName=test1 VirusName=conficker ActionTaken=None
10/11/2014 20:02 "ComputerName=test1 VirusName=conficker ActionTaken=blocked
10/11/2014 22:01 : ComputerName=test20 VirusName=conficker ActionTaken=None
10/11/2014 20:01 : ComputerName=test30 VirusName=conficker ActionTaken=None
10/11/2014 20:02 "ComputerName=test30 VirusName=conficker ActionTaken=removed
As you can seen above, no action was taken by antivirus on Computer test20. I need to write a search query to create a report or dashboard to find any such machine.
Any pointers in the right direction would be appreciated
... View more
11-09-2014
12:48 AM
Yes martin_mueller did provide a way using subsearch and it gives the right information but the event count and sparkline for the threshold event was incorrect .
Though they were 5 events for the host , it came as 1 event with a flat sparkline instead of coming as 5.just need that to be corrected
... View more
11-07-2014
02:11 AM
it gives error .
Error in 'eval' command: Typechecking failed. The '==' operator received different types.
... View more
