×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
rpolanco
New Member
Member since: ‎10-14-2014
‎06-05-2020
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎10-14-2014
Activity Feed
View All

Why can't I change the permissions for a macro I j...

by in Security
‎10-14-2014 09:49 AM
‎10-14-2014 09:49 AM
I just created a macro and by default it is private but I can't see the permissions link next to it to change it. Does it have to do with my type of account? ... View more

Re: How to reference a string variable in a search...

by in Splunk Search
‎10-14-2014 09:34 AM
‎10-14-2014 09:34 AM
Got it to work; I forgot the bacquotes. Thanks ... View more

Re: How to reference a string variable in a search...

by in Splunk Search
‎10-14-2014 09:22 AM
‎10-14-2014 09:22 AM
I tried creating the macro and the search still does not return anything even if a type a specific IP instead of the subnet. This is the search: subnet("207.45.47.0/24") Not sure why it's not returning anything. The fields in the macro's definition match exactly. ... View more

How to reference a string variable in a search to ...

by in Splunk Search
‎10-14-2014 08:37 AM
‎10-14-2014 08:37 AM
This is the search that I'm trying to do but it does not return anything. I'm trying to create a string variable and referencing it in a search so that I don't have to retype it eight times. And if I wan't to change the string, I only have to do it once. | eval subnet="207.45.47.0/24" | search src_ip=subnet OR source_address=subnet OR src_translated_ip=subnet OR nat_source_address=subnet OR dest_ip=subnet OR destination_address=subnet OR dest_translated_ip=subnet OR nat_destination_address=subnet Is this allowed or is there a better way of doing it? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM