Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About cyler
cyler
New Member
Member since:
04-04-2018
06-05-2020
Community Statistics
| Posts | 13 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 04-04-2018 |
Activity Feed
- Posted Re: Active computers reporting to splunk last 30 days on Splunk Search. 04-06-2018 07:14 AM
- Posted Re: Active computers reporting to splunk last 30 days on Splunk Search. 04-06-2018 07:12 AM
- Posted Splunk dash-board - How to show extracted fields on the left like when you search on All Apps and Add-ons. 04-06-2018 07:03 AM
- Tagged Splunk dash-board - How to show extracted fields on the left like when you search on All Apps and Add-ons. 04-06-2018 07:03 AM
- Tagged Splunk dash-board - How to show extracted fields on the left like when you search on All Apps and Add-ons. 04-06-2018 07:03 AM
- Tagged Splunk dash-board - How to show extracted fields on the left like when you search on All Apps and Add-ons. 04-06-2018 07:03 AM
- Tagged Splunk dash-board - How to show extracted fields on the left like when you search on All Apps and Add-ons. 04-06-2018 07:03 AM
- Tagged Splunk dash-board - How to show extracted fields on the left like when you search on All Apps and Add-ons. 04-06-2018 07:03 AM
- Posted Active computers reporting to splunk last 30 days on Splunk Search. 04-05-2018 11:34 AM
- Tagged Active computers reporting to splunk last 30 days on Splunk Search. 04-05-2018 11:34 AM
- Tagged Active computers reporting to splunk last 30 days on Splunk Search. 04-05-2018 11:34 AM
- Tagged Active computers reporting to splunk last 30 days on Splunk Search. 04-05-2018 11:34 AM
- Tagged Active computers reporting to splunk last 30 days on Splunk Search. 04-05-2018 11:34 AM
- Posted Re: Field Extraction and search on Splunk Search. 04-05-2018 11:29 AM
- Posted Re: Field Extraction and search on Splunk Search. 04-05-2018 11:29 AM
- Posted Re: Field Extraction and search on Splunk Search. 04-05-2018 11:29 AM
- Posted Re: Field Extraction and search on Splunk Search. 04-05-2018 08:37 AM
- Posted Re: Splunk Search - 'OR' operator is missing a clause on the right hand side on Splunk Search. 04-05-2018 06:37 AM
- Posted Re: Splunk Search - 'OR' operator is missing a clause on the right hand side on Splunk Search. 04-05-2018 06:37 AM
- Posted Re: Splunk Search - 'OR' operator is missing a clause on the right hand side on Splunk Search. 04-05-2018 06:35 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
04-06-2018
07:14 AM
index=my_index* | metadata type=hosts
Error in 'metadata' command: This command must be the first command of a search.
The search job has failed due to an error. You may be able view the job in the Job Inspector.
... View more
04-06-2018
07:12 AM
Forgive my being naive - Here is what result I get back
... View more
04-06-2018
07:03 AM
When I do a normal search I see the extracted fields on the left.
In the dashboard that I am creating, how do I show that info too?
Here is my dashboard - the extracted feilds are not showing on the left;
... View more
04-05-2018
11:34 AM
I would like to know how to search for all computers that are reporting to Splunk in the last 30 day.
Thank you
... View more
04-05-2018
06:35 AM
Thank you very much for the help. I am able to get the results I need.
... View more
04-05-2018
06:31 AM
Here is the line in the log I am working with;
Message=COMPUTERNAME [Monday, April 02, 2018 7:15:53 AM (GMT-06:00)]: Status of device 'COMPUTER' changed to Critical: Many viruses detected.
Goal;
I would like to search my database for all logs that have the status "Many viruses detected"
I am newer to splunk, I need to use rex correct? I do not think the field has been extracted yet.
After being able to find all the computers with this log, I would like to extract the field for future use.
My search;
index=my_index | rex field=_raw"(?)Message=(?[a-zA-z0-9:\s[]\-,=`'."]\sMany\sviruses\sdetected"
... View more
04-04-2018
06:44 AM
Issue, here is my search
index=my_index EventSubType="Computer Modified"
NOT UserName="System"
"HostIP=172.16.1." OR
"HostIP=172.16.4." OR
"HostIP=172.16.5.*" OR
| table _time EventSubType UserName HostIP HostName Message
Here is my error - Error in 'search' command: Unable to parse the search: 'OR' operator is missing a clause on the right hand side.
Please help, thank you
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
