×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
gustavobrgyn
New Member
Member since: ‎06-04-2018
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎06-04-2018
Activity Feed
View All

Receiving error in search to compare two fields

by in Splunk Search
‎10-09-2019 01:58 PM
‎10-09-2019 01:58 PM
Where is the error? (index=paloalto sourcetype="pan:threat" action=allowed severity=critical src_interface="ethernet1/2.110") OR (index=trend sourcetype="deepsecurity-intrusion_prevention") | eval cs23=replace(cs1, "\"", "") | eval match=case("threat:cve" == cs23,"Yes","threat:cve" != cs23,"No") | stats count by match ... View more

Rapid7 search error

by in Monitoring Splunk
‎05-10-2019 05:32 AM
‎05-10-2019 05:32 AM
Hello, I'm trying to use the search below but I only get 0 events. What Am I doing wrong? index=rapid7 sourcetype=* | eval site=coalesce(site, "") | eval asset=coalesce(asset_id, "") | search site=* status=Approved reason="Acceptable risk" | search [search index=rapid7 sourcetype="rapid7:nexpose:asset" | fields * | eval tag=coalesce(split(nexpose_tags,";"), "") | search tag="*" * vendor_product="*" site_id="*" pci_status="*" (hostname=* OR ip=* OR mac=*) | fields * | table asset_id hostname ip mac os site_name nexpose_tags os] | dedup site asset vulnerability_id | sort "Status" DESC | table status vulnerability_id title asset_id severity_score severity reason additional_comments submitted_by review_date review_comment expiration_date port key ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM