Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forΒ
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forΒ
- About jmteo
jmteo
Explorer
Member since:
β07-22-2018
β06-05-2020
Community Statistics
| Posts | 9 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 1 |
| Member Since | β07-22-2018 |
Activity Feed
- Got Karma for How to create a new field using eval by eventtype?. β06-05-2020 12:49 AM
- Posted How do I get IMAP Mailbox to receive emails - what does the MissingSectionHeaderError mean? on All Apps and Add-ons. β08-13-2018 08:06 AM
- Tagged How do I get IMAP Mailbox to receive emails - what does the MissingSectionHeaderError mean? on All Apps and Add-ons. β08-13-2018 08:06 AM
- Posted Re: How to create a new field using eval by eventtype? on Splunk Search. β08-06-2018 08:05 AM
- Posted Re: How to create a new field using eval by eventtype? on Splunk Search. β08-06-2018 07:07 AM
- Posted Re: How to create a new field using eval by eventtype? on Splunk Search. β08-06-2018 04:17 AM
- Posted Re: How to create a new field using eval by eventtype? on Splunk Search. β08-06-2018 02:33 AM
- Posted Re: How to create a new field using eval by eventtype? on Splunk Search. β08-06-2018 01:15 AM
- Posted How to create a new field using eval by eventtype? on Splunk Search. β08-05-2018 10:54 PM
- Tagged How to create a new field using eval by eventtype? on Splunk Search. β08-05-2018 10:54 PM
- Tagged How to create a new field using eval by eventtype? on Splunk Search. β08-05-2018 10:54 PM
- Posted Re: Is it possible to create a field alias on a lookup output field for mapping to the CIM model? on Knowledge Management. β07-23-2018 12:53 AM
- Posted Is it possible to create a field alias on a lookup output field for mapping to the CIM model? on Knowledge Management. β07-22-2018 10:28 PM
- Tagged Is it possible to create a field alias on a lookup output field for mapping to the CIM model? on Knowledge Management. β07-22-2018 10:28 PM
- Tagged Is it possible to create a field alias on a lookup output field for mapping to the CIM model? on Knowledge Management. β07-22-2018 10:28 PM
- Tagged Is it possible to create a field alias on a lookup output field for mapping to the CIM model? on Knowledge Management. β07-22-2018 10:28 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 1 | |||
| 0 |
β08-13-2018
08:06 AM
Hi guys,
I am trying out using IMAP mailbox to get email messages from my mail server that runs dovecot on the default port (143). However, I keep running into this issue of MissingSectionHeaderError, and I have no idea how to resolve it even after looking around, as it seems that no one seemed to have this error before. Would anyone be kind enough to advise me as to how to resolve this issue? Thanks a lot π
... View more
- Tags:
- IMAP Mailbox
β08-06-2018
08:05 AM
Yeap, that's how it looked like in my local props.conf file for my add-on before I changed it to try something else, which is why all the more I am puzzled that no matter how I try today, the evaluation is not working properly. I will try again tomorrow to see how it goes, it might just be a case of my splunk instance lagging. Thanks for your help so far π
... View more
β08-06-2018
07:07 AM
I am doing this through the "evaluated fields" section under fields and adding an eval statement for the splunk TA that I am developing. I have looked at the props.conf present in the local folder, the eval statement is as I have added in the splunk UI
... View more
β08-06-2018
04:17 AM
Weird. It seems like the eval for action just refuses to work, I even tried changing the action to evalAction, and manually filtering mod_action to be N.A for the auth events, but while the mod_action for auth events became N.A, when I got evalAction to check if mod_action is N.A and return the outcome field if it is and mod_action field if it is not, the if statement keeps evaluating to false and mod_action values are displayed for evalAction. Guess itβs just some issueβs with Splunk so Iβll try again tmr
... View more
β08-06-2018
02:33 AM
Hi Guys,
I have authentication events tagged as authentication, and change events tagged with change. What would be a possible way to do an eval like what I asked above, without using the tags, if the events contains no clear indication as to whether they are change or authentication events? I have tried with eventtypes as suggested above but even that does not work as action keeps being mod_action
... View more
β08-06-2018
01:15 AM
For the current eval statement, the action field always evaluates to mod_action
... View more
β08-05-2018
10:54 PM
1 Karma
Hi guys,
I am trying to create an evaluated field, action, that will contain different values from different fields based on whether the eventtype is change for mapping to the change and authentication CIM models action field respectively. After some research and searching around, I still am stuck at it.
My current eval statement is:
eval action = if('tag::eventtype'!="change", outcome, mod_action)
Examples of values: outcome=> success, failure mod_action=> modified, deleted
Could someone kindly advise me as to what I am doing wrong here? Why is it that when I try this splunk always evaluates action to either outcome or mod_action, and not either of them depending on the eventtype? Thanks and have a pleasant day ahead π
... View more
β07-23-2018
12:53 AM
Guess I overlooked that. Thanks π
... View more
β07-22-2018
10:28 PM
Hi guys,
I am in the midst of trying to map the fields in my data to the splunk authentication CIM. However, I realised that I don't seem able to create a field alias on lookup output fields (eg. Interfaces [lookup output field] => App [CIM field]) {ie This field aliases don't show up}. Is it possible to create a field alias for mapping my lookup output field to the CIM model, and if there isn't, could I kindly request for your suggestion as to what I can do to map my lookup fields to the CIM Model? Thanks and have a pleasant day/evening ahead π
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
β06-05-2020
02:04 AM
|
