cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
chungmp
New Member
Member since: ‎03-26-2014
‎06-05-2020
Community Statistics
Posts 7
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎03-26-2014
Activity Feed
View All

How to remove your own searches

by in Splunk Search
‎06-09-2014 08:37 AM
‎06-09-2014 08:37 AM
I am creating a dashboard for failed login, however, in the table created, there will be rows with all "" as values- How can I eliminate them? I have tried | fillnull value=("NA" OR "") but didn't work. dproc=sshd categoryOutcome=/Fail* (src=* OR shost=* OR dvc=* OR dvchost=* OR suser=* OR duser=* OR msg=*)| table _time src shost dvc dvchost suser duser msg | fillnull value="NA" |top 20 _time src shost dvc dvchost suser duser msg ... View more

Re: Creating Dashboard/Tables

by in Dashboards & Visualizations
‎06-09-2014 04:39 AM
‎06-09-2014 04:39 AM
Yes, I did... I actually took out categoryOutcome and replaced with _time dproc=sshd categoryOutcome=/Fail (src= OR shost= OR dvc= OR dvchost= OR suser= OR duser= OR msg=*)| table _time src shost dvc dvchost suser duser msg | fillnull value=("NA" OR "") |top 20 _time src shost dvc dvchost suser duser msg ... View more

Re: Creating Dashboard/Tables

by in Dashboards & Visualizations
‎06-05-2014 01:00 PM
‎06-05-2014 01:00 PM
Also, The results displays a row that says "NA" for all fields and one of them says "None", which I modified | fillnull value=("NA" OR "None"), but then I got missing results - i.e. some results disappeared that was there before if I just have | fillnull value="NA" ... View more

Re: Creating Dashboard/Tables

by in Dashboards & Visualizations
‎06-05-2014 12:59 PM
‎06-05-2014 12:59 PM
Thank you! I tried that and it works however, now I get a line with "" for all fields, except time column. I also tried:| fillnull value=("NA" OR "") but didn't help (please see below). Thanks! dproc=sshd categoryOutcome=/Fail* (categoryOutcome=* OR src=* OR shost=* OR dvc=* OR dvchost=* OR suser=* OR duser=* OR msg=)| table categoryOutcome src shost dvc dvchost suser duser msg | fillnull value=("NA" OR "") |top 20 categoryOutcome src shost dvc dvchost suser duser msg ... View more

Dashboard ideas

by in Dashboards & Visualizations
‎06-05-2014 12:00 PM
‎06-05-2014 12:00 PM
What types of dashboard (which specific information to consider) when dealing w/ closed network monitoring (i.e. not connected to the Internet)? This is for an Enterprise system with several users. Failed logins/SSHD have been taken into account. Thanks! ... View more

Re: Creating Dashboard/Tables

by in Dashboards & Visualizations
‎06-05-2014 11:51 AM
‎06-05-2014 11:51 AM
Thank you!! There is a line w/ all N/A values, except for time- I added _time, which i believe is my own searches in splunk. How can I get rid of that? ... View more

Creating Dashboard/Tables

by in Dashboards & Visualizations
‎06-05-2014 10:23 AM
‎06-05-2014 10:23 AM
Thank you for coming by a few weeks ago. I am trying to create Dashboard for failed login- however since we are getting data from multiple sources, i.e. syslog, CEF, etc.. we don’t have the same fields in the results. For example- I am trying to create a table that display failed login results for all sshd processes (and they come from different type of sources- ie. Some may have suser field, some may not, and what I have realized is that the result will only display those with “src shost dvc dvchost suser duser msg”, where the fields are empty it will omit them. Hence I am missing events. dproc=sshd categoryOutcome=/Fail*|top 20 categoryOutcome src shost dvc dvchost suser duser msg I hope I make sense. Please let me know if you have any questions/what I need to change? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM