×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
jpalacian
Path Finder
Member since: ‎11-15-2018
‎01-23-2023
Community Statistics
Posts 12
Solutions 2
Karma Given 3
Karma Received 2
Member Since ‎11-15-2018
Activity Feed
Topics I've Started
No posts to display.
View All

Re: How to group multiple machines and user sessio...

by in Getting Data In
‎03-13-2020 08:08 AM
‎03-13-2020 08:08 AM
Hi! use tostring(X, "duration") in your own query: | makeresults limit=1 | eval foo=303030 | eval duration=tostring(foo,"duration") ... View more

Re: Run Splunk query through excel

by in Splunk Search
‎03-13-2020 08:00 AM
‎03-13-2020 08:00 AM
I'd answer the same like skoelpin, maybe I can add that you can save your queries as reports and your users can access them whenever they need. ... View more

Re: Can I send uncooked data from one HF to anothe...

by in Getting Data In
‎03-04-2020 07:32 AM
‎03-04-2020 07:32 AM
Hi! Have a look here: https://docs.splunk.com/Documentation/Splunk/8.0.2/Forwarding/Forwarddatatothird-partysystemsd ... View more

Re: How to populate a null field if certain field ...

by in Splunk Search
‎02-28-2020 05:35 AM
1 Karma
‎02-28-2020 05:35 AM
1 Karma
Well, I'd use this slightly modified version ... | eval dest_port = case (rule="SSH-ACL" AND isnull(dest_port), 22, rule="NTP-ACL" AND isnull(dest_port), 123, 1==1, dest_port) ... View more

Re: Need to fetch events created in last 30days

by in Splunk ITSI
‎02-28-2020 05:31 AM
‎02-28-2020 05:31 AM
Hi! Where do you use this SPL? Are you building a new panel in a dashboard? If this is your case, you can add a timepicker and link your panel with it. But anyway, you can restrict your search like this: index=servicenow eventtype=snow_change* sourcetype="snow:change_request" (change_state_name="Work Complete" OR change_state_name=Closed) earliest=-30d latest=now | dedup ....... More info and options here: https://docs.splunk.com/Documentation/Splunk/8.0.2/SearchReference/SearchTimeModifiers https://docs.splunk.com/Documentation/Splunk/8.0.2/Search/Specifytimemodifiersinyoursearch ... View more

Re: Cant generate proper table with percentage and...

by in Splunk Search
‎02-28-2020 04:03 AM
1 Karma
‎02-28-2020 04:03 AM
1 Karma
index=servers | eval serverId_NOT_present=if(isnotnull(serverId), 0, 1) | stats count as totalServers, sum(serverId_NOT_present) as missingServers by rack | eval missingPercentage=round(100*missingServers/totalServers, 2) | stats sum(totalServers), sum(missingServers), sum(missingPercentage) by rack ... View more

Re: Sending a CSV file extracted from SPLUNK to ot...

by in Reporting
‎08-23-2019 07:38 AM
‎08-23-2019 07:38 AM
Maybe you can use your own custom search command using Splunk SDK for Python, have a look here: http://dev.splunk.com/view/python-sdk/SP-CAAAEU2 ... View more

Re: Stop splunk gracefully during system shutdown ...

by in Monitoring Splunk
‎08-08-2019 07:09 AM
‎08-08-2019 07:09 AM
Hi! Have you configured boot-start in your boxes? https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/ConfigureSplunktostartatboottime J. ... View more

Re: I am not able to send logs to 2 different inde...

by in Getting Data In
‎07-16-2019 06:50 AM
‎07-16-2019 06:50 AM
Hi! Have a look to this post, it may help you: https://splunkonbigdata.com/2019/02/27/send-specific-events-to-a-specific-index/ J. ... View more

Re: Email alert - search status failed - no email ...

by in Alerting
‎07-16-2019 06:47 AM
‎07-16-2019 06:47 AM
Hi! Can you add more details? Query that you are using, alert configuration, ... ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎01-23-2023 10:53 AM
Karma from
View All
Karma given to
View All