cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Ruski88
Engager
Member since: ‎03-01-2016
‎06-05-2020
Community Statistics
Posts 3
Solutions 1
Karma Given 2
Karma Received 4
Member Since ‎03-01-2016
Activity Feed
View All

Re: How to include a few events from the log prio...

by in Splunk Search
‎04-05-2017 04:18 PM
4 Karma
‎04-05-2017 04:18 PM
4 Karma
I was able to make the search below work so that when the event that triggered the alert ran, it would gather the last 5 events prior to the alert event within the same index & source specified. <Root_Search> | head 1 | eval marke=_time+1, marks=marke-60 | map search="search <Root_Search> starttimeu=$marks$ endtimeu=$marke$ | head <number_of_events_to_go_back> | reverse" EXAMPLE: index=_internal source=*splunkd.log* component=SearchScheduler | head 1 | eval marke=_time+1, marks=marke-60 | map search="search index=_internal source=*splunkd.log* starttimeu=$marks$ endtimeu=$marke$ | head 6 | reverse This will pull the last time splunk had seen an event from search:index=_internal source=splunkd.log component=SearchScheduler along with the last 5 events prior within "index=_internal source=splunkd.log" ... View more

Re: Creating a search app for users in a sandbox e...

by in Security
‎06-03-2016 12:47 PM
‎06-03-2016 12:47 PM
Comment doesn't allow to upload a local file ; -) It looks like the following on the SH server - ... View more

Re: Is there a search or btool command we can run ...

by in Splunk Search
‎05-18-2016 09:32 AM
‎05-18-2016 09:32 AM
Yes. Check out the forwarder reports included in: https://splunkbase.splunk.com/app/2678/ ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
Karma given to
View All