cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
apilger_splunk
Splunk Employee
Member since: ‎03-11-2016
‎06-05-2020
Community Statistics
Posts 7
Solutions 3
Karma Given 0
Karma Received 18
Member Since ‎03-11-2016
Activity Feed
Topics I've Started
No posts to display.
View All

Re: Use geostats to mark multiple points on the ma...

by Splunk Employee in Splunk Search
‎01-15-2018 10:13 AM
‎01-15-2018 10:13 AM
Hi ShiORi, The geostats command has two parameter to adjust the granularity for positioning point on the map: binspanlong and binspanlat You may use smaller values that default eg.: | geostats latfield=latitude binspanlong=10 binspanlat=5 longfield=longtitude count(redCount) as "Parking" count(greenCount) as "NoCarParking" ... View more

Re: Splunk Add-on for Check Point OPSEC LEA: Shoul...

by Splunk Employee in All Apps and Add-ons
‎03-02-2017 11:33 AM
‎03-02-2017 11:33 AM
Are you using Splunk Add-on for Check Point OPSEC LEA (https://splunkbase.splunk.com/app/3197/) in the latest version? ... View more

Re: How to create a Splunk user using configuratio...

by Splunk Employee in Security
‎03-02-2017 11:26 AM
3 Karma
‎03-02-2017 11:26 AM
3 Karma
Would be command line useful as well? Configure users with the CLI https://docs.splunk.com/Documentation/Splunk/6.5.2/Security/ConfigureuserswiththeCLI ... View more

Re: Calculate time difference in two different log...

by Splunk Employee in Splunk Search
‎07-19-2016 10:45 AM
‎07-19-2016 10:45 AM
Try this: source="/hdx2/was70-32/AppServer/profiles/AppSrv01/logs/PRD2_PY0/KAPE_Receive.log" OR source="/hdx2/was70-32/AppServer/profiles/AppSrv01/logs/PRD2_PY0/KAPE_Send.log" | stats min(_time) AS my_start,max(_time) AS my_end by thread_id| eval reponse_time=my_end-my_start ... View more

Re: Dashboard Base Search is not working for all p...

by Splunk Employee in Splunk Search
‎07-19-2016 10:15 AM
10 Karma
‎07-19-2016 10:15 AM
10 Karma
It seem Splunk is not passing all result fields from a base search to a post search. This could be for performance reasons. You can force the base search to pass required fields explicit to the post search by adding a fields statement. In your example: index=mail-security | transaction keepevicted=true icid mid | search policy_direction="inbound" | eval msec_default_threat_reason =coalesce(case(spam_verdict="positive","Spam Detected",av_verdict="positive","Virus Detected",content_filter="content filter","Stopped by Content Filter",invalid_recipient="rejected by SMTP Call-Ahead","Stopped as Invalid Recipients",msec_default_reputationfilter="REJECT SG BLACKLIST","Stopped by Reputation Filtering", vof_verdict="positive","outbreak"),"Clean Messages") | fields field1 field2 field3 ... View more

Re: Splunk Add-on for Check Point OPSEC LEA: After...

by Splunk Employee in All Apps and Add-ons
‎06-26-2016 02:36 AM
2 Karma
‎06-26-2016 02:36 AM
2 Karma
This should be fixed with the new Check Point TA 4.0.0: https://splunkbase.splunk.com/app/3197/ ... View more

Re: Does anyone know what the metric "active_searc...

by Splunk Employee in Splunk Search
‎03-25-2016 10:57 AM
3 Karma
‎03-25-2016 10:57 AM
3 Karma
Is the # of concurrent searches on that peer at the time the job was run. Yes, you can use this # to determine the search concurrency at a given point in time on each search peer. It is only one indicator for what is going on your systems. /alex ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from