Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About VijaySrrie
VijaySrrie
Builder
Member since:
02-22-2019
Saturday
Community Statistics
| Posts | 246 |
| Solutions | 11 |
| Karma Given | 64 |
| Karma Received | 10 |
| Member Since | 02-22-2019 |
Activity Feed
- Posted How to integrate proficio with splunk? on Getting Data In. 2 weeks ago
- Karma Re: Splunk capacity planning for isoutamo. 08-23-2023 11:04 PM
- Posted Splunk capacity planning: How much license, search heads, and indexers are required? on Splunk Cloud Platform. 08-22-2023 05:39 PM
- Karma Re: Duplicate data (_raw) for PickleRick. 08-20-2023 07:46 PM
- Karma Re: Duplicate data (_raw) for ITWhisperer. 08-20-2023 07:46 PM
- Karma Re: Duplicate data (_raw) for gcusello. 08-20-2023 07:45 PM
- Posted Why am I seeing Duplicate data (_raw)? on Getting Data In. 08-16-2023 11:04 PM
- Posted Re: Is there an option to see the working of Fish Bucket in Real time? on Getting Data In. 08-01-2023 07:13 PM
- Posted How to find the noise in crowdstrike falcon logs? on Getting Data In. 08-01-2023 07:10 PM
- Karma Re: Need calculated field in props.conf for gcusello. 08-01-2023 07:10 PM
- Posted Is there an option to see the working of Fish Bucket in Real time? on Getting Data In. 04-20-2023 12:24 AM
- Posted How do I calculate field in props.conf? on Knowledge Management. 03-01-2023 03:00 AM
- Posted Re: alert query with join or append? on Splunk Search. 02-26-2023 04:22 AM
- Posted Re: alert query with join or append? on Splunk Search. 02-26-2023 04:21 AM
- Karma Re: Matching fields from different indices to return another field for richgalloway. 02-26-2023 04:20 AM
- Karma Re: Issue with rex regular expression repeating charatacer matching for ITWhisperer. 02-26-2023 04:07 AM
- Posted Re: Splunk Syslog on Monitoring Splunk. 02-26-2023 04:02 AM
- Posted Help with alert search with join or append? on Splunk Search. 02-26-2023 03:59 AM
- Posted Re: Need alert query on Alerting. 02-18-2023 10:43 PM
- Posted How to write a condition for this? on Alerting. 02-16-2023 09:48 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
2 weeks ago
08-22-2023
05:39 PM
Hi,
Working on splunk capacity planning
1. splunk is in cloud
2. 100GB of data
3. 10 users
4. No use of splunk enterprise security
How much license would be required? No. of indexers? search heads?
Is there any site where I can get the exact details?
... View more
- Tags:
- splunk search
Labels
- Labels:
-
Analytics Workspace
-
configuration
08-16-2023
11:04 PM
Hi,
I could see duplicate data in splunk by using below query
index="indexname" | stats count by _raw | where count >1
I checked 10 different indexes out of which 8 indexes are having duplicate logs
... View more
Labels
- Labels:
-
universal forwarder
08-01-2023
07:13 PM
I wanted to show an example to my junior in practical setup
... View more
08-01-2023
07:10 PM
Hi All,
How to find unwanted logs (noise) in crowdStrike Falcon logs? Do you know the details that can be filtered in crowdstrike falcon logs?
... View more
- Tags:
- splunk-search
Labels
- Labels:
-
source
04-20-2023
12:24 AM
Hi All,
Is there an option to see the working of Fish bucket in real time?
Switching off the server? can we test it?
If yes, please let me know how to do it in test server.
... View more
- Tags:
- Fish Bucket
Labels
- Labels:
-
monitor
03-01-2023
03:00 AM
Hi
I have extracted a field username and it has domain and user username= "google\\john" username="googleuser" username = "admin" I need calculated to be created in props.conf where google should go to domain and john should go to user field
This domain field will be there only in certain logs So whatever is there before "\\" should be considered as domain and after "\\" is user In some cases domain wont be there, for those cases username to be tagged to user field All this should happeb at backend props.conf
domain = google user= john user = googleuser user = admin
... View more
- Tags:
- fields
Labels
- Labels:
-
calculated field
-
field extraction
02-26-2023
04:22 AM
Hi @ITWhisperer , Thanks for the reply, I have pasted the answer that worked for me.
... View more
02-26-2023
04:21 AM
This answer worked for me https://community.splunk.com/t5/Splunk-Search/Matching-fields-from-different-indices-to-return-another-field/m-p/470361
... View more
02-26-2023
03:59 AM
index=cat
Name
Place
ID
jack
delhi
1
jill
melbourne
2
index=dog
Country
number
Australia
2
India
1
ID field in cat and number field in dog are same, I need below output
Name
Place
ID
Country
jack
delhi
1
India
jill
melbourne
2
Australia
... View more
02-18-2023
10:43 PM
Hi @bowesmana The query which you shared works fine. I am bit confused about the timing This query should run 60 mins once. cron_schedule = 01 * * * * dispatch.earliest_time = -60m dispatch.latest_time = now May I know the correct earliest and latest time?
... View more
- Tags:
- alert
02-16-2023
09:48 PM
Hi Team,
We have a field called Status=Start and Status=Success OrderId is one field
When orderId has the Status=start and if there is no Status=Success for 10 mins it should be considered as failure May i know how to write a condition for this?
... View more
Labels
- Labels:
-
alert action
-
alert condition
11-24-2022
06:15 PM
Hi All,
I have encrypted the user field with sha256 index=abc sourcetype=xyz | eval domain = sha256(User) | table domain I am able to see encrypted values under domain field
Is there a splunk command to decrypt it?
... View more
- Tags:
- decryption
Labels
- Labels:
-
encryption
11-24-2022
06:04 PM
@gcusello Below config worked Props [host::LIANS*] TRANSFORMS-change_index_abc_secure = change_index_abc_secure Transforms.conf [change_index_abc_secure] SOURCE_KEY = _MetaData:Index REGEX = os|os_secure DEST_KEY = _MetaData:Index FORMAT = abc_secure
... View more
11-06-2022
11:02 PM
Hi @gcusello This isn't working Not sure where am I going wrong
... View more
11-03-2022
04:44 PM
Hi @gcusello Yes, this is fine, also I want the logs only from the hostname LIANS* Will the below props and transforms work? props.conf [host=LIANS*] TRANSFORMS-change_index_abc_secure = change_index_abc_secure transforms.conf [change_index_abc_secure] SOURCE_KEY = MetaData:Index REGEX = os|os_secure DEST_KEY = MetaData:Index FORMAT = index::abc_secure
... View more
11-01-2022
04:52 PM
Hi Team,
[host::1.(xx|xx).xx.xx(x|y)] TRANSFORMS-change_index_abc_secure = change_index_abc_secure
[change_index_abc_secure] SOURCE_KEY = MetaData:Index REGEX = os, os_secure DEST_KEY = MetaData:Index FORMAT = index::abc_secure
I need to route the logs from certain host to index=abc_secure (not all the logs only os and os_secure logs)
... View more
Labels
- Labels:
-
transforms.conf
09-04-2022
06:30 PM
what happens when move_policy setting is not given in the batch config?
... View more
09-01-2022
07:12 AM
Hi All,
What is the use of
move_policy = sinkhole
and on which scenario we will use batch (Batch will index the file and delete but in which application or server this should be used?)
... View more
Labels
- Labels:
-
configuration
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
Saturday
|
Karma given to
