cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
jcrochon
Explorer
Member since: ‎08-13-2013
‎06-05-2020
Community Statistics
Posts 13
Solutions 0
Karma Given 6
Karma Received 0
Member Since ‎08-13-2013
Activity Feed
View All

Re: How to define a constant variable for internal...

by in Splunk Search
‎08-09-2018 09:59 AM
‎08-09-2018 09:59 AM
Thanks again for all the help. ... View more

How to send an IP and MAC address to a router filt...

by in Getting Data In
‎07-30-2018 05:37 PM
‎07-30-2018 05:37 PM
I’m moving from custom software that writes a snort alert to a file that would filter the device on a router. I’m not sure where to start but I’m hoping that there is a command line like “sendalert /var/log/$mac-$ip-filter.log” that will be processed upstream to the router by a cron job. I would also like that a right-click on a Splunk search output to extract the same data and write to the file. ... View more

Re: How to search for Top 2-way communicators usin...

by in Splunk Search
‎07-24-2018 01:41 PM
‎07-24-2018 01:41 PM
Added better stats (single src to multiple dest): source="/var/log/alerts.log" [ search source="/var/log/alerts.log" dest_ip="192.168.*") | top src_ip,dest_ip | table dest_ip | rename dest_ip as src_ip ] | stats values(dest_ip),values(name),count(name) by src_ip | sort - count(name) ... View more

Re: Show all buckets of _time in visualization inc...

by SplunkTrust in Getting Data In
‎09-05-2017 03:55 PM
1 Karma
‎09-05-2017 03:55 PM
1 Karma
Try this - host="[redacted]" src_port=* | bucket _time span=1h | stats count as mycount by _time | appendpipe [| stats min(_time) as mintime max(_time) as maxtime | eval maxtime=maxtime+1 | eval mytime=mvrange(mintime, maxtime,3600) | mvexpand mytime | eval _time=mytime | eval mycount=0 | table _time mycount ] | stats sum(mycount) as mycount by _time | eval _time=strftime(_time, "%Y-%m-%d %H:%M") ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma given to
View All