Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About bagarwal
bagarwal
Path Finder
Member since:
05-15-2016
06-05-2020
Community Statistics
| Posts | 53 |
| Solutions | 1 |
| Karma Given | 1 |
| Karma Received | 1 |
| Member Since | 05-15-2016 |
Activity Feed
- Got Karma for Re: How to send data from Splunk to "TheHive"(ticketing tool)?. 05-30-2022 10:13 PM
- Karma Re: Using lookup (.csv file) to filter events for somesoni2. 06-05-2020 12:48 AM
- Posted Re: Search results to get the fresh values not the old values on Splunk Search. 04-01-2018 09:50 PM
- Posted Re: Search results to get the fresh values not the old values on Splunk Search. 03-27-2018 04:25 AM
- Posted Search results to get the fresh values not the old values on Splunk Search. 03-26-2018 11:20 PM
- Tagged Search results to get the fresh values not the old values on Splunk Search. 03-26-2018 11:20 PM
- Posted Re: How to add a filter in the search to have a fieldvalue newer than a period of choice ? on Splunk Search. 03-26-2018 04:20 AM
- Posted How to add a filter in the search to have a fieldvalue newer than a period of choice ? on Splunk Search. 03-26-2018 03:59 AM
- Tagged How to add a filter in the search to have a fieldvalue newer than a period of choice ? on Splunk Search. 03-26-2018 03:59 AM
- Tagged How to add a filter in the search to have a fieldvalue newer than a period of choice ? on Splunk Search. 03-26-2018 03:59 AM
- Tagged How to add a filter in the search to have a fieldvalue newer than a period of choice ? on Splunk Search. 03-26-2018 03:59 AM
- Posted Re: Scheduled search in a dashboard on Splunk Search. 03-26-2018 03:50 AM
- Posted Scheduled search in a dashboard on Splunk Search. 03-25-2018 10:39 PM
- Tagged Scheduled search in a dashboard on Splunk Search. 03-25-2018 10:39 PM
- Tagged Scheduled search in a dashboard on Splunk Search. 03-25-2018 10:39 PM
- Posted Re: How to extract substring from a string on Splunk Search. 07-13-2017 09:38 PM
- Posted How to extract substring from a string on Splunk Search. 07-12-2017 09:32 PM
- Tagged How to extract substring from a string on Splunk Search. 07-12-2017 09:32 PM
- Posted Re: How to send data from Splunk to "TheHive"(ticketing tool)? on Getting Data In. 07-04-2017 11:28 PM
- Posted How to send data from Splunk to "TheHive"(ticketing tool)? on Getting Data In. 06-29-2017 11:15 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
04-01-2018
09:50 PM
Hi @skoelpin,
I tried , but didn't work the above one. However, your previous one helped to get the results
| where now()-strptime(LastUsedTime,"%Y-%m-%d %H:%M:%S")>86400*7
Thanks a lot for your help.
Binay
... View more
03-27-2018
04:25 AM
Hi @somesoni2,
Thank You for your help.
The data gets reflected once in every 24 hours. We are getting the latest data , however it has been designed such that we are getting old data also even if we remove the software.
e.g. if I had removed mozilla from my system yesterday, and I search the query for today; the result should not come. However, it is coming. Lastusedtime is showing as yesterday date only.
Need to search in such that it shall check LastUsedTime newer than a period of choice
I have used the one you suggested , however not got the desired result . Time format is same as mentioned.
| where now()-strptime(LastUsedTime,"%Y-%m-%d %H:%M:%S")>86400*7
Thanks for your help.
Binay Agarwal
... View more
03-26-2018
11:20 PM
Hi @everyone, @skoelpin,
Can you please help me in this.
I have firefox program installed in my system . Now , I am getting in my splunk event when I ran the query for what are the software I have installed in my system and this is expected.
Now, If I remove/uninstall firefox from my system and then search the splunk query , it still appears in the splunk event. There is a field in the event called LastUsedTime and the reason we are still seeing the events as the logs retention period is for 90 days.
Now, I want a fresh result of the search where application name ( firefox) shall not come if I uninstall the firefox from the system.
Can help me to add a filter in the search listing for events having LastUsedTime newer than a period of choice( 1 week, 1 month, etc) or any other workaround for this ?
Thanks again for your help.
Binay Agarwal
... View more
03-26-2018
04:20 AM
Hi @tiagofbmm,
Thanks for your information.
Just to clarify , I mean, supposed I have firefox program installed in my system . Now , I am getting in my splunk event when I ran the query and this is expected.
Now, If I remove/uninstall firefox from my system and then search the query , it still appears in the splunk event. The reason I told because of fieldname LastUsedTime and retention for 90 days.
Will your above answer help in this and what it refers to | rest /services/apps/local . Sorry, this is a new concept for me . So thought of asking.
Thanks again for your help.
Binay Agarwal
... View more
03-26-2018
03:59 AM
I am working in a search to filter events to get the application named installed in the system. However, if I remove the application or uninstall it still apears in the event.
There is a field called LastUsedTime and the reason is we are still seeing the events as the logs retention period is for 90 days.
Now, I want a fresh result of the search where application name shall not come if I uninstall the same application from the system.
Can anyone help me to add a filter in the search listing for events having LastUsedTime newer than a period of choice( 1 week, 1 month, etc) or any other workaround for this ?
It would be of great help.
Thanks in advance.
Binay Agarwal
... View more
03-25-2018
10:39 PM
Hello Everyone,
I have created a dashboard and wants the result for last 7 days; and want to schedule it and run every day , say at 9:30 pm . So, next morning when I open the dashboard it gives me the result immediately. I didn't find any option . For the report I know there are options. Is it something , we need to add cron schedule in xml file of the dashboard .
Kindly help.
Thanks in advance.
Best Regards,
Binay Agarwal
... View more
07-13-2017
09:38 PM
@niketnilay , Thanks a lot. I tried with Field Extraction and extracted successfully. This looks very simple now 🙂
... View more
07-12-2017
09:32 PM
Hi Everyone,
I have a string field that contains similar values as given below:
String = This is the string (generic:ggmail.com)(3245612)
= This is the string (generic:abcdexadsfsdf.cc)(1232143)
I want to extract only ggmail.com and abcdexadsfsdf.cc and remove strings before and after that.
Basically if you can notice I want string that comes inside ":" and ")" like :ggmail.com)
May need to use regex. If someone can help me out, Thanks in advance.
Regards,
Binay
... View more
07-04-2017
11:28 PM
1 Karma
Thanks for some valuable information.
To integrate I mean to send data from Splunk to hive and auto incident to be created when any alert triggers.
... View more
06-29-2017
11:15 PM
Hello Everyone,
I am working to integrate "TheHive" i.e. ticketing tool like Demisto with Splunk. I searched in SplunkBase but there is no app available for TheHive.
Can anyone please guide me how I can start with integration or steps need to follow.
Many thanks in advance.
Regards
Binay Agarwal
... View more
04-17-2017
01:56 AM
Hi oda,
Thanks for your response. I don't want to remove the fields that contain null values . I want to shrink the column width as it is filled with blank spaces ( screenshot attached in the main question) .
Thanks & Regards,
Binay Agarwal
... View more
04-17-2017
01:54 AM
Hi Nikentnilay,
Thanks for your response. I have attached the screenshot in the main question page. I would like to eliminiate the white space between the two columns . I ran the stats command to display result in tabular format and between columns there are white spaces that's of no use. So need to delete or shrink the column length.
Thanks & Regards,
Binay Agarwal
... View more
04-16-2017
10:22 PM
Hi Everyone,
I am creating a dashboard with multiple stats report. And I want to remove unwanted blank spaces that appears in the table. Is there any way to remove these blank spaces so can make the dashboard look even more better. Screenshot attached.
... View more
02-20-2017
08:58 AM
Thanks a lot. It works 🙂 🙂
... View more
