×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
macd0170
New Member
Member since: ‎04-30-2019
‎08-31-2020
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎04-30-2019
View All

Re: Trend of latest value per user

by SplunkTrust in Splunk Search
‎08-31-2020 06:56 AM
‎08-31-2020 06:56 AM
Hi based on your examples (I just take some of lines and changed those little). index=_internal | head 1 | eval _raw ="time,src,ASA_Version, GP, User, dst, CT Aug 31 2020 12:10:37, x.x.x.x, %ASA-6-722055:, Group <Default>, User <user1>, IP <x.x.x.x>, Client Type: Cisco AnyConnect VPN Agent for Windows 4.x.x Aug 31 2020 12:10:36, x.x.x.x, %ASA-6-722055:, Group <Default>, User <user2>, IP <x.x.x.x>, Client Type: Cisco AnyConnect VPN Agent for Windows 4.x.x Aug 30 2020 12:10:27, x.x.x.x, %ASA-6-722055:, Group <Default>, User <user4>, IP <x.x.x.x>, Client Type: Cisco AnyConnect VPN Agent for Windows 4.y.y Aug 31 2020 12:10:14, x.x.x.x, %ASA-6-722055:, Group <Default>, User <user6>, IP <x.x.x.x>, Client Type: Cisco AnyConnect VPN Agent for Windows 4.y.y" | multikv forceheader=1 | rex field=CT "Windows (?<CT_Version>\d+\.\w+\.\w+)" | eval _time = strptime(time, "%b %d %Y %T") | rename COMMENT as "Above prepare sample, below creates result" | timechart span=1d count by CT_Version r. Ismo  ... View more

Re: Did not receive a session key from splunkd. P...

by in All Apps and Add-ons
‎08-08-2019 01:54 AM
‎08-08-2019 01:54 AM
hi @macd0170 try this if it helps. in default/inputs.conf add/replace one kv pair under each stanza as passAuth = user_with_admin_role ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎08-31-2020 09:04 AM