Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About williamsmew
williamsmew
New Member
Member since:
05-11-2019
06-05-2020
Community Statistics
| Posts | 7 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 05-11-2019 |
Activity Feed
- Posted lookup table trouble on Splunk Enterprise Security. 11-02-2019 03:32 PM
- Tagged lookup table trouble on Splunk Enterprise Security. 11-02-2019 03:32 PM
- Tagged lookup table trouble on Splunk Enterprise Security. 11-02-2019 03:32 PM
- Tagged lookup table trouble on Splunk Enterprise Security. 11-02-2019 03:32 PM
- Posted Login dashboard thats too complex for me on Dashboards & Visualizations. 07-08-2019 02:52 PM
- Tagged Login dashboard thats too complex for me on Dashboards & Visualizations. 07-08-2019 02:52 PM
- Tagged Login dashboard thats too complex for me on Dashboards & Visualizations. 07-08-2019 02:52 PM
- Posted Re: Using a different value for _time on Splunk Search. 05-11-2019 05:15 PM
- Posted Re: Using a different value for _time on Splunk Search. 05-11-2019 04:53 PM
- Posted Re: Using a different value for _time on Splunk Search. 05-11-2019 03:48 PM
- Posted Re: Using a different value for _time on Splunk Search. 05-11-2019 03:34 PM
- Posted Using a different value for _time on Splunk Search. 05-11-2019 11:01 AM
- Tagged Using a different value for _time on Splunk Search. 05-11-2019 11:01 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
11-02-2019
03:32 PM
I cant figure this out. I cant get my query to check a lookup to verify if the identified recipient from the phish logs is in the useremail field.
Still struggling with splunk, thanks for the help.
... View more
07-08-2019
02:52 PM
I need to create a search string that shows the first interactive logon of the specified account and then the final logoff of the day for the same account. This is beyond me, ANY help is appreciated.
I am positive this is going to expand into a dashboard request showing all users in the office.
I probably have the wrong tags on it, no idea where this should go.
... View more
05-11-2019
04:53 PM
Yup, finally found that under Date and time variables. What perplexes me is why eval _time = strptime(detected_timestamp, "%Y-%m-%d %H:%M:%S.%N") does not work since it seems to be the the same as the F T N
... View more
05-11-2019
03:34 PM
Thanks for the response
Im confused where the "%F %T.%N" is from and how %H and %w is extracted, from what I can find I was using "%Y-%m-%d %H:%M:%S.%1n"
I dont have much in the way of resources to pull from here, these forums will be about it, so thank you.
... View more
05-11-2019
11:01 AM
index=av sourcetype=BobsCutRateAV category="BadStuffHappening"
| eval date_hour=strftime(_time, "%H")
| eval date_wday = strftime(_time, "%w")
| search (date_hour>18 OR date_hour<6) OR (date_wday=0 OR date_wday=6)
| timechart count
This works. The problem is that _time reflects when the event is reported not when it was detected. The field I need is detected_timestamp which is formatted as detected_timestamp="2019-04-11 02:31:52.0"
I did not create this but have been tasked with modifying it. I have looked at documentation and the many things I have tried do not work. Your help is appreciated.
... View more
- Tags:
- _time
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
