×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
gozdeyildiz
New Member
Member since: ‎06-04-2019
‎06-05-2020
Community Statistics
Posts 8
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎06-04-2019
Activity Feed
View All

Re: How to Backup Config Files

by SplunkTrust in Installation
‎10-18-2022 01:23 PM
‎10-18-2022 01:23 PM
GitHub link should work. See previous message. ... View more

Re: How to change the behavior of button

by in Dashboards & Visualizations
‎03-26-2020 02:26 AM
‎03-26-2020 02:26 AM
https://splunkbase.splunk.com/app/1724/ how about this? ... View more

Re: Append and Update the CSV from a search output

by SplunkTrust in Getting Data In
‎03-23-2020 10:45 AM
‎03-23-2020 10:45 AM
CSV files must be updated in their entirety. The usual method is to read in the CSV, append the results of a search, deduplicate the results, and write them to the CSV. | inputlookup output.csv | append [ <your search> ] | dedup name | outputlookup outputs.csv ... View more

Re: Splunk Standalone Installation using Ansible

by in Installation
‎02-03-2020 07:04 AM
‎02-03-2020 07:04 AM
See the link below which has complete documentation for a full Splunk installation to localhost. https://splunk.github.io/splunk-ansible/EXAMPLES.html#provision-local-standalone ... View more

Re: How to search 5 min interval after summary ind...

by in Knowledge Management
‎12-06-2019 03:10 AM
‎12-06-2019 03:10 AM
Splunk can set the search period. Are you making summaries regularly? Isn't it the same to search for a summary 5 minutes ago after 5 minutes? ... View more

Re: Query Help

by SplunkTrust in Splunk Search
‎11-14-2019 05:53 AM
‎11-14-2019 05:53 AM
Hi @gozdeyildiz, please try something like this (if the field is called IP in every index: index=* [ search index=firewall name="malicious IP" | fields IP ] | ... If you cannot be sure that IP field has the same name in every index, you could try something like this: index=* [ search index=firewall name="malicious IP" | rename IP AS query | fields query ] | ... In both the searches check if the number of results of subsearch is more or less than 50,000, because there's this limit in subsearches. Ciao. Giuseppe ... View more

Re: How to compare IP and Username in Logs with Lo...

by SplunkTrust in Splunk Search
‎11-08-2019 05:35 AM
‎11-08-2019 05:35 AM
Hi gozdeyildiz, try something like this: index=my_index assigned_user=* | lookup my_lookup.csv src_ip AS assigned_ip OUTPUT username | search NOT assigned_user=username | dedup assigned_ip assigned_user | table assigned_ip assigned_user username Ciao. Giuseppe ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM