Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About nmohammed
nmohammed
Contributor
Member since:
03-02-2015
12-06-2021
Community Statistics
| Posts | 133 |
| Solutions | 10 |
| Karma Given | 1 |
| Karma Received | 20 |
| Member Since | 03-02-2015 |
Activity Feed
- Got Karma for Re: extract all "cause by". 01-08-2022 10:51 PM
- Got Karma for Re: How to display limited results from a field. 11-04-2021 12:39 PM
- Got Karma for Re: How to display limited results from a field. 11-04-2021 12:39 PM
- Got Karma for Re: How to display limited results from a field. 11-04-2021 12:39 PM
- Posted Re: Extracting Account Name: on Splunk Search. 10-28-2021 04:50 PM
- Got Karma for Re: How to split the call based on TimeTaken. 10-26-2021 07:40 PM
- Karma Re: find related events for bowesmana. 10-26-2021 04:48 PM
- Posted Re: How to split the call based on TimeTaken on Splunk Search. 10-26-2021 04:47 PM
- Posted Re: extract all "cause by" on Splunk Search. 10-26-2021 04:37 PM
- Posted Re: use lookup file inside if statement on Splunk Search. 10-26-2021 02:03 PM
- Posted Re: help to write the request correctly on Splunk Search. 10-21-2021 01:47 PM
- Got Karma for Re: Monitoring sources - better way?. 10-21-2021 01:16 PM
- Posted Re: Monitoring sources - better way? on Splunk Search. 10-21-2021 01:14 PM
- Posted Re: forwarder disk space issue on Getting Data In. 10-21-2021 12:54 PM
- Posted Re: using wild card in a lookup column? on Knowledge Management. 10-21-2021 12:47 PM
- Posted Re: How to display limited results from a field on Splunk Search. 10-21-2021 12:37 PM
- Posted Re: How to display limited results from a field on Splunk Search. 10-21-2021 10:01 AM
- Got Karma for Re: Write a request. 10-20-2021 07:32 PM
- Posted Re: Write a request on Splunk Search. 10-20-2021 05:35 PM
- Posted Re: Write a request on Splunk Search. 10-20-2021 04:46 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
10-28-2021
04:50 PM
Try this - "Account\sName:\s(?P<account_name>.+)\sAccount Domain"
... View more
10-26-2021
04:47 PM
1 Karma
index=star env=prod |
chart count(eval(time <100)) AS "<100ms", count(eval(time >100 AND time <200)) AS "<200ms", count(eval(time >200 AND time <300)) AS "<300ms"
| stats count by time try that query and select pie chart under visualizations.
... View more
10-26-2021
04:37 PM
1 Karma
Can you share the exception with multiple Caused by : ? meanwhile, you can try this - base search
| rex field=_raw "Caused by:\s*(?P<exception_cause>.*)"
... View more
10-26-2021
02:03 PM
@Sharzi try this to return records where DB is NOT "unknown" base_search [ inputlookup myLookup | fields TenantName, tenantId | where tenantId!="Unknown" AND TenantName=TenantName] | lookup myLookup tenantId TenantName output TenantName, tenantId, Region, DB |
| table _time TenantName tenantId Region Status DB updated reply to correct spellings and missing fields
... View more
10-21-2021
01:47 PM
@gitingua can you share your search query that you're trying for this result ?
... View more
10-21-2021
01:14 PM
1 Karma
you could probably do the lookups at the end of the tstats search & all transforms | tstats ...
| search [| inputlookup field1 lookup1.csv | ... ] | search [| inputlookup lookup2.csv | ... ]
... View more
10-21-2021
12:54 PM
@Susha Is your forwarder sending disk space data and are you able to see any data in index=os ? breakdown the search query into individual parts and check index=os sourcetype=df host=de1secsplfwd002.dc-r.security.vodafone.com index=os sourcetype=df host=de1secsplfwd002.dc-r.security.vodafone.com
| strcat host '@' Filesystem Host_FileSystem
... View more
10-21-2021
12:47 PM
@pavanae can you share your search query ? But you should be able to search the host like following - | inputlookup answers-571895.csv
| where Host="*"
... View more
10-21-2021
12:37 PM
1 Karma
It should work, I tried it out with csv file you shared. It can either be permissions (but you're able to see contents of lookup using inputlookup). Check the fieldnames (case-sensitive) & also spell-check Try another way (replace with your filename) - | inputlookup answers-571716.csv
| where failcode="g-ab" OR failcode="c-cd" OR failcode="d-dd"
... View more
10-21-2021
10:01 AM
1 Karma
are you able to see the contents of the lookup file created ? run the following command | inputlookup myfile.csv
... View more
10-20-2021
05:35 PM
1 Karma
file1.csv -- > csv based lookup file2.csv --> cidr based lookup (I've renamed "IP Address" field to ip_address) Add a new lookup definition, name it "file2" and select file2.csv Check on advanced options. In "Match type" type in "CIDR(ip_address)" . | inputlookup file1.csv
| fields src_ip, username
| lookup file2 "ip_address" as src_ip output ASN, Other
... View more
10-20-2021
04:46 PM
Hi @gitingua try this out, assuming you've these files uploaded as lookups | inputlookup file1.csv
| appendcols
[inputlookup file2.csv
| fields ASN,Other ]
| table username,src_ip,ASN,Other
... View more
10-20-2021
04:10 PM
1 Karma
@MikeB inputlookup can be used to fetch results. | inputlookup myfile.csv
| where failcode IN ("g-ab", "c-cd", "d-dd")
... View more
10-20-2021
04:07 PM
@GRC Sample log events data will help to work further on your request.
... View more
10-19-2021
07:01 PM
@LIP can you share sample events and the search you're trying to run ?
... View more
10-13-2021
03:43 PM
Thanks @isoutamo But how do I search logs related the frozen buckets or purged data?
... View more
10-12-2021
02:59 PM
We know the amount of data ingested daily from the Splunk internal logs and the License dashboard, but we're trying to find if there's a way to find the amount of data purged on daily based on the our data retention policy. Appreciate any help on this.
... View more
10-02-2019
01:32 PM
hi @MuS,
This is great. can this app be used on Search Head cluster without causing any issues ?
Thanks
... View more
08-21-2019
02:19 PM
hi @lyndac
I am in exact similar situation ? were you able to identify and make it working successfully with batch input. Just want to make sure, the file is completely indexed before deletion and newer files keep getting created in the directory with application requests, so they need to be monitored, forwarded and deleted.
Thanks
... View more
08-16-2019
12:26 AM
Thanks. does Splunk Stream pull DNS analytics log data ? if so, how can it be done ? do we need to install the Splunk stream on all the DNS servers?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
12-06-2021
07:04 PM
|
