Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About shivi_tcs
shivi_tcs
Engager
Member since:
10-13-2016
06-05-2020
Community Statistics
| Posts | 6 |
| Solutions | 0 |
| Karma Given | 1 |
| Karma Received | 0 |
| Member Since | 10-13-2016 |
Activity Feed
- Karma Re: Using the REST API to install an app from a file for Damien_Dallimor. 06-05-2020 12:46 AM
- Posted Re: can we use field name for comparison in case statement? on Splunk Search. 08-10-2017 03:09 AM
- Posted can we use field name for comparison in case statement? on Splunk Search. 08-10-2017 01:16 AM
- Tagged can we use field name for comparison in case statement? on Splunk Search. 08-10-2017 01:16 AM
- Tagged can we use field name for comparison in case statement? on Splunk Search. 08-10-2017 01:16 AM
- Posted Re: How to remove Double quotes from a ip field values? on Splunk Dev. 06-06-2017 12:36 AM
- Posted How to remove Double quotes from a ip field values? on Splunk Dev. 06-05-2017 02:54 AM
- Tagged How to remove Double quotes from a ip field values? on Splunk Dev. 06-05-2017 02:54 AM
- Tagged How to remove Double quotes from a ip field values? on Splunk Dev. 06-05-2017 02:54 AM
- Tagged How to remove Double quotes from a ip field values? on Splunk Dev. 06-05-2017 02:54 AM
- Tagged How to remove Double quotes from a ip field values? on Splunk Dev. 06-05-2017 02:54 AM
- Posted Re: Sub search works well in one case but yields no result when sourcetypes are interchanges using join command. on Getting Data In. 04-06-2017 06:16 AM
- Posted Sub search works well in one case but yields no result when sourcetypes are interchanges using join command. on Getting Data In. 04-06-2017 12:52 AM
- Tagged Sub search works well in one case but yields no result when sourcetypes are interchanges using join command. on Getting Data In. 04-06-2017 12:52 AM
- Tagged Sub search works well in one case but yields no result when sourcetypes are interchanges using join command. on Getting Data In. 04-06-2017 12:52 AM
- Tagged Sub search works well in one case but yields no result when sourcetypes are interchanges using join command. on Getting Data In. 04-06-2017 12:52 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
08-10-2017
03:09 AM
Hi,
Thanks for replying.
I got a part of solution from your answer!
... View more
08-10-2017
01:16 AM
Hi Splunkers!
I am try to evaluate few things by using query below-
index=* sourcetype=* | stats values(OPEN_INT) as int by
OPTION_TYP STRIKE_PR | appendcols [|search index=* sourcetype=*
OPTION_TYP=XX | eval a1=CLOSE-(CLOSE*75)/10000|eval a2=CLOSE+(CLOSE*75)/10000|
eval i2=CLOSE-(CLOSE*25)/1000 | eval o2=CLOSE+(CLOSE*25)/1000 |table a1 a2 i2 o2 CLOSE]|
eval ty=case(STRIKE_PR>=9839.46 AND STRIKE_PR<10016,"IN",STRIKE_PR>=10016 AND STRIKE_PR<10167,"AT"
,STRIKE_PR>=10167 AND STRIKE_PR<=10344,"OUT",1==1, NULL) | search ty!=NULL |
I need to use the values of fields a1 a2 i2 o2 in the case statement written above, such that my statement appears like-
eval ty=case(STRIKE_PR>=i2 AND STRIKE_PR=a1 AND STRIKE_PR=a2AND STRIKE_PR<=o2,"OUT",1==1, NULL) | search ty!=NULL |
But splunk doesn't give me any results when i use fields name instead of the numeric value.
Can someone figure out what the problem is?
... View more
06-06-2017
12:36 AM
thanks for the answer. It works well
... View more
06-05-2017
02:54 AM
Hello All,
I have a field named src which contains IP's but with double quotes around them.
I want to remove the double quotes from these values.
Example
extracted value src="10.23.25.23"
needed value src=10.23.25.23
... View more
04-06-2017
06:16 AM
hi,
yes,it is a typo.
and those are not actual source types but just a means of representation for sourcetypes.
... View more
04-06-2017
12:52 AM
I am trying to join two different sourcetypes on IP address to detect traffic to malicious IP's .
The two sources are -Firewall Logs and Threat Intelligence logs (Malicious IP list).
The query runs fine when I make firewall logs as a sub search and the threat logs as the main search using join command.(i.e. Query A).Using this I am able to get the list for malicious IP's in firewall logs.
But vice versa does not gives any result (i.e. Query B)
(A)-Query Running successfully-
sourcetype="threat_logs" | fields ip_address country | join ip_address type=inner [ search sourcetype="firewalllogs"| fields ip_address Action] | table ip_address Action country | dedup ip_address
(B)Query with No results-
sourcetype="firewalllogs" | fields ip_address Action | join ip_address type=inner [ search sourcetype="threat_logs"| fields ip_address country ] | table ip_address Action country | dedup ip_address
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
