Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About kmasood
kmasood
Explorer
Member since:
09-30-2013
06-05-2020
Community Statistics
| Posts | 7 |
| Solutions | 0 |
| Karma Given | 3 |
| Karma Received | 0 |
| Member Since | 09-30-2013 |
Activity Feed
- Karma Re: Stats to Display Counts of FQDNs and IP addresses in Same Column for lguinn2. 06-05-2020 12:47 AM
- Karma Re: Stats to Display Counts of FQDNs and IP addresses in Same Column for somesoni2. 06-05-2020 12:47 AM
- Karma Re: Stats to Display Counts of FQDNs and IP addresses in Same Column for somesoni2. 06-05-2020 12:47 AM
- Posted Re: How to set up an alert to send an email with the output of another search? on Splunk Search. 11-06-2014 10:13 AM
- Posted How to set up an alert to send an email with the output of another search? on Splunk Search. 11-06-2014 08:48 AM
- Tagged How to set up an alert to send an email with the output of another search? on Splunk Search. 11-06-2014 08:48 AM
- Tagged How to set up an alert to send an email with the output of another search? on Splunk Search. 11-06-2014 08:48 AM
- Tagged How to set up an alert to send an email with the output of another search? on Splunk Search. 11-06-2014 08:48 AM
- Tagged How to set up an alert to send an email with the output of another search? on Splunk Search. 11-06-2014 08:48 AM
- Tagged How to set up an alert to send an email with the output of another search? on Splunk Search. 11-06-2014 08:48 AM
- Posted Re: Stats to Display Counts of FQDNs and IP addresses in Same Column on Splunk Search. 10-15-2014 07:47 AM
- Posted Re: Stats to Display Counts of FQDNs and IP addresses in Same Column on Splunk Search. 10-10-2014 01:49 PM
- Posted Re: Stats to Display Counts of FQDNs and IP addresses in Same Column on Splunk Search. 10-10-2014 01:49 PM
- Posted Stats to Display Counts of FQDNs and IP addresses in Same Column on Splunk Search. 10-10-2014 09:00 AM
- Tagged Stats to Display Counts of FQDNs and IP addresses in Same Column on Splunk Search. 10-10-2014 09:00 AM
- Tagged Stats to Display Counts of FQDNs and IP addresses in Same Column on Splunk Search. 10-10-2014 09:00 AM
- Tagged Stats to Display Counts of FQDNs and IP addresses in Same Column on Splunk Search. 10-10-2014 09:00 AM
- Tagged Stats to Display Counts of FQDNs and IP addresses in Same Column on Splunk Search. 10-10-2014 09:00 AM
- Posted Cascading Form Input and Lookups for Conditional Populating of Dashboard Panels on Getting Data In. 03-03-2014 02:29 PM
- Tagged Cascading Form Input and Lookups for Conditional Populating of Dashboard Panels on Getting Data In. 03-03-2014 02:29 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
11-06-2014
10:13 AM
That looks great, could you add a little bit of explanation of how this uses the map command? I'm not sure I understand "Looping operator, performs a search over each search result." from the docs.
... View more
11-06-2014
08:48 AM
I have an alert that sends emails when process count goes above a certain level. When these conditions are met, I would like Splunk to send an email with the output of another search command. For e.g.,
Alert search (already works):
index="os" host="host1*" sourcetype="top" COMMAND="httpd" | stats count
Follow-up search (run if previous alert's conditions are met):
index="apps" host="host1*" sourcetype="access*" | stats count(uri) by clientip,uri
How does one configure such (cascading?) alerts?
... View more
10-15-2014
07:47 AM
See the external fields lookup example (http://docs.splunk.com/Documentation/Splunk/6.1.3/Knowledge/Addfieldsfromexternaldatasources#External_fields_lookup_example): -- that ships with Splunk Enterprise
... View more
10-10-2014
01:49 PM
Thank you, just what I was looking for.
... View more
10-10-2014
01:49 PM
Thanks for dropping in, lguinn beat you by 3 mins (-:
... View more
10-10-2014
09:00 AM
Hello,
I have this query, which takes an ip address, returns FQDN and count columns:
base search | `ip2fqdn(ip)` | stats count by FQDN
However, there are some ip addresses that do not resolve to FQDNs, and those show up as "No Reverse Lookup". How do I get the ip addresses to appear for those entries in the above query? The result would look like:
FQDN (or IP) Count
www.domain.tld 100
10.1.2.3 75
10.1.2.4 70
example.domain.tld 66
I've looked at coalesce and hoping to avoid doing
base search | `ip2fqdn(ip)` | stats count by FQDN,ip
Update
Using this query, I've been been able to get what I need:
base search | `ip2fqdn(ip)`
| eval myfield=FQDN." ".ip
| rex mode=sed field=myfield "s/No Reverse Lookup//g"
| eval myfield=replace(myfield,"(\w+) \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}","\1")
| stats count by myfield
Is there a more efficient way of doing this?
... View more
03-03-2014
02:29 PM
Hello,
I have a 4 rows x 2 cols dashboard layout for various app platforms; each platform consists of two servers. The left column has panels for data from "Server1" and right column from "Server2."
Instead of creating 4 dashboards for each app platform, I'm looking to consolidate into one "view."
Ideally, it would function like this: Select from a drop down of apps. If app selected = HelloWorld, then the left column renders data for HelloWorldServer1, and right column for HelloWorldServer2; if app = GoodBye, then left column renders data from GoodByeServer1, right from GoodByeServer2. In some cases, the server names don't follow this neat pattern.
I think "Cascading Form Input Element" example Dashboard, and Lookups are the way to go, but I'm missing the glue to put them together … or they're not the right tools here. Any ideas?
Splunk 6.
... View more
- Tags:
- dashboards
- inputs
