×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Fallingacorn
Engager
Member since: ‎06-21-2014
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 4
Karma Received 0
Member Since ‎06-21-2014
Activity Feed
View All

Re: What does user="-" mean?

by in Security
‎12-12-2014 02:18 AM
‎12-12-2014 02:18 AM
ok the solution is simple user is null because it contain splunk action that contain dash it mean contain user that are not specific in index=_internal actually you can see this hit on "sourcetype=splunk_web_access" and sourcetype=splunk_access" on index=_internal ... View more

Re: Show events that occur in particular order

by in Splunk Search
‎08-19-2014 04:05 PM
3 Karma
‎08-19-2014 04:05 PM
3 Karma
The join command can be used to combine the results of two searches - and to restrict the time-ordering. Usually I suggest that people try to combine searches and avoid join, since it can be slow. But for this situation, the join command might be helpful and easier than something like delta . This kind of search might do what you want... index=antivirus "malware event" | join host usetime=T earlier=F [ search index=proxy "blocked event" | stats count earliest(_time) as _time by host | where count > 100 ] ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma given to