Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About bapun18
bapun18
Communicator
Member since:
09-04-2019
a week ago
Community Statistics
| Posts | 55 |
| Solutions | 2 |
| Karma Given | 16 |
| Karma Received | 3 |
| Member Since | 09-04-2019 |
Activity Feed
- Karma Re: I want to specify a field which contains time as earliest and another field as latest so that my spl will be execute for gcusello. a week ago
- Karma Re: I want to specify a field which contains time as earliest and another field as latest so that my spl will be execute for gcusello. a month ago
- Karma Re: Want to live track of splunk license usage for gcusello. 04-18-2022 10:23 PM
- Posted I want to specify a field which contains time as earliest and another field as latest so that my spl will be executed.. on Splunk Search. 04-18-2022 10:22 PM
- Posted How to live track of Splunk license usage? on Reporting. 04-17-2022 11:51 PM
- Tagged How to live track of Splunk license usage? on Reporting. 04-17-2022 11:51 PM
- Posted Re: Why in my ingest_time lookup - field does not show up? on Getting Data In. 04-04-2022 12:05 AM
- Posted Re: Unable to change last name on #Random. 04-01-2022 12:03 AM
- Posted Re: Unable to edit my First name and Last name on Splunk Community on #Random. 03-18-2022 01:11 PM
- Karma Re: Unable to edit my First name and Last name on Splunk Community for yeasuh. 03-18-2022 01:05 PM
- Posted Re: Unable to edit my First name and Last name on Splunk Community on #Random. 03-17-2022 10:47 AM
- Posted Re: Unable to edit my First name and Last name on Splunk Community on #Random. 03-17-2022 07:32 AM
- Karma Re: Unable to edit my First name and Last name on Splunk Community for yeasuh. 03-17-2022 07:32 AM
- Posted Unable to edit my First name and Last name on Splunk Community on #Random. 03-16-2022 08:50 AM
- Posted Re: How to break one event to multiple events using my univarsal forwarder props.conf? on Getting Data In. 03-14-2022 01:45 PM
- Posted Re: How can I move that dashboard studio screen to another server? on Splunk Enterprise. 03-14-2022 12:13 PM
- Got Karma for Re: How can I move that dashboard studio screen to another server?. 03-11-2022 10:28 PM
- Got Karma for Re: dashboard. 03-11-2022 10:27 PM
- Posted Re: How can I move that dashboard studio screen to another server? on Splunk Enterprise. 03-11-2022 09:34 AM
- Posted Re: dashboard on Splunk Enterprise. 03-11-2022 05:14 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
04-18-2022
10:22 PM
I want to specify a field that contains time as earliest and another field as latest so that my spl will be executed with the earliest value of the earliest value of fileld1 and latest value as the latest value of the filed 2. Example, index=abcd |table starttimeUTC endtimeutc in the above search should run as earliest=<earlier value of tarttimeUTC> and latest=<latest value of endtimeutc>
... View more
04-17-2022
11:51 PM
I want to live track of the license usage not from the rollover summary, I want host, current license usage, and index name.
... View more
Labels
- Labels:
-
other
04-04-2022
12:05 AM
Check the permissions of the lookup, if you have read permissions to the lookup, also check if this lookup has permission to view across apps.
... View more
04-01-2022
12:03 AM
Hi, I just have changed my name with the help of Splunk support, please use the below link and connect via call and please accept the solution if it works for you. https://www.splunk.com/en_us/about-splunk/contact-us.html?_ga=2.232470300.2051068157.1647262082-402400057.1646165770&_gl=1*1k3l66*_ga*NDAyNDAwMDU3LjE2NDYxNjU3NzA.*_gid*MjA1MTA2ODE1Ny4xNjQ3MjYyMDgy#customer-support
... View more
03-18-2022
01:11 PM
Thanks a lot yeasuh, I have already checked my account in splunk.com, there it's mentioned as Ajitabh Mohanty but not sure where is it synced from. I will definitely check with the support, thanks again for sharing the link.
... View more
03-17-2022
07:32 AM
Hi Yeasuh, Thanks a lot for your response after changing the name it's showing for some hours and after sometime it changes again after some time 😞 . Please help !!
... View more
03-16-2022
08:50 AM
Unable to edit my First name and Last name on Splunk Community, Not sure How but my name is showing as Abhsekh Dandpat in Splunk Community, I have tried to update the personal information settings more than 100 times and am unable to edit it..for some time it's stored as my updated name and after some time again it's automatically changing to Abhisekh Dandpat
... View more
03-14-2022
01:45 PM
Issue resolved I have to change the JSON output data with removing of {
... View more
03-14-2022
12:13 PM
Hi, Check the path of the image in the dashboard XML, eg- /static/app/abcd/images/abc.png , Go to your CLI and inside the search head app directory get the image out and put it on the same server where you wanted to move the image file. One more way is to find the name of the image from XML and login to the CLI and run"locate <image Nmae>" it will show the image location where it's available, you can use WinSCP to move the image from cli to your local pc and put where ever you want. Please accept the answer if you find this helpful.
... View more
03-11-2022
09:34 AM
1 Karma
Background image can be only moved if you have access to CLI
... View more
03-11-2022
05:14 AM
1 Karma
There are several ways of doing it, 1. Edit your Dashboard go to Source copy your XML file and then go to the server where you wanted to put the dashboard in, go to search, search anything like index=_internal save it as dashboard and then edit the new dashboard and go to the source of the new dashboard and paste the XML. 2. If You have CLI access, go to the app in search head where the dashboard is part of and go to views then find your view/Dashboard name and copy it to the same location where you wanted to create the dashboard. Hope you want to print the dashboard from one search head to another, if not if you want to print it to any other application use API call.
... View more
03-10-2022
11:05 AM
Yeah I have tried but seems not working, still need more help
... View more
03-10-2022
08:35 AM
{"_links":{"prev":"","self":"/api/v1.1/instances?start=0\u0026limit=100\u0026date_from=2022-03-10T03:57:46.147806Z","next":""},"results":[{"id":"abcd","definition_id":"ajgjgjkgkukugkugu","root_workflow_id":"01VJBI2DTI9VO5k9CTCyLMa8C6wmwMBAMik","schema_id":"khkhllijj","version":"1.0.0","name":"Initialize Case","type":"generic.workflow","base_type":"workflow","properties":{"atomic":{"is_atomic":false},"delete_workflow_instance":false,"description":"Run XDR new alert event workflow.\nValidate, Enrich, Template, Reputation, Past Tickets, Aggregate","display_name":"Initialize Case","runtime_user":{"target_default":true},"target":{"execute_on_target_group":true,"target_group":{"run_on_all_targets":false,"selected_target_types":["01JYJ0OOD9O7P2lkhNF1LsJrTonSOcI3AXu"],"target_group_id":"01UTUCNGTOL5553AD59jsiGR7eeOJYLuiPk","use_criteria":{"choose_target_using_algorithm":"choose_first_with_matching_criteria","conditions":[{"left_operand":"$targetgroup.01UTUCNGTOL5553AD59jsiGR7eeOJYLuiPk.common.display_name$","operator":"eqi","right_operand":"Splunk_Target"}]}}}},"status":{"state":"success","prev_state":"running"},"started_by":"akm+klooperate@abc.com","started_on":"2022-03-10T15:05:02.8Z","ended_on":"2022-03-10T15:05:42.517Z","created_on":"2022-03-10T15:05:02.614Z","created_by":"akm+klooperate@abc.com","updated_on":"2022-03-10T15:05:42.535Z","updated_by":"akm+klooperate@abc.com","owner":"kklerkin+klooperate@abc.com"},{"id":"abcde","definition_id":"ajgjgjkgkukugkugu","root_workflow_id":"01VJ9L66VYZNH6wyPXPJRD3bU1nGTLbKM4l","schema_id":"khkhllijj","version":"1.0.0","name":"Initialize Case","type":"generic.workflow","base_type":"workflow","properties":{"atomic":{"is_atomic":false},"delete_workflow_instance":false,"description":"Run XDR new alert event workflow.\nValidate, Enrich, Template, Reputation, Past Tickets, Aggregate","display_name":"Initialize Case","runtime_user":{"target_default":true},"target":{"execute_on_target_group":true,"target_group":{"run_on_all_targets":false,"selected_target_types":["01JYJ0OOD9O7P2lkhNF1LsJrTonSOcI3AXu"],"target_group_id":"01UTUCNGTOL5553AD59jsiGR7eeOJYLuiPk","use_criteria":{"choose_target_using_algorithm":"choose_first_with_matching_criteria","conditions":[{"left_operand":"$targetgroup.01UTUCNGTOL5553AD59jsiGR7eeOJYLuiPk.common.display_name$","operator":"eqi","right_operand":"Splunk_Target"}]}}}},"status":{"state":"success","prev_state":"running"},"started_by":"akm+klooperate@abc.com","started_on":"2022-03-10T13:35:03.915Z","ended_on":"2022-03-10T13:35:35.962Z","created_on":"2022-03-10T13:35:03.774Z","created_by":"akm+klooperate@abc.com","updated_on":"2022-03-10T13:35:35.98Z","updated_by":"akm+klooperate@abc.com","owner":"kklerkin+klooperate@abc.com"},{"id":"abcdef","definition_id":"ajgjgjkgkukugkugu","root_workflow_id":"01VJ8Y70GXAZS30443lVF9SQKm7fQZSxVDB","schema_id":"khkhllijj","version":"1.0.0","name":"Initialize Case","type":"generic.workflow","base_type":"workflow","properties":{"atomic":{"is_atomic":false},"delete_workflow_instance":false,"description":"Run XDR new alert event workflow.\nValidate, Enrich, Template, Reputation, Past Tickets, Aggregate","display_name":"Initialize Case","runtime_user":{"target_default":true},"target":{"execute_on_target_group":true,"target_group":{"run_on_all_targets":false,"selected_target_types":["01JYJ0OOD9O7P2lkhNF1LsJrTonSOcI3AXu"],"target_group_id":"01UTUCNGTOL5553AD59jsiGR7eeOJYLuiPk","use_criteria":{"choose_target_using_algorithm":"choose_first_with_matching_criteria","conditions":[{"left_operand":"$targetgroup.01UTUCNGTOL5553AD59jsiGR7eeOJYLuiPk.common.display_name$","operator":"eqi","right_operand":"Splunk_Target"}]}}}},"status":{"state":"success","prev_state":"running"},"started_by":"akm+klooperate@abc.com","started_on":"2022-03-10T13:05:03.501Z","ended_on":"2022-03-10T13:05:50.201Z","created_on":"2022-03-10T13:05:03.187Z","created_by":"akm+klooperate@abc.com","updated_on":"2022-03-10T13:05:50.221Z","updated_by":"akm+klooperate@abc.com","owner":"kklerkin+klooperate@abc.com"},{"id":"abcdr","definition_id":"ajgjgjkgkukugkugu","root_workflow_id":"01VJ8MPQ3G8DQ1UX2NAlN3vp3YWagVgw8Xt","schema_id":"khkhllijj","version":"1.0.0","name":"Initialize Case","type":"generic.workflow","base_type":"workflow","properties":{"atomic":{"is_atomic":false},"delete_workflow_instance":false,"description":"Run XDR new alert event workflow.\nValidate, Enrich, Template, Reputation, Past Tickets, Aggregate","display_name":"Initialize Case","runtime_user":{"target_default":true},"target":{"execute_on_target_group":true,"target_group":{"run_on_all_targets":false,"selected_target_types":["01JYJ0OOD9O7P2lkhNF1LsJrTonSOcI3AXu"],"target_group_id":"01UTUCNGTOL5553AD59jsiGR7eeOJYLuiPk","use_criteria":{"choose_target_using_algorithm":"choose_first_with_matching_criteria","conditions":[{"left_operand":"$targetgroup.01UTUCNGTOL5553AD59jsiGR7eeOJYLuiPk.common.display_name$","operator":"eqi","right_operand":"Splunk_Target"}]}}}},"status":{"state":"success","prev_state":"running"},"started_by":"akm+klooperate@abc.com","started_on":"2022-03-10T12:50:03.703Z","ended_on":"2022-03-10T12:50:38.812Z","created_on":"2022-03-10T12:50:03.549Z","created_by":"akm+klooperate@abc.com","updated_on":"2022-03-10T12:50:38.832Z","updated_by":"akm+klooperate@abc.com","owner":"kklerkin+klooperate@abc.com"},{"id":"abcs","definition_id":"ajgjgjkgkukugkugu","root_workflow_id":"01VJ7W2P3ZGNN4qGTX33OxT8ZcaoszxLUIR","schema_id":"khkhllijj","version":"1.0.0","name":"Initialize Case","type":"generic.workflow","base_type":"workflow","properties":{"atomic":{"is_atomic":false},"delete_workflow_instance":false,"description":"Run XDR new alert event workflow.\nValidate, Enrich, Template, Reputation, Past Tickets, Aggregate","display_name":"Initialize Case","runtime_user":{"target_default":true},"target":{"execute_on_target_group":true,"target_group":{"run_on_all_targets":false,"selected_target_types":["01JYJ0OOD9O7P2lkhNF1LsJrTonSOcI3AXu"],"target_group_id":"01UTUCNGTOL5553AD59jsiGR7eeOJYLuiPk","use_criteria":{"choose_target_using_algorithm":"choose_first_with_matching_criteria","conditions":[{"left_operand":"$targetgroup.01UTUCNGTOL5553AD59jsiGR7eeOJYLuiPk.common.display_name$","operator":"eqi","right_operand":"Splunk_Target"}]}}}},"status":{"state":"success","prev_state":"running"},"started_by":"akm+klooperate@abc.com","started_on":"2022-03-10T12:15:16.115Z","ended_on":"2022-03-10T12:15:31.396Z","created_on":"2022-03-10T12:15:15.955Z","created_by":"akm+klooperate@abc.com","updated_on":"2022-03-10T12:15:31.416Z","updated_by":"akm+klooperate@abc.com","owner":"kklerkin+klooperate@abc.com"},{"id":"abvf","definition_id":"ajgjgjkgkukugkugu","root_workflow_id":"01VJ6PSOKL0LZ4SuwRI0eCTYovpUSqC1SMC","schema_id":"khkhllijj","version":"1.0.0","name":"Initialize Case","type":"generic.workflow","base_type":"workflow","properties":{"atomic":{"is_atomic":false},"delete_workflow_instance":false,"description":"Run XDR new alert event workflow.\nValidate, Enrich, Template, Reputation, Past Tickets, Aggregate","display_name":"Initialize Case","runtime_user":{"target_default":true},"target":{"execute_on_target_group":true,"target_group":{"run_on_all_targets":false,"selected_target_types":["01JYJ0OOD9O7P2lkhNF1LsJrTonSOcI3AXu"],"target_group_id":"01UTUCNGTOL5553AD59jsiGR7eeOJYLuiPk","use_criteria":{"choose_target_using_algorithm":"choose_first_with_matching_criteria","conditions":[{"left_operand":"$targetgroup.01UTUCNGTOL5553AD59jsiGR7eeOJYLuiPk.common.display_name$","operator":"eqi","right_operand":"Splunk_Target"}]}}}},"status":{"state":"failed","prev_state":"running"},"started_by":"akm+klooperate@abc.com","started_on":"2022-03-10T11:20:03.037Z","ended_on":"2022-03-10T11:20:04.44Z","created_on":"2022-03-10T11:20:02.86Z","created_by":"akm+klooperate@abc.com","updated_on":"2022-03-10T11:20:04.443Z","updated_by":"akm+klooperate@abc.com","owner":"kklerkin+klooperate@abc.com"},{"id":"abvk","definition_id":"ajgjgjkgkukugkugu","root_workflow_id":"01VJ62UA4LYQU0od77lbUDPiDWbXIu0DdcI","schema_id":"khkhllijj","version":"1.0.0","name":"Initialize Case","type":"generic.workflow","base_type":"workflow","properties":{"atomic":{"is_atomic":false},"delete_workflow_instance":false,"description":"Run XDR new alert event workflow.\nValidate, Enrich, Template, Reputation, Past Tickets, Aggregate","display_name":"Initialize Case","runtime_user":{"target_default":true},"target":{"execute_on_target_group":true,"target_group":{"run_on_all_targets":false,"selected_target_types":["01JYJ0OOD9O7P2lkhNF1LsJrTonSOcI3AXu"],"target_group_id":"01UTUCNGTOL5553AD59jsiGR7eeOJYLuiPk","use_criteria":{"choose_target_using_algorithm":"choose_first_with_matching_criteria","conditions":[{"left_operand":"$targetgroup.01UTUCNGTOL5553AD59jsiGR7eeOJYLuiPk.common.display_name$","operator":"eqi","right_operand":"Splunk_Target"}]}}}},"status":{"state":"failed","prev_state":"running"},"started_by":"akm+klooperate@abc.com","started_on":"2022-03-10T10:50:04.264Z","ended_on":"2022-03-10T10:50:05.036Z","created_on":"2022-03-10T10:50:03.964Z","created_by":"akm+klooperate@abc.com","updated_on":"2022-03-10T10:50:05.052Z","updated_by":"akm+klooperate@abc.com","owner":"kklerkin+klooperate@abc.com"},{"id":"aljd","definition_id":"ajgjgjkgkukugkugu","root_workflow_id":"
... View more
03-10-2022
08:35 AM
Hi
I wanted to break the line from {"id" so that splunk will treat it as a new event from {"id from below event, I have mentioned the props.conf and the event, please find the same and let me know in case of any concerns.
INDEXED_EXTRACTIONS = JSON
KV_MODE = none
NO_BINARY_CHECK = true
SHOULD_LINEMERGE = false
SEGMENTATION = iso8601
#TIME_FORMAT=%YYYY-%MM-%DDT%H:%M:%SZ
TIMESTAMP_FIELDS = started_on
TRUNCATE = 0
category = Ver. 1
... View more
Labels
- Labels:
-
props.conf
-
universal forwarder
03-01-2022
01:51 PM
I want to export the result of a Splunk dashboard and authentication would be via SSO/SAML. I can provide the username and password and Splunk dashboard URL so that python will export the dashboard pannel and save the exported result in csv.
... View more
Labels
- Labels:
-
other
-
using Enterprise Security
02-02-2022
09:18 AM
I want to provide read permission for only one app not all apps to a particular role and in my environment under apps permissions, I can see everyone(all roles) have read access. I don't want to make changes to all apps permission but wanted to manage if I can configure in one role or one app permissions so that all users under that role should only have read permission to one app and he won't be able to see other apps.
... View more
- Tags:
- apps
- role
- splunk apps
01-30-2022
09:39 PM
Yeah but this can be a way but, client isn't happy with it they need data like customer in one column and rest values each per column.
... View more
01-26-2022
08:28 AM
Hi Team, I need to use print two values from an index with different earliest values. please find the below example. index=abcd cust_name="*" earliest=-30d@d | fields cust_name,origUserid,destUserid,finalCalledPartyUnicodeLoginUserID,callingPartyUnicodeLoginUserID | eval id =coalesce(origUserid,destUserid,finalCalledPartyUnicodeLoginUserID,callingPartyUnicodeLoginUserID) | rename cust_name as Customer | dedup id | stats count(id) as MAU by Customer | appendcols [ search index=abcd cust_name="*" earliest=-14d | fields cust_name,origUserid,destUserid,finalCalledPartyUnicodeLoginUserID,callingPartyUnicodeLoginUserID | eval id =coalesce(origUserid,destUserid,finalCalledPartyUnicodeLoginUserID,callingPartyUnicodeLoginUserID) | rename cust_name as Customer | dedup id | stats count(id) as DAU by Customer | eval DAU=round(DAU/14,2) ] My problem is I am using two earliest values so in my first earliest value I have a customer count of 57 and on the second earliest value customer count is 43, so while printing both the values it's printing the wrong value in one column.
... View more
- Tags:
- appendcols
- stats
Labels
- Labels:
-
stats
12-17-2021
09:52 AM
I am working on a dashboard where my source have values like /opt/commands/abc.env, I want to print XYZ in ConfigType if my source contains commands. Right now I am using regex | rex field=source "(?<ConfigType>commands)" and it's printing ConfigType=commands but I need to print ConfigType=XYZ
... View more
- Tags:
- rex
- spl
- SPLUNK query
Labels
- Labels:
-
using Splunk Enterprise
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
a week ago
|
