cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
aleem
SplunkTrust
Member since: ‎09-20-2011
‎08-07-2020
Community Statistics
Posts 20
Solutions 2
Karma Given 0
Karma Received 4
Member Since ‎09-20-2011
Activity Feed
Topics I've Started
View All

Re: Can Splunk help me find out who has read a spe...

by SplunkTrust in All Apps and Add-ons
‎07-15-2016 08:09 AM
‎07-15-2016 08:09 AM
Hi Garth, We are avoiding read receipts 😉 I guess that the marking of an email from being 'unread' to 'read' is an event with Exchange. I have no idea where this would be 'recorded'. Splunk seems ideal for this depending what it has access to. Thanks Aleem ... View more

Re: Can Splunk help me find out who has read a spe...

by SplunkTrust in All Apps and Add-ons
‎07-15-2016 07:30 AM
‎07-15-2016 07:30 AM
Hi Greg, I don't have a log at this point. I am not even sure what log files might exist as I have no knowledge around Exchange. I am trying to figure out if Splunk would be able to help me by interrogating Exchange. Thanks Aleem ... View more

Can Splunk help me find out who has read a specifi...

by SplunkTrust in All Apps and Add-ons
‎07-15-2016 06:33 AM
‎07-15-2016 06:33 AM
We send a company newsletter out to thousands of employees. We would like to know who has read the newsletter. It is simply embedded in an email. Newsletter read means the email status goes from 'unread' to 'read'. I would hope to present the email ID for the newsletter email to the exchange server and it would give me a list of who has read it or at least a count of who has read it. Wondering if the App for Microsoft Exchange would do the job or if there is another way. Thanks Aleem ... View more

Can I collect the meta data via the FPolicy featur...

by SplunkTrust in All Apps and Add-ons
‎03-24-2016 04:58 AM
1 Karma
‎03-24-2016 04:58 AM
1 Karma
Hi, I have a query around file system auditing and NetApp. The goal is to audit changes on NetApp arrays without the requirement to turn Auditing on (not recommended). Can I collect the meta data via the FPolicy feature/API of the NetApp controller? If this is possible that would be amazing. Examples would be even more amazing. Thanks Aleem Splunk User Group London ... View more

Re: Splunk is breaking my events in to two events

by SplunkTrust in Archive
‎02-14-2013 02:59 AM
‎02-14-2013 02:59 AM
Sounds great Ayn. I'll have a go at doing this and feedback 😉 ... View more

Splunk is breaking my events in to two events

by SplunkTrust in Archive
‎02-14-2013 02:22 AM
‎02-14-2013 02:22 AM
Hi, I have events with 360 lines of text. My problem is that Splunk 1. writes the first 257 lines of the event 2. writes the next event that happends to have the same timestamp 3. finishes off the writing the remaining 104 lines of the first event as a new event I am not sure if having 360 lines in an event causes a bottle neck or if I need to modify a file somewhere. Hopefully, it is a simple config update 😉 ... View more

Re: Minutes between most recent event date and now

by SplunkTrust in Splunk Search
‎04-18-2012 02:56 AM
‎04-18-2012 02:56 AM
I really want to know if the latest event is less than 30 minutes old, so I guess I could simply use the following; sourcetype="myhost" earliest=-30m | head 1 Zero results would mean that there are no events in the past 30 minutes. ... View more

Minutes between most recent event date and now

by SplunkTrust in Splunk Search
‎04-18-2012 01:53 AM
‎04-18-2012 01:53 AM
I have a field called fldTimeStamp which I use to hold the date in which events were raised rather than what date I imported them in to Splunk. This works great. However, I need to know if the most recent fldTimeStamp is more than 20 minutes old. I can use "head 1 | fields timestamp fldTimeStamp | eval fldNow = time() | convert ctime(fldNow)" to get the current time. However, I am struggling to subtract fldTimeStamp from now (fldNow). Presumably, I need to do some evals and converts. Any ideas how to do this? ... View more

Re: Combine 2 fields to create a new field?

by SplunkTrust in Splunk Search
‎03-30-2012 02:16 AM
‎03-30-2012 02:16 AM
many thanks for this tip ... View more

Re: Show Single Value Panels in a Table

by SplunkTrust in Splunk Search
‎03-28-2012 02:28 AM
‎03-28-2012 02:28 AM
I used Advanced XML, single value labels and application.css to achieve my objective. Firebug is great to identify which bit of css needs to be added to application.css to tweaked. ... View more

Re: Send Values to Custom HTML

by SplunkTrust in Dashboards & Visualizations
‎03-28-2012 02:15 AM
‎03-28-2012 02:15 AM
I used Advanced XML, single value labels and application.css to achieve my objective. ... View more

Show Single Value Panels in a Table

by SplunkTrust in Splunk Search
‎03-15-2012 07:43 AM
2 Karma
‎03-15-2012 07:43 AM
2 Karma
I have 66 single value panels to display in my dashboard. So far I am finding that I can only go three columns wide. I need 11 columns wide. Is there any way to have a grid or table with 11 columns and 6 rows that I can fill with my single value panels? I would rather make a custom html page that could have placeholders for the 66 single value panels. However, any suggestions would be most welcome ... View more

Re: Rangemap with String Values

by SplunkTrust in Dashboards & Visualizations
‎03-14-2012 09:46 AM
1 Karma
‎03-14-2012 09:46 AM
1 Karma
I used the following command to change Colour_1 to 1 eval fldColour=replace(fldColour, "Colour_", "") Works fine ... View more

Rangemap with String Values

by SplunkTrust in Dashboards & Visualizations
‎03-14-2012 07:42 AM
‎03-14-2012 07:42 AM
I want to use a rangemap to create a single value panel. The issue is that the field I want to colur hold string values (e.g. "Colour_1", "Colour_2" or "Colour_3") rangemap requires numbers. Is there a way to fiddle with the strings to get them to work with rangemap? sourcetype="ANM_UK_Grocery" fldDX="DX_1" fldBank="Bank_1" | head 1 | table fldColour,fldBank,fldDX | rangemap fldColour=Color low="Colour_1" severe="Colour_2" elevated="Colour_3" ... View more

Pick latest event

by SplunkTrust in Splunk Search
‎03-06-2012 09:21 AM
‎03-06-2012 09:21 AM
Hi, I want only return the latest event The following seems to work so far. It is correct? No entirely sure what the sort criteria for Top is Top limit=1 Color,TimeStamp,Bank,DX | table Color ... View more

Re: Return single field values

by SplunkTrust in Archive
‎03-06-2012 09:12 AM
‎03-06-2012 09:12 AM
Excellent, much appreciated ... View more

Re: Ignore first line

by SplunkTrust in Getting Data In
‎03-06-2012 09:00 AM
‎03-06-2012 09:00 AM
Thanks, I tried that. Splunk recognises sourcetype as csv-2 and still indexes the headings ... View more

Send Values to Custom HTML

by SplunkTrust in Dashboards & Visualizations
‎03-06-2012 08:35 AM
‎03-06-2012 08:35 AM
Hi, I would like to use a custom html page that takes input from a splunk search. Eg. [SplunkValue] [SplunkValue] would be returned from a search Any tips pn how to achieve this? ... View more

Ignore first line

by SplunkTrust in Getting Data In
‎03-06-2012 08:28 AM
‎03-06-2012 08:28 AM
Hi, I am importing custom CSV files. The heading are are the first line. What is the simplest way to ignore these headings? Which files to I need to edit? ... View more

Return single field values

by SplunkTrust in Archive
‎03-06-2012 08:26 AM
‎03-06-2012 08:26 AM
Hi, I am importing custom CSV files. I have a field value named "color". I just want to be able to get Splunk to return the value of color. The example below would return "Orange" Any ideas what the searh might be? 06/03/2012 09:30:00,DX2-MARTINI-GROC-9,80,COM-LIVE / COM-LIVE2 / SECURE-SSL-LIVE,6509-MK2:ACE:1:MK-ACE-16509-MK1:ACE:1:MK-ACE-1,Down,Down,MARTINI-GROCERY-LIVE,,,,Orange,2,9 ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎08-07-2020 04:45 PM
Karma from