Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About harishalipaka
harishalipaka
Motivator
Member since:
02-14-2017
09-29-2022
Community Statistics
| Posts | 268 |
| Solutions | 45 |
| Karma Given | 5 |
| Karma Received | 61 |
| Member Since | 02-14-2017 |
Activity Feed
- Got Karma for Re: How do you create a total column in a chart?. 08-22-2022 01:07 PM
- Posted Re: How to get values from a Splunk field to particular decimals? on Splunk Search. 07-14-2022 04:31 AM
- Posted Re: How to find comman value from multiple watchlist on Splunk Search. 07-14-2022 04:23 AM
- Posted Re: How to configure Splunk Enterprise Security drill-down earliest offset? on Splunk Enterprise Security. 07-14-2022 04:13 AM
- Posted Re: Duplication of events when searching multi-value fields in Json using mvzip and mvexpand on Splunk Search. 07-14-2022 04:08 AM
- Posted Please help me to find the following Addon's and Apps are impacted with log4j or Not ? on Security. 12-13-2021 10:56 PM
- Posted Re: Query for Consecutive count for missed time range on Splunk Search. 08-25-2021 07:19 AM
- Posted Re: Query for Consecutive count for missed time range on Splunk Search. 08-24-2021 07:51 AM
- Posted Re: Query for Consecutive count for missed time range on Splunk Search. 08-24-2021 07:24 AM
- Posted Re: Query for Consecutive count for missed time range on Splunk Search. 08-24-2021 03:07 AM
- Posted Re: Query for Consecutive count for missed time range on Splunk Search. 08-24-2021 12:00 AM
- Posted Re: Query for Consecutive count for missed time range on Splunk Search. 08-23-2021 07:04 AM
- Posted Query for Consecutive count for missed time range on Splunk Search. 08-23-2021 04:42 AM
- Tagged Query for Consecutive count for missed time range on Splunk Search. 08-23-2021 04:42 AM
- Posted sending email individually with cc using query on Alerting. 01-27-2021 03:39 AM
- Tagged sending email individually with cc using query on Alerting. 01-27-2021 03:39 AM
- Got Karma for Re: Why when using "map" command, if I use the string argument with "map", results are not displayed?. 01-13-2021 01:32 PM
- Got Karma for How do I delete lookup file (CSV) from a lookup lists using query?. 11-23-2020 05:40 AM
- Got Karma for Re: How do you create a total column in a chart?. 09-17-2020 04:56 AM
- Got Karma for Re: How do you restrict a user role to one App only?. 09-10-2020 07:41 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 0 |
07-14-2022
04:31 AM
@Poojitha | makeresults| eval Cost="0.4565534553453" | table Cost
| append [ | makeresults| eval Cost="0.0000435463466" | table Cost]
| append [| makeresults| eval Cost="0.0021345667788" | table Cost ]
| append [ | makeresults| eval Cost="0.0000000005657" | table Cost ]
| rex field=Cost "(?<Cost_New>\d+\.\d{4})" |where Cost_New > 0 |table Cost
... View more
07-14-2022
04:23 AM
@akshayinnamuri Values - without duplicate , list - with duplicates | makeresults| eval lookupname="1stlookuptable",name="abc" | table name lookupname
| append [ | makeresults | eval lookupname="2ndlookuptable",name="abc" | table name lookupname ]
| append [ | makeresults | eval lookupname="3rdlookuptable",name="dxc" | table name lookupname ]
| append [ | makeresults| eval lookupname="4thlookuptable",name="xyz" | table name lookupname ]
| append [ | makeresults | eval lookupname="5thlookuptable",name="abc" | table name lookupname ] | stats list(lookupname) AS lookupname BY name
... View more
07-14-2022
04:13 AM
@martaBenedetti Time in seconds - 120 Epoch - 7200 (ms) Try - $info_min_time$-7200
... View more
07-14-2022
04:08 AM
@Marian - Use dedup or mvdedup commands | eval x=mvdedup(mvzip(mvzip(mvzip(name,type),plugin),errors))
... View more
12-13-2021
10:56 PM
Hi Splunkers 🙂 , The vulnerability was disclosed by the Apache Log4j project on Thursday, December 9, 2021. If exploited, it could potentially allow a remote attacker to execute code on the server if the system logs an attacker-controlled string value on an affected endpoint. Can you please help me to these below Addon's & Apps are impacted or Not -- Splunk Add-on for Microsoft SCOM Okta Identity Cloud Add-on for Splunk Lookup Editor Number Display Viz Splunk Dashboard Examples Tanium App Splunk Enterprise Dashboards Beta Python for Scientific Computing Solarwinds Add on for splunk Tanium Technology Add on 100_genpact_splunkcloud Splunk DB Connect Tanium App Microsoft windows DHCP Add on for splunk Website Monitoring rest_ta These are not listed in below links :- Splunk Security Advisory for Apache Log4j (CVE-2021-44228) | Splunk https://www.splunk.com/en_us/blog/security/log-jammin-log4j-2-rce.html
... View more
- Tags:
- log4j
Labels
- Labels:
-
other
08-25-2021
07:19 AM
Thanks for your help @ITWhisperer Here am facing one limit issue with list command. I did few changes from my side and achieved it. Question :- Can help me to get the count of how many times connected more than 8 hours.? @ITWhisperer pls help me on this
... View more
08-24-2021
07:51 AM
@ITWhisperer I need all data where its connected once also. Can you pls check my question again. We need to remove this condition - | where mvcount(LastConnected)>=2 I think we need apply here - | eval span=if(concurrent=0 AND mvcount(LastConnected)>=2,1,0)
... View more
08-24-2021
07:24 AM
@ITWhisperer I have updated my question, Please help me on this | makeresults | eval _raw="HostName,LastConnected ABC,23/08/2021 10:04 ABC,23/08/2021 10:34 AAA,23/08/2021 12:01 AAA,23/08/2021 12:32 AAA,23/08/2021 13:03 AAA,23/08/2021 13:34 ABC,23/08/2021 17:03 AAA,23/08/2021 15:01 AAA,23/08/2021 15:35 ABC,23/08/2021 14:00 AAA,23/08/2021 21:02 AAA,23/08/2021 22:03 AAA,23/08/2021 20:02 ABC,23/08/2021 11:02 ABC,23/08/2021 11:34 ABC,23/08/2021 12:02 ABC,23/08/2021 13:34 AAA,23/08/2021 14:02 AAA,23/08/2021 14:34 ABC,23/08/2021 15:04 ABC,23/08/2021 16:34 ABC,23/08/2021 16:05 ABC,23/08/2021 22:02 ABC,23/08/2021 23:36 AAA,23/08/2021 11:03 ABC,24/08/2021 11:36 AAA,24/08/2021 12:03 ABC,24/08/2021 11:00 AAA,24/08/2021 12:36 ABC,23/08/2021 17:36 AAA,23/08/2021 20:32 AAA,23/08/2021 21:32" | multikv forceheader=1 | table HostName LastConnected
... View more
08-24-2021
03:07 AM
Updated - @ITWhisperer Sorry, I have missed one condition, here if hours count is grater then or equal 2 , then it is online else we wont count---- ------------------ | makeresults | eval _raw="HostName,LastConnected AAA,23/08/2021 11 AAA,23/08/2021 11 ABC,23/08/2021 12 AAA,23/08/2021 11 AAA,23/08/2021 12 AAA,23/08/2021 12 AAA,23/08/2021 13 AAA,23/08/2021 13 ABC,23/08/2021 11 AAA,23/08/2021 14 AAA,23/08/2021 21 AAA,24/08/2021 22 AAA,24/08/2021 22 ABC,23/08/2021 10 ABC,23/08/2021 10 AAA,23/08/2021 20 ABC,23/08/2021 13 ABC,23/08/2021 13 ABC,23/08/2021 14 ABC,23/08/2021 14 ABC,23/08/2021 15 ABC,23/08/2021 15 ABC,23/08/2021 16 ABC,24/08/2021 17 AAA,23/08/2021 15 ABC,24/08/2021 22 ABC,23/08/2021 23" | multikv forceheader=1 | table HostName LastConnected | eval LastConnected1=strptime(LastConnected,"%d/%m/%Y %H") |stats list(LastConnected) as LastConnected by HostName LastConnected1 | streamstats values(LastConnected1) as previousConnected by HostName window=1 current=f | eval concurrent=if(LastConnected1-previousConnected = 60*60,1,0) | eval span=if(concurrent=0 AND mvcount(LastConnected)>=2,1,0)
... View more
08-24-2021
12:00 AM
@ITWhisperer I have different dates like below ---- ------------------ | makeresults | eval _raw="HostName,LastConnected AAA,23/08/2021 11 ABC,23/08/2021 12 AAA,23/08/2021 12 AAA,23/08/2021 13 ABC,23/08/2021 11 AAA,23/08/2021 14 AAA,23/08/2021 21 AAA,24/08/2021 22 ABC,23/08/2021 10 AAA,23/08/2021 20 ABC,23/08/2021 13 ABC,23/08/2021 14 ABC,23/08/2021 15 ABC,23/08/2021 16 ABC,24/08/2021 17 AAA,23/08/2021 15 ABC,24/08/2021 22 ABC,23/08/2021 23" | multikv forceheader=1 | table HostName LastConnected | eval LastConnected=strptime(LastConnected,"%d/%m/%Y %H") | streamstats values(LastConnected) as previousConnected by HostName window=1 current=f | eval concurrent=if(LastConnected-previousConnected = 60*60,1,0) | eval span=if(concurrent=0,1,0) | streamstats sum(span) as span by HostName | eventstats count as Total by HostName | eventstats count by HostName span | eventstats max(count) as Highest by HostName | eval combined=HostName."!".Total."!".Highest | eval _time=LastConnected | timechart span=1h count by combined | foreach * [| eval <<FIELD>>=if('<<FIELD>>'=0,"Offline","connected")] | eval time=strftime(_time,"%d/%m/%Y %H") | fields - _span _time | transpose 0 header_field=time | eval column=split(column,"!") | eval HostName=mvindex(column,0) | eval Total=mvindex(column,1) | eval Highest=mvindex(column,2) | fields - column | table HostName Total Highest *
... View more
08-23-2021
07:04 AM
Hi @ITWhisperer Am getting wrong consecutive count with this query
... View more
08-23-2021
04:42 AM
[Updated] HI All, @ITWhisperer Please help me on this I have data like below - HostName LastConnected ABC 23/08/2021 10:04 ABC 23/08/2021 10:34 AAA 23/08/2021 12:01 AAA 23/08/2021 12:32 AAA 23/08/2021 13:03 AAA 23/08/2021 13:34 ABC 23/08/2021 17:03 AAA 23/08/2021 15:01 AAA 23/08/2021 15:35 ABC 23/08/2021 14:00 AAA 23/08/2021 21:02 AAA 23/08/2021 22:03 AAA 23/08/2021 20:02 ABC 23/08/2021 11:02 ABC 23/08/2021 11:34 ABC 23/08/2021 12:02 ABC 23/08/2021 13:34 AAA 23/08/2021 14:02 AAA 23/08/2021 14:34 ABC 23/08/2021 15:04 ABC 23/08/2021 16:34 ABC 23/08/2021 16:05 ABC 23/08/2021 22:02 ABC 23/08/2021 23:36 AAA 23/08/2021 11:03 ABC 24/08/2021 11:36 AAA 24/08/2021 12:03 ABC 24/08/2021 11:00 AAA 24/08/2021 12:36 ABC 23/08/2021 17:36 AAA 23/08/2021 20:32 AAA 23/08/2021 21:32 Now, i want output like this HostName TotalHours Max_Consecutive 23/08/2021 10 23/08/2021 11 23/08/2021 12 23/08/2021 13 23/08/2021 14 23/08/2021 15 23/08/2021 16 23/08/2021 17 23/08/2021 18 23/08/2021 19 23/08/2021 20 23/08/2021 21 23/08/2021 22 23/08/2021 23 24/08/2021 11 24/08/2021 12 24/08/2021 13 24/08/2021 14 24/08/2021 15 ABC 4 2 23/08/2021 10:04 23/08/2021 10:34 offline 23/08/2021 12:02 23/08/2021 13:34 23/08/2021 14:00 23/08/2021 15:04 23/08/2021 16:34 23/08/2021 16:05 23/08/2021 17:03 23/08/2021 17:34 offline offline offline offline 23/08/2021 22:02 23/08/2021 23:36 24/08/2021 11:36 24/08/2021 11:00 offline offline offline offline AAA 8 5 offline 23/08/2021 11:02 23/08/2021 11:34 23/08/2021 12:01 23/08/2021 12:32 23/08/2021 13:03 23/08/2021 13:34 23/08/2021 14:02 23/08/2021 14:34 23/08/2021 15:01 23/08/2021 15:35 offline offline offline offline 23/08/2021 20:02 23/08/2021 20:32 23/08/2021 21:02 23/08/2021 21:32 23/08/2021 22:03 offline offline 24/08/2021 12:03 24/08/2021 12:36 offline offline offline Note:- I have more than 2 lakhs records, and if user select one week data it should be work for a week If it is connected complete hour ,then it is online - means two times in hour We if mvcount >=2 then it is online , we need to count If it is 1 - no need count keep as it is 0 - offlilne Thank you in advance
... View more
01-27-2021
03:39 AM
Hi All, I would like to send individual emails , that i did using sendresults command. But am unable to send individual emails along with cc. Email CC abc@g.com manager@g.com 123@g.com manager@g.com In above table i want to send individually mail like below:- Mail 1 -- to:abc@g.com cc:manager@g.com Mail2 -- to:123@g.com cc:manager@g.com
... View more
Labels
- Labels:
-
alert action
-
alert condition
-
email
04-24-2020
12:14 AM
hi @Dherom
just go to edit mode
... View more
04-19-2020
11:38 PM
@splunkbeginner
try like this
| tstats count where host=linux01 sourcetype="linux:audit" by _time span=1d prestats=t
| timechart span=1d count as total
| appendcols [ search host=linux01 sourcetype="linux:audit" key="linux01_change" NOT comm IN (vi, rm, ls)
| timechart span=1d count as filter]
| stats count as total by sourcetype
| appendpipe [ stats count as total
| where total=0
| eval total=0,filter=0]
... View more
04-17-2020
04:35 AM
@zhonk
Did you check individually -- query debug
are u getting Heart Beat epoch and _time epoch converting or not..
... View more
04-17-2020
01:36 AM
hi @zhonk
Updated my Answer Please try like below @zhonk
|makeresults |eval HeartBeatTime="2020-04-16 12:23:32.9",heartbeatEpoch=strptime(HeartBeatTime,"%Y-%m-%d %H:%M:%S.%3N"),Time=_time|eval TimeDiff=Time-heartbeatEpoch,diff=tostring(TimeDiff,"Duration")
... View more
04-16-2020
11:50 PM
hi @miguelangelclemente
have a look into this
https://www.splunk.com/en_us/blog/tips-and-tricks/splunk-alerts-using-gmail-twitter-phone-calls-and-much-more.html
... View more
04-16-2020
11:27 PM
hi @Allampally
try below --
|eval results1=if(match(field1,field2),"Yes","No")
|eval results1=if(like(field1,field2),"Yes","No")
|eval results1=if(field1==field2,"Yes","No")
If you not get results using this.check your fields contains any spaces.
|eval field1=upper(trim(fied1)),field2=trim(upper(field2))
... View more
04-16-2020
04:54 AM
hi @saghiralmani
base search . . .. |eval test=substr(user_id_field,-5) |eventstats count by test |where count > 1
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
09-29-2022
11:43 PM
|
