Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About jlawsonmers
jlawsonmers
New Member
Member since:
11-04-2013
06-05-2020
Community Statistics
| Posts | 8 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 11-04-2013 |
Activity Feed
- Posted Re: What is the correct syntax for excluding a subnet from a search using CIDR notation? on Splunk Search. 09-17-2014 11:38 AM
- Posted Re: What is the correct syntax for excluding a subnet from a search using CIDR notation? on Splunk Search. 09-10-2014 11:40 AM
- Posted What is the correct syntax for excluding a subnet from a search using CIDR notation? on Splunk Search. 09-04-2014 05:59 AM
- Tagged What is the correct syntax for excluding a subnet from a search using CIDR notation? on Splunk Search. 09-04-2014 05:59 AM
- Tagged What is the correct syntax for excluding a subnet from a search using CIDR notation? on Splunk Search. 09-04-2014 05:59 AM
- Tagged What is the correct syntax for excluding a subnet from a search using CIDR notation? on Splunk Search. 09-04-2014 05:59 AM
- Tagged What is the correct syntax for excluding a subnet from a search using CIDR notation? on Splunk Search. 09-04-2014 05:59 AM
- Posted Re: How do I exclude a subnet from a search using CIDR notation? on Splunk Search. 09-03-2014 07:13 AM
- Posted How do I exclude a subnet from a search using CIDR notation? on Splunk Search. 09-03-2014 05:56 AM
- Tagged How do I exclude a subnet from a search using CIDR notation? on Splunk Search. 09-03-2014 05:56 AM
- Posted Re: save search results? on Splunk Search. 11-04-2013 11:47 AM
- Posted Re: save search results? on Splunk Search. 11-04-2013 07:40 AM
- Posted save search results? on Splunk Search. 11-04-2013 06:51 AM
- Tagged save search results? on Splunk Search. 11-04-2013 06:51 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
09-17-2014
11:38 AM
In order to make this work, where should the file "excluded_ips.csv" be placed and where should the file "transforms.conf" be placed?
... View more
09-10-2014
11:40 AM
Thanks, that seems helpful. Would someone tell me where to find the security_acl view and transforms.conf?
... View more
09-04-2014
05:59 AM
In trying to learn how to exclude a subnet from a search using CIDR notation, I was directed to this link:
http://answers.splunk.com/answers/130030/how-does-one-search-for-a-cidr-range-of-addresses
which says:
You can't do CIDR defined search on freetext. You can however do it if you have the IP addresses you want to match against in extracted fields. In other words,
10.0.0.0/24
won't work, but
src_ip=10.0.0.0/24
will.
I have a search like this:
"%ASA-4-733100" OR "%ASA-4-733104" OR "%ASA-4-733105" NOT "[ Scanning]" NOT "[ DNS 53]" NOT "[ Port-8191-65535]" NOT "[ NetBIOS-Name 137]"
and I want to exclude the subnet 192.168.0.0/16 (within the fields "_raw" and "host") from the results. How do I do this? What is the correct syntax for the entire search?
... View more
09-03-2014
07:13 AM
Should I use NOT "host_ip=192.168.0.0/16" or should I leave off the quotation marks?
... View more
09-03-2014
05:56 AM
How do I exclude a subnet from a search using CIDR notation? For example, I have this search:
"%ASA-4-733100" OR "%ASA-4-733104" OR "%ASA-4-733105" NOT "[ Scanning]" NOT "[ 172.16.10.2]" NOT "[ DNS 53]" NOT "[ NetBIOS-Name 137]"
I would like to exclude 192.168.0.0/16 from this search. What is a simple way to do this?
... View more
- Tags:
- subnet
11-04-2013
11:47 AM
In savedsearches.conf, I do not see dispatch.ttl. I do see dispatch.earliest_time and dispatch.latest_time, but these seem to refer to the scope of the search, not the retention of search results. Any other ideas?
... View more
11-04-2013
07:40 AM
No, somesoni2, the search parameters are ok. I'm talking about changing how long the search results are saved.
... View more
11-04-2013
06:51 AM
Once a search has been created and saved, how does one change the amount of time (number of days, for example) that the results are saved?
... View more
- Tags:
- search
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
