×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
dantose
Explorer
Member since: ‎06-23-2020
‎05-11-2022
Community Statistics
Posts 6
Solutions 1
Karma Given 2
Karma Received 0
Member Since ‎06-23-2020
Activity Feed
View All

Re: Why converting hex doesn't work for 1 alert?

by in Splunk Search
‎03-03-2022 03:59 PM
‎03-03-2022 03:59 PM
Ok, I think I've got a solution: [search] | rex field=data "504B.{56}(?<target>.{2,100}2E.{6})" | [previous urldecode solution] That should handle detecting any path/filename.ext up to 50+3.    It will still fail to detect files without an extension, but I'm at least at a 90% solution ... View more

Re: Daily and weekly discrete count in the same qu...

by in Splunk Search
‎01-05-2022 04:52 PM
1 Karma
‎01-05-2022 04:52 PM
1 Karma
The key here is use eventstats to calculate the distinct count over the entire week range and retain that value "max(dc_weekly)" through subsequent stats -- first stats calculate distinct daily and second stat to calculate average daily.         ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎05-11-2022 12:34 AM
Karma given to
View All