×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
lanmanjs55
Engager
Member since: ‎07-22-2020
‎07-22-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎07-22-2020
Activity Feed
Topics I've Started
View All

Re: Query Question

by in Alerting
‎07-22-2020 10:30 AM
‎07-22-2020 10:30 AM
Excellent - thank you very much for the Reply.  Looks really easy but it just shows I have a lot to learn.  Much approciated. ... View more

Query Question

by in Alerting
‎07-22-2020 09:01 AM
‎07-22-2020 09:01 AM
We have a number of alerts set up with Splunk.  One of them monitors the state of VPN's from our Cisco routers.  One of these routers has a couple of VPN's that are actually supposed to be down (until they get traffic sent over them) so we keep getting a false positive on the alert.  This is the query: splunk query - sourcetype="cisco:ios" AND "down"  I am VERY new to this and writing queries.  What is the syntax I need to add to this query that will ignore this one particular router?   Thank you for any Reply -  ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎07-22-2020 02:23 PM
Karma given to
View All