cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
mputtam
Path Finder
Member since: ‎07-28-2020
‎11-30-2020
Community Statistics
Posts 19
Solutions 1
Karma Given 5
Karma Received 1
Member Since ‎07-28-2020
Activity Feed
Topics I've Started
View All

Seeking help to create a dashboard for Antivirus a...

by in Splunk Search
‎11-25-2020 06:53 PM
‎11-25-2020 06:53 PM
Hi community, Need your help..! is there any possibility that we can create a dashboard for AV related issues or notables...?  was using the below query but could get the exact results. requesting you to help me on this to create a dashboard for AV related alerts for the servers. | tstats summariesonly=true max(_time) AS time values(Malware_Attacks.file_name) AS fileName values(Malware_Attacks.signature) AS signature from datamodel=Malware.Malware_Attacks by Malware_Attacks.event_description, Malware_Attacks.dest Malware_Attacks.action | makemv delim="|" fileName | makemv delim="|" signature | rename Malware_Attacks.event_description AS event_description | rename Malware_Attacks.dest AS dest | rename Malware_Attacks.action as action | regex event_description!="blocked" | regex event_description!="deleted" | regex event_description!="Cleaned" | regex event_description!="handled" | where event_description!="Exploit Prevention Files/Process/Registry violation detected" OR threat_handled!=1 | where event_description!="Infected file found, access denied" OR threat_handled!=1 | search action!=handled event_description!=DLL* event_description!="Script security violation detected, AMSI would block" | table time event_description dest fileName signature   Thanks, Kishore ... View more
Labels

Re: How to get a logging hours report of the emplo...

by SplunkTrust in Splunk Search
‎09-23-2020 03:55 AM
‎09-23-2020 03:55 AM
Hi @mputtam You have to provide us few more detailed information.. which application your employee's use to login? are those app login details/logs are ingested into splunk?  index=<employee email id> --- is generally a wrong process.    index=login-app employee=emp-mail-id (or emp=emp-id or something...) is the right method.    (i have given around 300 karma points so far received badge for that,.. maybe you also give karma points if a post helped you, thx) ... View more

Re: How do we find events on indexers wise in splu...

by SplunkTrust in Splunk Search
‎09-18-2020 09:44 PM
‎09-18-2020 09:44 PM
In this case, you should look into all the sources that will have user information. if you are not sure of sources where and all user information would be available then you should run search index=* usernameformat1 OR usernameformatinemail OR usernameformat2 different sources will record username in different formats for example windows authentication you might see just username but email logs will have email address rather username. So you should run a search specifying all formats of username in search. you can’t use meta search the one you shared above. That will only look at meta fields source,sourcetype, index and _time and host. That will not give info inside the event. ... View more

Re: Help me out how to download all the rules/usec...

by SplunkTrust in Alerting
‎09-15-2020 07:42 AM
‎09-15-2020 07:42 AM
You don't say where are finding 82 so I can't advise about the difference. The status of each alert is in the "disabled" field. ... View more

Re: Need your help to create the dashboard for the...

by in Splunk Search
‎09-15-2020 04:19 AM
‎09-15-2020 04:19 AM
Hi alonsocaio, Thank you very much for your help to getting this issue resolved. Regards, Kishore ... View more

Re: Need Help to pull the logs in the below format

by SplunkTrust in Splunk Search
‎08-11-2020 08:18 AM
‎08-11-2020 08:18 AM
When you run the search without the stats command do you get values for the app, src, dest, src_port, and dest_port fields? If any are null then stats will not return results. Use fillnull as necessary. ... View more

Re: Need help how to find the active rules/usecase...

by in Splunk Search
‎07-29-2020 12:58 AM
‎07-29-2020 12:58 AM
@sanjeev543 thank you it's working fine. ... View more

Re: Need Help to find how many usecases are enable...

by SplunkTrust in Splunk Search
‎07-28-2020 09:59 AM
‎07-28-2020 09:59 AM
Hi what you are meaning with use cases? All host you could see with query |metadata type=hosts index=* and use "All time" for time selection. r. Ismo  ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎11-30-2020 10:43 AM
Karma from
View All
Karma given to