cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
AK007
Engager
Member since: ‎08-27-2020
‎08-31-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎08-27-2020
Activity Feed
View All

Re: How can I search for list of UF's and to which...

by in Splunk Search
‎08-31-2020 02:24 AM
‎08-31-2020 02:24 AM
| tstats count where index=_* OR index=* by host,index | stats values(index) as index dc(index) as distinct_count by host | sort - distinct_count ... View more

Re: ES notable urgency changing for old notables.

by in Splunk Enterprise Security
‎08-29-2020 11:49 PM
1 Karma
‎08-29-2020 11:49 PM
1 Karma
Notable modular alerts actions values are not written to index=notable. To display severity or priority or urgency, Incident review will perform rest query to get values of correlation search and display in Incident review. However, I believe there is an option to overwrite severity from in-line search of correlation search. just add below line to your correlation search. | eval severity="informational/high/low"   ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎08-31-2020 03:12 AM
Karma given to
View All