cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
ivan123357
Explorer
Member since: ‎11-09-2020
‎10-25-2023
Community Statistics
Posts 7
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎11-09-2020
Activity Feed
View All

Re: Query with an additional condition

by SplunkTrust in Splunk Search
‎10-25-2023 10:10 AM
‎10-25-2023 10:10 AM
Hi @ivan123357 , I'd try something like this: index=custom (evt_id=1 OR evt_id=2) earliest=-5m latest=-7m | stats last(evt_id) AS evt_id earliest(_time) AS earliest latest(_time) AS latest BY user_id | where evt_id=1 OR (latest-earliest>300) Ciao. Giuseppe ... View more

Re: Splunk query with condition verification

by SplunkTrust in Splunk Search
‎09-19-2023 05:30 AM
‎09-19-2023 05:30 AM
I'm not sure how to handle that case, but perhaps someone else will have an idea. ... View more

Re: Search hosts, Windows updates

by in Splunk Search
‎11-10-2020 01:32 AM
‎11-10-2020 01:32 AM
I tried this way but I didn't receive any result. I am a newbie in Splunk 😞  What do you think about this way?: I can search all events with a successful update using regex search  source="WinEventLog:System" | regex Message = "KB5555555" and for example i receive a few events from two hosts. First question: How I can create a table with a list of these hosts? As I guess, then I can't use a search like "source="WinEventLog:System" | regex not Message = "KB5555555"" to find all hosts without this update because this search won't show any events.   I'm stumped 😞  ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎10-25-2023 06:01 PM
Karma given to
View All