×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
RonD
Explorer
Member since: ‎11-16-2020
‎11-30-2022
Community Statistics
Posts 8
Solutions 0
Karma Given 4
Karma Received 2
Member Since ‎11-16-2020
Activity Feed
View All

Re: Splunk dbinspect

by in Splunk Search
‎11-30-2022 09:10 AM
2 Karma
‎11-30-2022 09:10 AM
2 Karma
Very thankful to this community. I tried both and the metadata is the information that I was looking for. I also tried the tstat command recommendations but when I ran for all time, it only found events that are 3 months old. Thank you both! ... View more

How to use dbinspect to monitor a specific index a...

by in Splunk Search
‎11-30-2022 08:47 AM
‎11-30-2022 08:47 AM
Hi, I would like to monitor a specific index and get the following information: source - name oldest searchable event by source. I understand the basics of dbinspect that it will display the startEpoch values and sort it for the earliest value and I can figure out the oldest event using this field and sourceCount only, however I need to identify the source "name" so I can pair the 2: source name and oldest searchable event OR if there is another command I can use instead of dbinspect that will provide the needed information. Doing stats command in this use case will not work as I will be looking for events that are 1 year old and I favor the dbinspect search time. Please advise. Thanks and regards. ... View more
Labels

Re: Dynamic date comparison

by in Splunk Search
‎05-20-2021 11:12 AM
‎05-20-2021 11:12 AM
Not the difference, but using the app-release-date (past date) using this as the most recent date and use that as the starting point for this condition [substitute the most recent as app-release-date] The most recent = Green Most recent – 7 days = yellow Most recent – 30 days = red Most recent  > 30 days = black ... View more

Dynamic date comparison

by in Splunk Search
‎05-20-2021 07:11 AM
‎05-20-2021 07:11 AM
I am creating a search that detects compliance received from palo alto signatures we are receving 4 sets of dates: app-release-date av-release-date wildfire-release-date threat-release-date one of these dates (app-release-date) does not get updated daily, meaning  if today's date is 5/20/2021 the last updated release for the app-release date could be 4/20/2021 Now creating a pie chart comparing today's date, it will show that the app-release-date is out of date by 30 days but that is not the case, it just means that the most recent date for app-release-date is dated 4/20/2021. The question is how will I use the 4/20/2021 in an "eval=case" condition and using the 4/20/2021 as the most recent date instead of "now()" conditions For your perspective this is what I've done if using the "now()" conditions as a variable: | eval av-release-date=round(strptime('av-release-date', "%Y-%m-%d %H:%M:%S")), today=now(), timediff=today-'av-release-date', chart_date=strftime('av-release-date', "%Y-%m-%d") | eval color=case(timediff<=86400, "within 24 hrs", timediff>86400 AND timediff<=259200, "within 72 hrs", timediff>259200 AND timediff<=604800, "within 168 hrs", timediff>604800, "over 168 hrs") | stats count by color this returns a chart that look like this: The app-release-date conditions will be: The most recent = Green -----> the most recent is not "now()" but it could be 4/20/2021 Most recent – 7 days = yellow Most recent – 30 days = red Most recent  > 30 days = black Please advise, and thank you in advance. Regards,   ... View more
Labels

Re: Charting 2 different stats query

by in Dashboards & Visualizations
‎12-15-2020 01:14 PM
‎12-15-2020 01:14 PM
Thanks, this worked. ... View more

Charting 2 different stats query

by in Dashboards & Visualizations
‎12-15-2020 11:59 AM
‎12-15-2020 11:59 AM
I am trying to achieve a simple pie chart that will display from two different stats query command | inputlookup records.csv where condition1=compliant | stats count(host) as compliant | append records.csv where (condition2=noncompliant AND condition3=noncompliant and condition4=noncompliant)| stats count(host) as noncompliant | <I am missing a command at this point in able to produce the pie chart below> Please advise. Thanks and regards. ... View more
Labels

Re: Comparing the Dates and retrieve the latest va...

by in Splunk Search
‎11-16-2020 08:20 AM
‎11-16-2020 08:20 AM
Thank you, this is actually working well for my requirements! ... View more

Comparing the Dates and retrieve the latest value

by in Splunk Search
‎11-16-2020 06:43 AM
‎11-16-2020 06:43 AM
We have a search that populates a csv file for tracking purposes of latest check-ins formatted as (%m/%d/%Y) Host agent1_date agent2_date agent3_date agent4_date agent5_date Asset1 11/16/2020 11/15/2020 11/16/2020 11/13/2020 11/16/2020 Asset2 11/15/2020   11/13/2020 11/13/2020 11/13/2020 How do I go about on comparing all these dates and get the latest value and write it to a new column - latest date Expected outcome: Host agent1_date agent2_date agent3_date agent4_date agent5_date latest_date Asset1 11/16/2020 11/15/2020 11/16/2020 11/13/2020 11/16/2020 11/16/2020 Asset2 11/15/2020   11/13/2020 11/13/2020 11/13/2020 11/15/2020   ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎11-30-2022 01:38 PM
Karma from
View All
Karma given to