cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
RonD
Explorer
Member since: ‎11-16-2020
‎11-30-2022
Community Statistics
Posts 8
Solutions 0
Karma Given 4
Karma Received 2
Member Since ‎11-16-2020
Activity Feed
View All

Re: Splunk dbinspect

by in Splunk Search
‎11-30-2022 09:10 AM
2 Karma
‎11-30-2022 09:10 AM
2 Karma
Very thankful to this community. I tried both and the metadata is the information that I was looking for. I also tried the tstat command recommendations but when I ran for all time, it only found events that are 3 months old. Thank you both! ... View more

How to use dbinspect to monitor a specific index a...

by in Splunk Search
‎11-30-2022 08:47 AM
‎11-30-2022 08:47 AM
Hi, I would like to monitor a specific index and get the following information: source - name oldest searchable event by source. I understand the basics of dbinspect that it will display the startEpoch values and sort it for the earliest value and I can figure out the oldest event using this field and sourceCount only, however I need to identify the source "name" so I can pair the 2: source name and oldest searchable event OR if there is another command I can use instead of dbinspect that will provide the needed information. Doing stats command in this use case will not work as I will be looking for events that are 1 year old and I favor the dbinspect search time. Please advise. Thanks and regards. ... View more
Labels

Re: Dynamic date comparison

by in Splunk Search
‎05-20-2021 11:12 AM
‎05-20-2021 11:12 AM
Not the difference, but using the app-release-date (past date) using this as the most recent date and use that as the starting point for this condition [substitute the most recent as app-release-date] The most recent = Green Most recent – 7 days = yellow Most recent – 30 days = red Most recent  > 30 days = black ... View more

Dynamic date comparison

by in Splunk Search
‎05-20-2021 07:11 AM
‎05-20-2021 07:11 AM
I am creating a search that detects compliance received from palo alto signatures we are receving 4 sets of dates: app-release-date av-release-date wildfire-release-date threat-release-date one of these dates (app-release-date) does not get updated daily, meaning  if today's date is 5/20/2021 the last updated release for the app-release date could be 4/20/2021 Now creating a pie chart comparing today's date, it will show that the app-release-date is out of date by 30 days but that is not the case, it just means that the most recent date for app-release-date is dated 4/20/2021. The question is how will I use the 4/20/2021 in an "eval=case" condition and using the 4/20/2021 as the most recent date instead of "now()" conditions For your perspective this is what I've done if using the "now()" conditions as a variable: | eval av-release-date=round(strptime('av-release-date', "%Y-%m-%d %H:%M:%S")), today=now(), timediff=today-'av-release-date', chart_date=strftime('av-release-date', "%Y-%m-%d") | eval color=case(timediff<=86400, "within 24 hrs", timediff>86400 AND timediff<=259200, "within 72 hrs", timediff>259200 AND timediff<=604800, "within 168 hrs", timediff>604800, "over 168 hrs") | stats count by color this returns a chart that look like this: The app-release-date conditions will be: The most recent = Green -----> the most recent is not "now()" but it could be 4/20/2021 Most recent – 7 days = yellow Most recent – 30 days = red Most recent  > 30 days = black Please advise, and thank you in advance. Regards,   ... View more
Labels

Re: Charting 2 different stats query

by in Dashboards & Visualizations
‎12-15-2020 01:14 PM
‎12-15-2020 01:14 PM
Thanks, this worked. ... View more

Charting 2 different stats query

by in Dashboards & Visualizations
‎12-15-2020 11:59 AM
‎12-15-2020 11:59 AM
I am trying to achieve a simple pie chart that will display from two different stats query command | inputlookup records.csv where condition1=compliant | stats count(host) as compliant | append records.csv where (condition2=noncompliant AND condition3=noncompliant and condition4=noncompliant)| stats count(host) as noncompliant | <I am missing a command at this point in able to produce the pie chart below> Please advise. Thanks and regards. ... View more
Labels

Re: Comparing the Dates and retrieve the latest va...

by in Splunk Search
‎11-16-2020 08:20 AM
‎11-16-2020 08:20 AM
Thank you, this is actually working well for my requirements! ... View more

Comparing the Dates and retrieve the latest value

by in Splunk Search
‎11-16-2020 06:43 AM
‎11-16-2020 06:43 AM
We have a search that populates a csv file for tracking purposes of latest check-ins formatted as (%m/%d/%Y) Host agent1_date agent2_date agent3_date agent4_date agent5_date Asset1 11/16/2020 11/15/2020 11/16/2020 11/13/2020 11/16/2020 Asset2 11/15/2020   11/13/2020 11/13/2020 11/13/2020 How do I go about on comparing all these dates and get the latest value and write it to a new column - latest date Expected outcome: Host agent1_date agent2_date agent3_date agent4_date agent5_date latest_date Asset1 11/16/2020 11/15/2020 11/16/2020 11/13/2020 11/16/2020 11/16/2020 Asset2 11/15/2020   11/13/2020 11/13/2020 11/13/2020 11/15/2020   ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎11-30-2022 01:38 PM
Karma from
View All
Karma given to