Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About SkuLLo99
SkuLLo99
Loves-to-Learn
Member since:
11-16-2020
01-20-2022
Community Statistics
| Posts | 6 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 11-16-2020 |
Activity Feed
- Posted Re: Using dedub on same results within 1 minute range on Splunk Search. 08-19-2021 01:11 AM
- Posted Re: Using dedub on same results within 1 minute range on Splunk Search. 08-19-2021 12:05 AM
- Posted Using dedub on same results within 1 minute range on Splunk Search. 08-18-2021 07:42 AM
- Posted Re: Accidentally change Alerts tap on App: Search & Reporting App bars on Dashboards & Visualizations. 11-17-2020 12:23 AM
- Posted Re: Accidentally change Alerts tap on App: Search & Reporting App bars on Dashboards & Visualizations. 11-17-2020 12:09 AM
- Posted Accidentally change Alerts tap on App: Search & Reporting App bars on Dashboards & Visualizations. 11-17-2020 12:05 AM
Topics I've Started
08-19-2021
01:11 AM
Hi I don't need results to show same user in1 minute period. I want to exclude them out of results and show only 1 results of that user like example I show above.
... View more
08-19-2021
12:05 AM
Hi Adding bin _time is help reduce amount of events but still doesn't give results I need cause if 2 different user like userA, userB login on same minute but different second it will show only 1 user like: 22:02:00 user A 22:02:10 user B using bin _time will show only user A I'm not sure Is there a way to use bin user like bin _time
... View more
08-18-2021
07:42 AM
Hi I'm trying to find user that login on Non-working hour between 4pm-4am by looking at eventcode=4624.I need to exclude the same user within 1 minute range to reduce number of events so I try to using dedup user, _time but it only delete the user that has same time. Code: index=wineventlog EventCode=4624 category=Logon
| eval workHour=strftime(_time, "%H")
| where workHour <= 4 OR workHour >= 22
| dedup user _time
| table _time user I also get the results but that's too high due to event that has the same user login at the same minute like 22:02:00 userA 22:02:15 userA 22:02:17 userA 22:05:00 userB 22:05:13 userฺB 22:05:18 userA how to make it like 22:02:00 userA 22:05:00 userB 22:05:18 userA I was try to use bin user span=1m but it not work for me Any help guys?
... View more
11-17-2020
12:23 AM
after I delete my dashboard default alerts page is back !!
... View more
11-17-2020
12:09 AM
this is what I mentioned (and I change name to Triggerred Alerts with hope that will make it back but no 😐 ) normally alerts are between Reports and Dashboards
... View more
11-17-2020
12:05 AM
Hi guys i'm kinda new in Splunk. I try to create dashboard name "alerts" that is the same name as default alert tab on Search apps and after I click save. default alerts page that I use to check on my alert got replaced into my new dashboard that has the same name. now everytime i click on alerts link i will go to my alerts dashboard not default alerts page that normally come with Search App so I wonder does it has a way to get default alert tab back. I try to find in on app and setting but not found it yet Thanks
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
01-20-2022
05:56 AM
|
