Activity Feed
- Got Karma for Sort rows in tables. 06-05-2020 12:45 AM
- Posted Re: Logon session time on Splunk Search. 02-01-2011 01:07 AM
- Posted Search within sub-time range on Splunk Search. 02-01-2011 01:04 AM
- Tagged Search within sub-time range on Splunk Search. 02-01-2011 01:04 AM
- Posted Logon session time on Splunk Search. 01-31-2011 11:31 PM
- Tagged Logon session time on Splunk Search. 01-31-2011 11:31 PM
- Tagged Logon session time on Splunk Search. 01-31-2011 11:31 PM
- Posted Re: Consolidate Databases from multiple splunk instances on All Apps and Add-ons. 01-31-2011 11:15 PM
- Posted Consolidate Databases from multiple splunk instances on All Apps and Add-ons. 12-29-2010 02:09 AM
- Tagged Consolidate Databases from multiple splunk instances on All Apps and Add-ons. 12-29-2010 02:09 AM
- Posted Re: Sort rows in tables on Splunk Search. 04-23-2010 06:11 PM
- Posted Re: Sort rows in tables on Splunk Search. 04-23-2010 06:10 PM
- Posted Sort rows in tables on Splunk Search. 04-23-2010 05:40 PM
- Tagged Sort rows in tables on Splunk Search. 04-23-2010 05:40 PM
- Posted Re: Automatic lookups showing up in other apps on Splunk Search. 04-16-2010 10:51 PM
- Posted Re: Automatic lookups showing up in other apps on Splunk Search. 04-16-2010 10:34 PM
- Posted Automatic lookups showing up in other apps on Splunk Search. 04-16-2010 05:05 PM
- Tagged Automatic lookups showing up in other apps on Splunk Search. 04-16-2010 05:05 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 0 |
02-01-2011
01:07 AM
Thanks David, I can't beleive that have never noticed the transaction command.
... View more
02-01-2011
01:04 AM
I am trying to collect stats from login events from evening hours. I would like to run reports for any time range (last 60m, 7d, etc.) but only view results that show logons between the hours of 5pm and 7am.
... View more
- Tags:
- search
01-31-2011
11:31 PM
I am trying to gather average login session times for a server given multiple users logon and logoff log entries. I am using ossec to filter the logs first so standard windows fields may not apply, but I have extracted the user field (called "user").
I am not really sure where to start since I cannot seem to figure out how to gather average user session times for any time period given there are multiple users.
Any ideas?
... View more
- Tags:
- search-language
- time
01-31-2011
11:15 PM
I apologize for not giving the thumbs up yet...I have run into space issues on the primary host and need to put in new drive. When that is done I will use this process.
... View more
12-29-2010
02:09 AM
I currently have two instances of splunk running on two separate hosts. I recently purchased a license so that I can consolidate the two onto one host. Is there a way to consolidate indexed logs/databases onto one host without losing data?
... View more
- Tags:
- database
04-23-2010
06:10 PM
I played with the sort command a little but found that it only worked with columns in tables. My search string goes like this:
| stats sum(value) by variable
where the log entries contain "variable=value"
I looked a way to create a table in this 'thing' but couldn't find anything. Not sure if I really want to put up a screen shot.
... View more
04-23-2010
05:40 PM
1 Karma
The results of a report show the following in a table:
-variable value
-Allowed 1
-Allowed_Tagged 1
-Blocked 2
-Quarantined 1
-Total 10
-Viruses 5
How can I change the order of Rows so that 'Total' shows up at the bottom?
... View more
- Tags:
- search-language
04-16-2010
10:51 PM
Found that I could change it from 'system' to 'none' but that did not work. I did find that if I make the actual files available to all apps (through the manager) the errors would go away. That does not seem right though.
... View more
04-16-2010
10:34 PM
I found that props was:
export = system
Not sure what the value would need to be to make it just within the app.
... View more
04-16-2010
05:05 PM
I have configured automatic lookups with the intention of using it in only one app (my own ossec app). However, when I run searches in another app an error appears:
The lookup table 'ostype' does not exist. It is referenced by configuration 'ossec'.
How can I make sure that this Automatic lookup only occurs in my ossec app.
... View more
- Tags:
- lookups
