×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
disasters
Explorer
Member since: ‎01-20-2021
‎02-16-2023
Community Statistics
Posts 6
Solutions 0
Karma Given 5
Karma Received 0
Member Since ‎01-20-2021
Activity Feed
View All

Re: how to select only one event

by in Splunk Search
‎02-13-2023 05:42 PM
‎02-13-2023 05:42 PM
It works. Thank you.   but same problem i have. Please refer to above reply. ... View more

Re: how to select only one event

by in Splunk Search
‎02-13-2023 05:40 PM
‎02-13-2023 05:40 PM
query  index=ddos | rex field=_raw "(?<time>.*),(<alert_num>.*),(<error>.*),(<duration>.*)"   event 20230112, 1378, error A/B/C, duration 100 20230112, 1378, error A/B, duration 2 20230112, 1379, error A/B/D, duration 300 20230112, 1379, error A/B, duration 4   and then query  index=ddos | rex field=_raw "(?<time>.*),(<alert_num>.*),(<error>.*),(<duration>.*)" | eventstats max(duration) as maxDuration | where duration=maxDuration event (only 1) 20230112, 1379, error A/B/D, duration 300     I want to display two event that different alert_num 20230112, 1378, error A/B/C, duration 100 20230112, 1379, error A/B/D, duration 300 ... View more

Re: how to select only one event

by in Splunk Search
‎02-13-2023 04:58 PM
‎02-13-2023 04:58 PM
It works. Thank you!!   more question...   index=log   There are four event   1. 20230112, 1378, error A/B/C, duration 100 2. 20230112, 1378, error A/B, duration 2 3. 20230112, 1379, error A/B/D, duration 300 4. 20230112, 1379, error A/B, duration 4 I want select 1,3 ... View more

How to select only one event?

by in Splunk Search
‎02-13-2023 02:38 AM
‎02-13-2023 02:38 AM
My query is this.   index=log AND 1378   There are two event   20230112, 1378, error A/B/C, duration 100 20230112, 1378, error A/B, duration 2   I want select only one event that duration greater than another event. ... View more

Re: How to find SSH session in past month

by in Splunk Search
‎01-21-2021 05:38 PM
‎01-21-2021 05:38 PM
It works. Could you explain purpose of stats, format? ... View more

How to find SSH session in past month

by in Splunk Search
‎01-20-2021 10:25 PM
‎01-20-2021 10:25 PM
I want to know that there are or not SSH sessions which is in last 5 minutes in past 1 month. (except today) - I want to compare srcip and dstip - Time range picker (last 5 minutes) index=fw AND dstport=22 NOT [ search  index=fw AND dstport=22 earliest=-1mon@mon latest=-1day@day | fields + srcip, dstip] | dedup srcip, dstip | table _time, srcip, dstip, dstport, protocal, action, hostname   this is not working correctly. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎02-16-2023 04:15 AM
Karma given to