cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
aferns0804
Engager
Member since: ‎03-18-2021
‎06-23-2021
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎03-18-2021
Activity Feed
View All

Re: Splunk script to update VA report weekly using...

by in Splunk Search
‎03-24-2021 01:48 PM
‎03-24-2021 01:48 PM
Done, thanks but it is also exporting _raw  and _time events to the outputlookup file.  I m not sure it is doing that. I don't want _raw events in my outputlookup file ... View more

Re: Creating a custom SOC monitoring dashboard usi...

by in Security
‎03-24-2021 12:29 PM
‎03-24-2021 12:29 PM
I have this panel which keeps updating with new alerts(query posted in my earlier post). When I click on the alert, it should show me events on the same dashboard.    ... View more

Creating a custom SOC monitoring dashboard using t...

by in Security
‎03-24-2021 10:03 AM
‎03-24-2021 10:03 AM
index=_audit action=alert_fired ss_app="Threats_App" | eval ttl=expiration-now() | search ttl>0 | convert ctime(trigger_time) | sort - trigger_time | table trigger_time ss_name severity | rename trigger_time as "Alert Time" ss_name as "Alert Name" severity as "Severity" I created a dashboard, panel with above query in it. It is looking for triggered alerts from my app. I want to display the results(stats) of the triggered alerts in a different panel below that in the same dashboard.  so its like " here are the alerts fired and when u click the alert name, it shows the stats(results) of that alert. Implementing this , I can see multiple alerts and the results of those alerts in the same dashboard"  I do not want to install additional apps, so please help me with this query only. Please do not suggest apps for a simple solution. Thanks      ... View more
Labels

Splunk script to update VA report weekly using loo...

by in Splunk Search
‎03-18-2021 02:47 PM
‎03-18-2021 02:47 PM
I am running a search job to view Vulnerability results/data. The search runs every week Saturday evening.   I want to dump the results into a lookup file which will run automatically every saturday and it should replaced the previous weeks  report with new updated results. (Lookup needs to be same)  For eg 20th March 2021 lookup file should be automatically replaced by results from 27th 2021 march search. I don't need the old report(20th march) data since it will be outdated and will consume space on my server.      ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎06-23-2021 03:26 PM