cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
ymalm188
Explorer
Member since: ‎09-26-2021
‎12-29-2021
Community Statistics
Posts 7
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎09-26-2021
Activity Feed
View All

Re: Parsing by regex

by in Splunk Enterprise
‎11-10-2021 03:15 AM
‎11-10-2021 03:15 AM
i tried this and worked duser=Domain\\+(?<duser>\S+)   thank you ... View more

Parsing by regex

by in Splunk Enterprise
‎11-09-2021 11:19 PM
‎11-09-2021 11:19 PM
i need to parse this field   duser=DOMAIN\\User to only extract user without Domain\\ ... View more
Labels

Re: Mean Time To Triage

by in Splunk Search
‎10-06-2021 05:59 AM
‎10-06-2021 05:59 AM
when i run the first part i got result and also for the second part but when i run them together i got no data like that:   | tstats `summariesonly` earliest(_time) as _time from datamodel=Incident_Management.Notable_Events_Meta by source,Notable_Events_Meta.rule_id | `drop_dm_object_name("Notable_Events_Meta")` | `get_correlations` | join rule_id [| from inputlookup:incident_review_lookup | eval _time=time]   i think there is a problem in the join  ... View more

Re: Mean Time To Triage

by in Splunk Search
‎10-03-2021 01:43 AM
‎10-03-2021 01:43 AM
yes, your description is totally right so why i can't find any results for the last 14 days although there are actual data in these 14 days ? it was working before and suddenly stopped working. ... View more

Re: Mean Time To Triage

by in Splunk Search
‎09-29-2021 05:19 AM
‎09-29-2021 05:19 AM
it returned data for any time range i specify, especially 14 days that's what i want it returned data too so i think the problem with joining. ... View more

Re: Mean Time To Triage

by in Splunk Search
‎09-28-2021 11:07 PM
‎09-28-2021 11:07 PM
14 days ... View more

Mean Time To Triage

by in Splunk Search
‎09-26-2021 06:50 AM
‎09-26-2021 06:50 AM
i have this spl  | tstats `summariesonly` earliest(_time) as _time from datamodel=Incident_Management.Notable_Events_Meta by source,Notable_Events_Meta.rule_id | `drop_dm_object_name("Notable_Events_Meta")` | `get_correlations` | join rule_id [| from inputlookup:incident_review_lookup | eval _time=time | stats earliest(_time) as review_time by rule_id] | eval ttt=review_time-_time | stats count,avg(ttt) as avg_ttt,max(ttt) as max_ttt by rule_name | sort - avg_ttt | `uptime2string(avg_ttt, avg_ttt)` | `uptime2string(max_ttt, max_ttt)` | rename *_ttt* as *(time_to_triage)* | fields - *_dec it should display the mean time to triage for 14 days but it doesn't work for 14 days and works for 30 days. any advise ? ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎12-29-2021 12:07 AM
Karma given to
View All