Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About quangtran
quangtran
Explorer
Member since:
02-23-2022
08-14-2023
Community Statistics
| Posts | 9 |
| Solutions | 0 |
| Karma Given | 2 |
| Karma Received | 0 |
| Member Since | 02-23-2022 |
Activity Feed
- Posted Re: How to replace a specific character? on Splunk Search. 01-15-2023 08:02 PM
- Karma Re: How to replace a specific character? for yeahnah. 01-15-2023 08:02 PM
- Karma Re: how to remove source on data summary for gcusello. 01-15-2023 06:32 PM
- Posted How to replace a specific character? on Splunk Search. 01-15-2023 06:30 PM
- Posted How to remove source on data summary? on Monitoring Splunk. 12-21-2022 10:51 PM
- Tagged How to remove source on data summary? on Monitoring Splunk. 12-21-2022 10:51 PM
- Posted Re: Alert Connection VPN from foreign on Alerting. 08-09-2022 01:15 AM
- Posted Re: how to filter interval in log on Splunk Enterprise. 08-09-2022 01:05 AM
- Posted Re: how to filter interval in log on Splunk Enterprise. 08-09-2022 01:02 AM
- Posted Re: how to filter interval in log on Splunk Enterprise. 08-09-2022 12:44 AM
- Posted How to filter interval in log? on Splunk Enterprise. 08-09-2022 12:34 AM
- Posted How to create an Alert Connection VPN from foreign source on Alerting. 02-23-2022 01:22 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
01-15-2023
08:02 PM
thanks you, I think my regex is correct, but i don't replace a number and specific character with space
... View more
01-15-2023
06:30 PM
Hi, I have the below output : 1/16/2023 7:51:43 AM 1EE8 PACKET 000001D9C25E6180 UDP Rcv 10.8.64.132 646b Q [0001 D NOERROR] A (6)framer(3)com(0) UDP question info at 000001D9C25E6180 Socket = 940 Remote addr 10.8.64.132, port 55646 Time Query=9030678, Queued=0, Expire=0 Buf length = 0x0fa0 (4000) Msg length = 0x001c (28) Message: XID 0x646b Flags 0x0100 The desired output name=framer.com IP=10.8.64.132 I using regex: sourcetype=DNSlog |rex field=_raw "NOERROR]\W+(?P<name>.*)\sUDP \S.*\s Socket.*\s Remote addr\W+(?P<IP>.*)," | rex mode=sed field=name "s/[\d;()]+//g" |stats count by name IP My below code isn't working, can you please help me?
... View more
Labels
- Labels:
-
regex
12-21-2022
10:51 PM
Hi, I have the following problem:
Is there any way to remove these garbage sources, after one wrong log push, I had a lot of these garbage sources
... View more
- Tags:
- data summary
Labels
- Labels:
-
monitoring console
08-09-2022
01:15 AM
sorry, because this warning does not have enough log sources at the moment, i have not continued writing
... View more
08-09-2022
01:05 AM
thank you for the very detailed answer, but can't fix the real time problem at the moment
... View more
08-09-2022
12:44 AM
hello, I want to filter the period from last Friday to Thursday this week, thanks you
... View more
08-09-2022
12:34 AM
I have a search like this:
sourcetype = Grandstream | stats count by _time phone starttime answer endtime
result:
_time phone starttime answer endtime count
2022-08-09 14:30:42
xxx39xxxx
2022-08-04 14:33:58
2022-08-04 14:34:02
2022-08-04 14:34:02
1
2022-08-09 14:30:42
xxx394xxxx
2022-08-04 14:34:02
2022-08-04 14:34:02
2022-08-04 14:34:02
1
2022-08-09 14:30:42
xxx1394xxx
2022-08-04 14:34:03
2022-08-04 14:34:03
2022-08-04 14:34:09
1
2022-08-09 14:30:42
xxx1382xx
2022-08-09 14:28:52
2022-08-09 14:28:52
2022-08-09 14:29:25
1
But _time and starttime don't match because the log time is pushed wrong
is there a way to filter the starttime field by its time in a week from 0h Friday to 24h Thursday?
thanks
... View more
Labels
- Labels:
-
other
02-23-2022
01:22 AM
how to create an alert detect when there is a VPN connecting from the outside
... View more
Labels
- Labels:
-
alert action
