cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Tomers
Engager
Member since: ‎02-23-2022
‎02-23-2022
Community Statistics
Posts 2
Solutions 1
Karma Given 0
Karma Received 0
Member Since ‎02-23-2022
Activity Feed
Topics I've Started
View All

Re: Compare two values on same row

by in Security
‎02-23-2022 03:43 AM
‎02-23-2022 03:43 AM
Thank you! It does work now for some reason that is the only thing i didnt think of.   FYI- My search is(i only added the condition lines here)- |tstats latest(_time) as _time where index=* by sourcetype host |where _time<relative_time(now(), "-1h") |fields sourcetype host _time ... View more

How to compare two values on same row

by in Security
‎02-23-2022 03:11 AM
‎02-23-2022 03:11 AM
Hey, I have a rule, that report to me each time source stop sending logs to my splunk. I try to make an exception, that when a specific source from a specific host will stop sending logs, it wont trigger an alert. for example: i will get alerts from host=* source=* but not when its host=windows31 source=application   Is it possible to do that? because i try to work on it for a few days already.   ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎02-23-2022 07:05 AM