×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
mkouzou
Explorer
Member since: ‎03-10-2022
‎09-13-2022
Community Statistics
Posts 8
Solutions 1
Karma Given 2
Karma Received 0
Member Since ‎03-10-2022
Activity Feed
View All

Re: How do I integrate Zabbix with Splunk?

by in Getting Data In
‎10-01-2024 03:40 AM
‎10-01-2024 03:40 AM
We have developed an add-on to pull Audit logs from Zabbix.: https://splunkbase.splunk.com/app/5272   Check this and let us know at splunk.support@dataelicit.com if you are facing any issue. ... View more

Re: How to compare events "without" common fields?

by in Getting Data In
‎09-13-2022 05:56 AM
‎09-13-2022 05:56 AM
Hello all, Thank you for your help. I finally found the solution by doing that and optimizing the result by adding some more filters like severity:   index=my_index sourcetype=alerts (eid=* AND result="1" AND severity>2 AND error=*) OR (init_eid=* AND result="0") |fields result,init_eid,eid,Host,severity,error |eval Merged_eid=coalesce(init_eid,eid) |eval resolved=if(isnull(init_eid),"No","Yes") |stats max(Host) as Host min(_time) as _time max(error) as Alert max(resolved) as Resolved max(severity) as Severity by Merged_eid |search Severity>2 AND Resolved="No"   Have a great day. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎09-13-2022 11:33 AM
Karma given to
View All