Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About randqm
randqm
Loves-to-Learn Everything
Member since:
09-06-2022
05-18-2023
Community Statistics
| Posts | 10 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 09-06-2022 |
Activity Feed
- Posted Creating a SPL using tstats for Multiple Failed Logins Followed by Success? on Splunk Search. 05-18-2023 02:13 AM
- Posted What proxy rules are needed to allow install for apps from Splunkbase? on Deployment Architecture. 03-21-2023 01:17 AM
- Tagged What proxy rules are needed to allow install for apps from Splunkbase? on Deployment Architecture. 03-21-2023 01:17 AM
- Tagged What proxy rules are needed to allow install for apps from Splunkbase? on Deployment Architecture. 03-21-2023 01:17 AM
- Tagged What proxy rules are needed to allow install for apps from Splunkbase? on Deployment Architecture. 03-21-2023 01:17 AM
- Posted Re: How to send event from UF to multiple Heavy Forwarders and different indexers on Getting Data In. 03-21-2023 01:13 AM
- Posted Re: How to send event from UF to multiple Heavy Forwarders and different indexers on Getting Data In. 03-15-2023 12:42 AM
- Posted How to send event from UF to multiple Heavy Forwarders and different indexers on Getting Data In. 03-14-2023 05:36 AM
- Posted Re: How to pull data from DMZ Heavy Forwarder on Deployment Architecture. 02-09-2023 06:53 AM
- Posted Re: How to pull data from DMZ Heavy Forwarder on Deployment Architecture. 02-09-2023 06:45 AM
- Posted How to pull data from DMZ Heavy Forwarder? on Deployment Architecture. 02-09-2023 06:11 AM
- Posted Re: Unable to connect to splunk via HEC endpoint in the GCP console? on Splunk Cloud Platform. 01-18-2023 06:13 AM
- Posted Dashboard Studio: How Download as PDF a full table without the scrollbar? on Splunk Search. 09-12-2022 05:09 AM
- Tagged Dashboard Studio: How Download as PDF a full table without the scrollbar? on Splunk Search. 09-12-2022 05:09 AM
- Tagged Dashboard Studio: How Download as PDF a full table without the scrollbar? on Splunk Search. 09-12-2022 05:09 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
05-18-2023
02:13 AM
Hello Splunk Community,
I'm currently working on creating a search using the tstats command to identify user behavior related to multiple failed login attempts followed by a successful login. I want to use tstats for this due to its efficiency with high volumes of data, compared to the transaction command.
In my case, I want to be able to detect an event sequence where a user has had, let's say, 10 or more failed login attempts, followed by a successful login attempt, within a specified time window (for example, within an hour).
I understand that tstats doesn't provide the same level of detail as transaction for creating sequences of events. However, I'm looking for suggestions on how to use tstats, combined with other SPL commands, to achieve a similar result.
Here's an example of the type of data I'm dealing with:
_time user status
1622890560
user1
failure
1622890620
user1
failure
1622890680
user1
success
In this example, the status field contains "success" or "failure", and the user field contains the user ID.
Any guidance or suggestions would be greatly appreciated.
Thanks in advance for your help!
... View more
Labels
- Labels:
-
tstats
03-21-2023
01:17 AM
Hello,
What proxy rules I need to allow to install apps from Splunkbase what URL\s I need to allow?
https://*splunk.com* is that sufficient ?
Thanks in advance,
Ran
... View more
- Tags:
- proxy
- splunkbase
- url
03-21-2023
01:13 AM
How can I configure to send to different indexers
... View more
03-15-2023
12:42 AM
Thanks for the response Do you can give me an example for the confs files?
... View more
03-14-2023
05:36 AM
I have the following situation: I have an universal forwarder that were sent logs to (HF1 and index=idx1) Could you provide suggestions on how to configure this universal forwarder (UF) to send logs to both (HF1 and index=idx1) and (HF2 and index=idx2)? Any insights or advice would be appreciated. Thank you.
... View more
Labels
02-09-2023
06:53 AM
But my issue is that any communication from the DMZ to LAN is not allow. ☹️ In the opposite direction it is allowed.
... View more
02-09-2023
06:45 AM
Hi Thanks for your response. Any tips on what configuration and port need to open between the UFs/HFs ?
... View more
02-09-2023
06:11 AM
I want to install HF or UF on our DMZ environment.
The Indexer is on the LAN. I is not allow to communicate from the DMZ to the LAN .
I need that the logs from the DMZ will be pulled to the Indexer in the LAN (using HF or any other solution).
Please share your insight on how to setup this from your experience . Thanks in advance.
... View more
Labels
01-18-2023
06:13 AM
Hi, https://http-inputs-prd-p-svf32.splunkcloud.com/services/collector/event that has worked for me.
... View more
09-12-2022
05:09 AM
Hello,
When I download a dashboard with dashboard studio it come out with the horizontal and vertical scrollbars.
There is an option to download to pdf with full tables and and without the scrollbars?
Or if there is option to make the height size dynamically based on custom variables?
Thanks,
Ran
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
05-18-2023
06:59 AM
|
