Activity Feed
- Karma How to copy dashboard from one App to another? for hxa27. 12-01-2022 11:19 PM
- Karma Re: Copy Dashboard from one App to another for smoir_splunk. 12-01-2022 11:19 PM
- Posted Re: Splunk Add-on for Demisto only sends as admin on All Apps and Add-ons. 10-27-2022 01:43 AM
- Karma Re: Splunk Add-on for Demisto only sends as admin for gordo32. 10-27-2022 01:39 AM
- Posted Re: How to combine rows in groups of 2, grouped by nearest time? on Splunk Search. 10-25-2022 10:39 PM
- Karma Re: How to combine rows in groups of 2, grouped by nearest time? for johnhuang. 10-25-2022 08:10 PM
- Posted Re: How to combine rows in groups of 2, grouped by nearest time? on Splunk Search. 10-25-2022 08:07 PM
- Posted How to combine rows in groups of 2, grouped by nearest time? on Splunk Search. 10-25-2022 07:22 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
10-27-2022
01:43 AM
Thank you for this answer! I had this exact issue where my ServiceNow Event Integration didn't work and the _internal index kept showing the "User does not have permissions" signature. Adding the "list_storage_passwords" capability works!
... View more
10-25-2022
10:39 PM
Apologies, I just realized the duration field exists. Thank you!
... View more
10-25-2022
08:07 PM
Hey, thanks for the answer! However, the line: | eval logout_time=strftime(_time+duration, "%Y-%m-%d %H:%M:%S") Doesn't work for my case as the logs do not include a duration field. Instead, there are 2 _time values, 1 for login time, and 1 for logout time. Do you know how I could turn these 2 values into separate columns - login_time and logout_time, as shown in the question?
... View more
10-25-2022
07:22 PM
Title may be a bit confusing, so here's an example of what I'm trying to achieve: I want to convert a table that looks like this: _time user action 2022-01-01 10:00:00 user_1 login 2022-01-01 10:00:10 user_2 login 2022-01-01 11:30:20 user_1 logout 2022-01-01 11:40:00 user_1 login 2022-01-01 12:00:00 user_1 logout 2022-01-01 12:01:00 user_2 logout Into this: user login_time logout_time user_1 2022-01-01 10:00:00 2022-01-01 11:30:20 user_2 2022-01-01 10:00:10 2022-01-01 12:01:00 user_1 2022-01-01 11:40:00 2022-01-01 12:00:00
... View more
