×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Johnsonbc
Explorer
Member since: ‎12-02-2022
‎07-03-2025
Community Statistics
Posts 7
Solutions 0
Karma Given 1
Karma Received 1
Member Since ‎12-02-2022
Activity Feed
View All

Re: Issue with printmon query not showing the prop...

by in Splunk Search
‎02-24-2025 07:20 AM
‎02-24-2025 07:20 AM
Yuanliu,  You were correct.  During an audit of the PrintMon inputs, we discovered that the system\default configuration on all servers was disabling the necessary inputs on the print server. After modifying and consolidating the inputs from all servers to the print server, the print service\operational log, including Event ID 307 with the "total_pages" field, is now being collected correctly.  ... View more

Re: Issue with printmon query not showing the prop...

by in Splunk Search
‎08-07-2024 02:36 AM
‎08-07-2024 02:36 AM
Yuanliu, Thanks for the info and I will look into that and respond with my finding. ... View more

Issue with printmon query not showing the proper r...

by in Splunk Search
‎08-06-2024 04:01 AM
‎08-06-2024 04:01 AM
ALCON, Hello, I am having issues with printmon query results not showing the proper results for "total_pages".  The page_printed is always equal to zero (0). Moreover, total_pages value is also not right as when I print 5 pages it is telling only 1. Any solution to that? One Example Query: (ALL "printmon" Queries give me the same inaccurate results) Index=wineventlog eventtype=printmon_windows (host=”Printer Name” OR host=”Printer Name”) user=”If looking for specific user info” | table _time, user, document, machine, printer, driver_name, total-pages, size_bytes | rename user as “User”, document as “Document”, machine as “Host”, printer as “Location”, driver_name as “Driver”, total_pages as “Total Pages”, size_bytes as “Bytes” | dedup document | sort - _time   Other Links about Subject but old info without any solution or fix: 1. WinPrintMon not logging page_printed correctly (‎24May2015) Link: https://community.splunk.com/t5/Getting-Data-In/WinPrintMon-not-logging-page-printed-correctly/m-p/121725 2. 1winprintmon search results aren't showing the proper results for "total_pages" (20Feb2019 at 0826) Link: https://community.splunk.com/t5/Splunk-Search/winprintmon-search-results-aren-t-showing-the-proper-results-for/m-p/392683#M172918   Please provide example query or where to find the fix. ... View more
Labels

Re: How to create after hour report?

by in Getting Data In
‎12-21-2022 03:52 AM
1 Karma
‎12-21-2022 03:52 AM
1 Karma
I think the reason it was not working for me is because I am running a PIVOT. I was having issues running "Earliest & Latest" and other time & date commands. ... View more

Re: How to create after hour report?

by in Getting Data In
‎12-20-2022 11:28 AM
‎12-20-2022 11:28 AM
It was not working for me so, I created a dashboard with (Mon-Fri) so far.  | sort - _time | eval user=lower(user) |eval Day=strftime(_time,”%A”) |eval Hour=strftime(_time,”%H”) |eval Date=strftime(_time,”Y-%m-%d”) | search Day IN (Monday) Hour IN (0,1,2,3,4,5,6,19,20,21,22,23) | stats sum(user) This gives me the number of user that log on after hours Mon-Fri and can drill down if need to. Still working on the weekend hours. ... View more

Re: How to create after hour report?

by in Getting Data In
‎12-20-2022 08:59 AM
‎12-20-2022 08:59 AM
That work but it is not capturing 24 hours on Sat & Sun (0000-2400). It is only doing my week day Hours IN  ... View more

How to create after hour report?

by in Getting Data In
‎12-20-2022 08:38 AM
‎12-20-2022 08:38 AM
I am trying to create an after hour query with specific time frames 1. Mon 0000-0700 and 1900-2400, 2. Tue 0000-0700 and 1900-2400, 3. Wed 0000-0700 and 1900-2400, Thur 0000-0700 and 1900-2400, Fri 0000-0700 and 1900-2400, Sat 0000-2400, and Sun 0000-2400. I have my Cron Express set for 43 10***  | sort - _time | eval user=lower(user) |eval Day=strftime(_time,”%A”) |eval Hour=strftime(_time,”%H”) |eval Date=strftime(_time,”Y-%m-%d”) | search Hour IN (19,20,21,22,23,24,0,1,2,3,4,5,6,7) | table Date, Day, Hour, “User Account” I like the way this is displayed but I cannot figure out how to combine this query with a weekend (FRI 1900-Mon 0700) query. Or will I have to have two different queries? Once completed this will make a good dashboard.  ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎07-03-2025 06:23 AM
Karma from
View All
Karma given to
View All