Hi, I want to make a search out of event below, I need a fields computername,macaddress,labels,profiles,unmanageable, and i want to find out the systems  with lostinterface and no labels and systems with out unmanageable . Created= " 2022-11-09 18:00:48 + 00:00 " date to be change to date format 2022-11-09 Feb 5 22:00:28  centino 03 729 < 134 > 1 2023-02-06T03:00:05.982 + 00:00  centino 03  centino  7824 - [centino -Discover@017474   id= " 252235 " MacAddress= " 42-01-0A-08-10-76 " MacOrganization= " null " "   HostName= " MACRO-GPG0 " Labels= " Lost Interface " Computer-Name= "fdsfaed s" Locations= "" centino ComputerId= " 0 " Os= " Windows " OsGeneration= " null " Managed= " 0 " Unmanageable= " 0 " Arp= " 1 " Nmap= " 1 " Ping= " 1 " Connected= " 1 " AwsApi= " 0 " CentralizedNmap= " 0 " SatelliteNmap= " 0 " Created= " 2022-11-09 18:00:48 + 00:00 " UpdatedAt= " 2023-02-06 02:41:53 + 00:00 " FirstManaged= " 2022-12-18 04:01:02 + 00:00 " LastManagedAt= " 2023-01-12 12:01:11 + 00:00 " LastDiscoveredAt= " 2023-02-06 02:41:53 + 00:00 " Profile= " GCP_TnD_Subnets " SatelliteDecId= " null " SatelliteName= " null "]   thanks ... View more

Hi, I want to create a search out of the below event, to raise an alert if the particular system having the label lostinterface or label is  not there  and in profiles we have 2 values i.e  tndsubnet1 and  tndsubnet2, how we can make the search to seperate out the systems in tndsubnets 1 and tndsubnets 2 accordingly to make a search Thanks.. ... View more

Hi, Need a search query to find the either if  first_find and last_find values matches with the current date should raise an alert .   first_find last_find fields are in  2020-04-30T13:18:13.000Z 2023-01-15T14:12:18.000Z format need this in  2020-04-30 format  2. Instead of receiving all the alerts we require, if today's date matches the first _find or the last_find, raise an alert *todays date will change every day do not bound that with actual todays date* note : last_find  , first_find are multi valued fields.. Thanks... ... View more

Hi, Could you help me in editing the below search  index=test sourcetype="centino" | stats count, values(change_asset) as changed_asset, values(brief) as description, values(severity) as severity, values(exploitation_method) as exploitation_method, values(first_find) as first_find, values(last_find) as last_find, , values(systems) as system by id. 1. In the below output of fields we need to display only the date 2023-01-22  first_find                                                 last_find 2. Instead of receiving all the notifications we require, if today's date matches the first _find or the last_find, raise an alert *todays date will change every day do not bound that with actual todays date* Thanks... ... View more

Hi, How to get the cycognito logs to splunk, is there any app available in splunkbase, let me know  thanks... ... View more

Hi, Could you provide me with the search query for one of my index es_splunk ,so that we can find all the null fields,  regex case sensitive so it's only catching "null", all lower case, but they may ALL be that way anyway. Just mentioning for completeness... as well as there could be fields that are not "null" but simply an empty string. Those two cases should be checked if we want 100% coverage.   Thanks.     ... View more

Could you provide me a splunk enterprise security learning links from scratch  Zero to hero classes.. Thanks 🙏     ... View more

Hi, We are using the intsights app for splunk cloud as the intsights app installed on splunk idm,we notice that when we try to create a inputs to get the alerts,we are not able to select the custom index created in the indexer. Why the all indexes which are present in splunk cloud not populating in the intsights app splunk idm ??   ... View more

Hi, Could you please help me in listing out the services request to splunk by user, I' m trying to upload it to the ticketing tool Type                   service         desc onboarding  operational appliances Thanks..   ... View more