Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About Akmal57
Akmal57
Path Finder
Member since:
02-28-2023
Sunday
Community Statistics
| Posts | 35 |
| Solutions | 0 |
| Karma Given | 21 |
| Karma Received | 1 |
| Member Since | 02-28-2023 |
Activity Feed
- Posted Re: How to populate percentage on bar chart on Dashboards & Visualizations. Sunday
- Posted Re: How to populate percentage on bar chart on Dashboards & Visualizations. Sunday
- Posted How to populate percentage on bar chart on Dashboards & Visualizations. 2 weeks ago
- Posted Regex Hostname for multiple scenario on Splunk Search. 11-26-2023 07:34 PM
- Tagged Regex Hostname for multiple scenario on Splunk Search. 11-26-2023 07:34 PM
- Karma Re: Matched IP from 2 different lookup with condition for yuanliu. 10-16-2023 07:03 PM
- Karma Re: Matched IP from 2 different lookup with condition for ITWhisperer. 10-16-2023 07:03 PM
- Posted Re: Matched IP from 2 different lookup with condition on Splunk Search. 10-11-2023 07:54 PM
- Posted Matched IP from 2 different lookup with condition on Splunk Search. 10-11-2023 12:30 AM
- Tagged Matched IP from 2 different lookup with condition on Splunk Search. 10-11-2023 12:30 AM
- Karma Re: Compare 2 lookup to show non match info for yuanliu. 10-11-2023 12:03 AM
- Posted Re: Compare 2 lookup to show non match info on Splunk Search. 10-11-2023 12:02 AM
- Tagged Re: Compare 2 lookup to show non match info on Splunk Search. 10-11-2023 12:02 AM
- Posted Re: Compare 2 lookup to show non match info on Splunk Search. 10-10-2023 02:26 AM
- Posted Re: Compare 2 lookup to show non match info on Splunk Search. 10-10-2023 02:24 AM
- Karma Re: Compare 2 lookup to show non match info for yuanliu. 10-10-2023 02:24 AM
- Karma Re: Compare 2 lookup to show non match info for bowesmana. 10-09-2023 09:29 PM
- Posted Re: Compare 2 lookup to show non match info on Splunk Search. 10-09-2023 07:47 PM
- Posted Compare 2 lookup to show non match info on Splunk Search. 10-09-2023 07:05 PM
- Tagged Compare 2 lookup to show non match info on Splunk Search. 10-09-2023 07:05 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
Sunday
Hi @bowesmana, index="index A" | table _time, Audit | addtotals fieldname=Total | foreach * [eval Audit=round (('Audit'/Total*100),2)] above is my query that i have created based on your idea, but seems not working. Below screenshot is the result for above query. the values not showing in percentage.
... View more
2 weeks ago
Hi all, I'm monitoring compliance data for the past 7 days using timechart. My current query displays the count of "comply" and "not comply" events for each day. index= indexA | timechart span=1d count by audit However, I'd like to visualize this data as percentages instead. Is it possible to modify the search to display the percentage of compliant and non-compliant events on top of each bar? Thanks in advance for your help!
... View more
11-26-2023
07:34 PM
Hi, I have log which the field name is called "name". The regex cannot get the hostname from the name field because have multiple scenario. Eg as below: (DR) HostA-AIX-172.0.0.0-root 01-HostA-10-Cambodia-Cisco_Router-10.0.0.0-root1 172.0.0.0-Malaysia-Windows Server 2016-HostA-admin 172.0.0.0 - HostA-Indonesia-Win2012-172.0.0.0-admin 3D-(DR) HostA-Win2003-172.0.0.0 [NAT IP 192.0.0.0] (dmin) AD-HostA.local-srv_AB_CDD HostA-India-Solaris10-172.0.0.0-root These are the sample inconsistent log that we need to get Hostname. The highlighted one should we get for the hostname. Please assist on this by creating new regex
... View more
- Tags:
- regex
10-11-2023
07:54 PM
Hi @ITWhisperer , is there any way to match the ip without expand the ip?
... View more
10-11-2023
12:30 AM
Hi, i have 2 lookup tables, which are lookup A and B. Both of the lookups contain field Hostname and IP. There is some scenario like below: Lookup A Hostname IP Host A 10.10.10.1 10.10.10.2 Host B 172.1.1.1 Lookup B Hostname IP Host A 10.10.10.1 Host B 172.1.1.1 172.1.1.2 Based on scenario above, I need a result on IP which lookup A and B does not match based on Host. But as long 1 IP in lookup A matches with lookup B, it is fine and lookup B should not have multiple IP. So, it should not match even have match IP. For your info,both lookups have multiple IPs for a host. Based on above lookup sample, Host A should match and Host B should not match based on my condition. Please assist on this. Thank you
... View more
- Tags:
- eval
10-11-2023
12:02 AM
Hi @yuanliu , noted on that. Thank you for your assist on this. its really helpful
... View more
- Tags:
- @
10-10-2023
02:24 AM
Hi @yuanliu i think i want as your example. but what field should i put for below eval? [eval <<FIELD>> = if(mvindex(<<FIELD>>, 0) == mvindex(<<FIELD>>, 1), mvindex(<<FIELD>>, 0), mvzip(origins, <<FIELD>>, ":"))]
| fields - origins is it os or ip?
... View more
10-09-2023
07:47 PM
Hi @bowesmana , it works great as expected, but is there any way to flag or highlight the differentiate value. because there are 3 fields are compared. so i need to check both lookup in order to find the missing info.
... View more
10-09-2023
07:05 PM
Hi, I have 2 lookup which is lookup A and lookup B. My lookup A will be keep update by splunk query and my lookup B is maintain manually. Both lookup contain same fields which is Hostname, IP and OS. I need to compare both lookup and bring out the non match Hostname and IP. Please assist me on this. Thank You
... View more
- Tags:
- lookup
09-27-2023
11:25 PM
Hi @yuanliu, both working perfectly. but for example there is some os log, the red hat are in middle, example: Linux(Red Hat Linux Enterprise 7.1) and Linux(Red Hat Linux Enterprise) 8.6 for above log, the regex also detect the linux. can you assist on regex that cover only red hat and version of it? also i have same issue on the windows server log which need regex for only detect windows server and which year.
... View more
09-27-2023
08:14 PM
Hi, i have lookup which list out all red hat linux. for example, in my lookup have red hat 7, red hat 8 and so on. i need to correlate OS log with the lookup. but my OS log is not standardized as below:
Red Hat Linux Enterprise 7.1,
Red Hat Linux Enterprise Server 8.6 and so on.
How do i make it as standardized OS as lookup above using regex.
Please assist on this. Thank you
... View more
09-25-2023
05:16 AM
Hi, i have created classic dashboard based on saved search because my saved search used as asset management search which contain a lot of fields. For now i need to create 3 input textbox and 1 drilldown. Below are search that i used to match my token with search. | savedsearch "test 1" | search hostname=$hostname$, ip=$ip$, ID=$id$, location=$location$ However, search above doesn't work for the inputs field. Also i might need to add more inputs fields in future. Please assist me on this. Thank you
... View more
- Tags:
- dashboard
09-25-2023
01:09 AM
Owh ok, both working great as expected. Thank you for your assist on this.
... View more
09-24-2023
10:53 PM
Hi @bowesmana , thank you for your response. Your regex works great. if i want the ip on another field, do i need to use another regex?
... View more
09-24-2023
09:30 PM
Hi, i want to list out all the hostname in my tipwire log. but my hostname field are as below: Hostname 10.10.10.10 : Host A 192.0.0.0 : Host B My hostname and ip are mixed and in the same field. How do i split the hostname, IP and list out all the hostname only. Please assist me on this. Thank you
... View more
- Tags:
- eval
Labels
- Labels:
-
eval
-
field extraction
-
fields
-
stats
09-11-2023
01:16 AM
Hi @kamlesh_vaghela, its work as expected. Thank you very much for your assist.
... View more
09-10-2023
09:21 PM
I have asset management data that i need to create weekly reports.
When i make query for the data like query below:
index=a sourcetype=b
stats values(ip_addr) as ip by hostname
Result:
hostname ip
Host A 1) 10.0.0.0
2) 10.10.10.1
3) 10.0.0.2
Host B 1) 192.1.1.1
2) 172.1.1.1
i wanted the result not include the numbering in front of the ip address.
Please assist on this. Thank you.
... View more
- Tags:
- search
- splunk search
08-28-2023
07:41 PM
Hi @gcusello , Thank you very much for your assist. What you understand is correct, both of your query works perfectly fine as expected.
... View more
08-27-2023
11:00 PM
We have a set of data which populate host and ip
Eg.
Host IP count
ESDBAS 10.10.10.10 1
ASFDB 192.0.0.0 1
Query:
index=a sourcetype=b | stats values(ip) as IP count by host
i need the result which any hostname that contain DB should come out on another field
eg:
Host IP count Environment
ESDBAS 10.10.10.10 1 DB
ASFDB 192.0.0.0 1 DB
Please assist me on this
... View more
08-21-2023
12:33 AM
if using mvexpand, my result is like this: Host IP Internet Facing Host A 10.1.1.1 No Host A 172. 1.1.1 Yes for the ip field, i have combined from 2 sources my table should look like this: Host IP Internet Facing Host A 10.1.1.1 Yes 172. 1.1.1 Below is my sample query index=a or sourcetype=b |eval ip=mvappend(IP1, IP2) |stats value(ip) as ip by host | eval "internet facing"=case(cidrmatch(172.1.1.0/24" , IP) , "Yes" , 1=1, "No") I need the result to look like the second example table above, which does not splitting the host.
... View more
08-21-2023
12:06 AM
ok, thank you for you reply. but if using mvexpand, the ip will splited by host. is there any work around to not split the host? if i split the ip for example like host ip1 ip2 is there any query that can detect the internet facing by search across all the ip field
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
Sunday
|
Karma given to
