×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
flynegal
Explorer
Member since: ‎04-19-2023
‎04-23-2025
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎04-19-2023
View All

Re: Why does search keep getting killed by 'Signal...

by in Splunk Search
‎01-17-2024 11:07 AM
1 Karma
‎01-17-2024 11:07 AM
1 Karma
This post is a few years old but to aid those who have spent hours trying to find the answers and end up here for help.... In my case I saw the "killed by signal 9" because of the proxy configuration...  I had 2 different cases of 'signal9'.  The solution for one case was the application itself allowed the proxy to be set in the app settings and in the other case this was the solution Can you configure the Duo Splunk Connector to use ... - Splunk Community.   ... View more

Re: time now to 24 hours earlier search with %H:%M...

by in Splunk Search
‎09-20-2023 05:45 AM
‎09-20-2023 05:45 AM
You will need a closing parenthesis in the eval statement if you copy and paste this solution.  Thank you for the assist! | eval created=strptime(whenCreated, "%I:%M:%S %p, %a %m/%d/%y") | where created>=relative_time(now(), "-48h") ... View more

How do you set up the search so that it will searc...

by in Splunk Search
‎09-15-2023 01:44 PM
‎09-15-2023 01:44 PM
Splunk newby here.  I have a search that works if I change it every day but would like to add it to a dashboard for monitoring without having to change the date.  It looks for all the newly created accounts in the current/past day, depending on what date I put in. The search is index=Activedirectory whenCreated="*,9/15/23" |table whenCreated, name, manager, title, description then search for last 24 hours.  The format of the time is %H:%M:%S AM/PM, %a %m/%d/%Y.  The 2 issues I am having are, how do you specify the AM/PM and how do you set up the search so that it will search for the last 24 hours using the current date.  I was thinking it is "time()" but I am not successful in getting the results I need.   ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎04-23-2025 01:17 PM
Karma from
View All