×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
lorscardala985
Explorer
Member since: ‎07-05-2023
‎01-25-2024
Community Statistics
Posts 17
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎07-05-2023
Activity Feed
View All

Re: token

by in Dashboards & Visualizations
‎01-25-2024 05:53 AM
‎01-25-2024 05:53 AM
I'm not sure if I was unclear, but anyway, I wanted to use the token to change, if possible, the data reported by a search that is saved as a report. ... View more

token

by in Dashboards & Visualizations
‎01-25-2024 05:40 AM
‎01-25-2024 05:40 AM
"I need help with this XML for a dashboard; essentially, I need to call a token that modifies data within a report, having already created the token with the name 'data.' How can I do this?"   <form version="1.1">   <label>Lista IP da bloccare</label>   <fieldset submitButton="true" autoRun="false">     <input type="time" token="data">       <label></label>       <default>         <earliest>rt-24h</earliest>         <latest>rt</latest>       </default>     </input>   </fieldset>   <row>     <panel>       <table>         <search ref="checkpoint1"></search>         <option name="drilldown">none</option>       </table>     </panel>   </row> </form> ... View more
Labels

Re: timestamp

by in Getting Data In
‎08-03-2023 02:29 AM
‎08-03-2023 02:29 AM
    this are my sourcetype and the problem with the date ... View more

timestamp

by in Getting Data In
‎08-03-2023 02:05 AM
‎08-03-2023 02:05 AM
i have a problem with the timestamp when i parsing the data, i want the date to start with 28/04/2023 and end with 03/05/2023 but it start with 30/04 then 29/04 and end with 28/04, who can i start the data with 28/04 and not 30/04 ... View more
Labels

Re: timestamp props.conf

by in Getting Data In
‎07-21-2023 02:43 AM
‎07-21-2023 02:43 AM
i have events with this timestamp Sep 20 11:13:18 10.50.3.100 Sep 20 11:13:15 and i want to view only the second timestamp  ... View more

How can I take the second timestamp in props.conf?

by in Getting Data In
‎07-21-2023 02:27 AM
‎07-21-2023 02:27 AM
how can i in the props.conf file tell Splunk to take the second timestamp as opposed to the first ... View more
Labels

Re: transform.conf

by in Getting Data In
‎07-19-2023 12:59 AM
‎07-19-2023 12:59 AM
how can i identify, because i have file with log events, and i  need to ingest on splunk  ... View more

transform.conf

by in Getting Data In
‎07-19-2023 12:38 AM
‎07-19-2023 12:38 AM
how can i modify the transforms.conf file so that when i ingest the data it throws away all the events that have the status FAILED after the first ip address ... View more
Labels

Re: subnet

by in Splunk Search
‎07-11-2023 03:50 AM
‎07-11-2023 03:50 AM
i have 1 ip address that is 127.0.0.1    ... View more

subnet

by in Splunk Search
‎07-11-2023 03:37 AM
‎07-11-2023 03:37 AM
I need help creating a regex that extracts subnet masks ... View more
Labels

bucket repair

by in Splunk Search
‎07-07-2023 12:33 AM
‎07-07-2023 12:33 AM
splunk fsck repair --all-buckets-all-indexes i need to know where i need to put this command on Linux ... View more
Labels

populate multiselect

by in Splunk Search
‎07-06-2023 07:41 AM
‎07-06-2023 07:41 AM
why doesn't this search populate the multiselect  ... View more

Re: session duration

by in Getting Data In
‎07-05-2023 08:26 AM
‎07-05-2023 08:26 AM
index=_audit sourcetype=audittrail (action="login attempt" OR action="logout") | stats values(_time) as action_time by user, action | eventstats range(action_time) as range by user | eventstats min(action_time) as min_time max(action_time) as max_time by user, range | where action="login attempt" OR action="logout" | stats values(action_time) as action_time by user | eval login_time=mvindex(action_time, 0), logout_time=mvindex(action_time, -1) | eval session_duration=logout_time - login_time | eval session_duration_str=strftime(session_duration, "%H:%M:%S") | table user session_duration_str from this search I would need to know the duration of the individual days ... View more

Re: session duration

by in Getting Data In
‎07-05-2023 08:14 AM
‎07-05-2023 08:14 AM
I thought of something like this : index="_internal" | stats avg(_time) as avg_time by user | eval avg_day = strftime(avg_time, "%Y-%m-%d") ... View more

Re: session duration

by in Getting Data In
‎07-05-2023 08:11 AM
‎07-05-2023 08:11 AM
where i can find it??, i'm new in splunk so i don't know everything ... View more

Re: session duration

by in Getting Data In
‎07-05-2023 07:58 AM
‎07-05-2023 07:58 AM
i need to knwo how to find the average session duration  (the time between when I connect to when I disconnect) ... View more

How can I calculate session duration?

by in Getting Data In
‎07-05-2023 07:35 AM
‎07-05-2023 07:35 AM
I wanted to know how I can calculate the average daily duration of the sessions ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎01-25-2024 11:16 AM
Karma given to
View All