Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About chimuru84
chimuru84
Explorer
Member since:
08-18-2023
08-12-2024
Community Statistics
| Posts | 23 |
| Solutions | 0 |
| Karma Given | 2 |
| Karma Received | 0 |
| Member Since | 08-18-2023 |
Activity Feed
- Posted Re: Triggering third-party authentication Verification on Splunk Search. 08-12-2024 07:21 AM
- Posted Re: Triggering third-party authentication Verification on Splunk Search. 08-10-2024 01:40 AM
- Posted Re: Triggering third-party authentication Verification on Splunk Search. 08-06-2024 09:03 PM
- Posted Triggering third-party authentication Verification on Splunk Search. 08-06-2024 07:28 AM
- Karma Re: Extract data from 2 different logs for ITWhisperer. 04-30-2024 03:59 AM
- Posted Re: Extract data from 2 different logs on Splunk Search. 04-30-2024 03:49 AM
- Posted Extract data from 2 different logs on Splunk Search. 04-30-2024 02:34 AM
- Posted Re: Search and count by multiple specific substrings in a field on Splunk Search. 11-16-2023 10:40 AM
- Karma Re: Search and count by multiple specific substrings in a field for ITWhisperer. 11-16-2023 04:06 AM
- Posted Re: Search and count by multiple specific substrings in a field on Splunk Search. 11-16-2023 03:52 AM
- Posted Re: Search and count by multiple specific substrings in a field on Splunk Search. 11-15-2023 03:28 AM
- Posted Re: Search and count by multiple specific substrings in a field on Splunk Search. 11-14-2023 10:53 AM
- Posted Re: Search and count by multiple specific substrings in a field on Splunk Search. 11-14-2023 10:05 AM
- Posted Re: Search and count by multiple specific substrings in a field on Splunk Search. 11-14-2023 08:04 AM
- Posted Re: Search and count by multiple specific substrings in a field on Splunk Search. 11-14-2023 07:53 AM
- Posted Re: Search and count by multiple specific substrings in a field on Splunk Search. 11-14-2023 07:42 AM
- Posted Search and count by multiple specific substrings in a field on Splunk Search. 11-14-2023 06:36 AM
- Posted Re: How to group messages based on substring on Splunk Search. 11-14-2023 01:57 AM
- Posted Re: How to group messages based on substring on Splunk Search. 08-18-2023 08:37 AM
- Posted Re: How to group messages based on substring on Splunk Search. 08-18-2023 07:47 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
08-12-2024
07:21 AM
Hello again @gcusello ! Sorry again. I want to return id, nr_of_days (difference between last_date and_first_date), login of last_date (could be today, yesterday, 1 month ago etc.) and login of first_date (where first_date is 365 days or more).
... View more
08-10-2024
01:40 AM
Hi @gcusello! I think I didn't ask the question correctly. I want to make a query that returns the users who had a third-party authentication (at the moment), and the last time they passed the authentication was 365 days ago.
... View more
08-06-2024
09:03 PM
It didn't help... I mean that a user has not made a check for 365 (or more) days until now.
... View more
08-06-2024
07:28 AM
Hello! I'm trying to implement a mechanism to flag users who have not had a third-party authentication verification in the last 365 days.
I tried this search, but is not give desired result.
index=......
| stats count by id
| search id=*
| eval Duration=relative_time(now(), "-365d@d")
| sort id
| table id Duration | dedup id
I'm grateful for any ideas. Thanks.
... View more
04-30-2024
03:49 AM
It works, thank you very much. One more thing, time filter isn't work, I mean if I set for 24H, search return logs for all time
... View more
04-30-2024
02:34 AM
Hello community! I want to extract data from 2 different logs like bellow: Log 1: 2024-04-28 06:38:51 INFO Start auth for accountId=1, ip=192.168.1.1 Log 2: 2024-04-28 06:38:27 INFO Collect response for accountId=1, was: response=FINISH For example for accountId=1 I have 10 logs with "Start auth", I mean 10 attempts of start auth. In second log, for the same accountId I have 1 or more logs with FINISH. I want to make a table like accountId Start auth FINISH 1 10 1 Could you helm me with this? Thank you.
... View more
11-16-2023
10:40 AM
I mean return all fields which does not contain firstName or lastName (do not remove them). Like in picture, second field does not contain firstName and lastName.
... View more
11-16-2023
03:52 AM
Work fine, Thank you. How can I ignore some value from result in same query, for example if I want to return only fields like second one in the screenshot. I mean, from first line in screenshot I want to exclude firstName, lastName and others. Thank you.
... View more
11-15-2023
03:28 AM
This is simple search, which give me this result. Result contains fields which contains "mobilePhoneNumber" OR "countryCode" OR "mobilePhoneNumber AND countryCode" I want to return count (in one line) of all fields which contains both, mobilePhoneNumber and countryCode ("mobilePhoneNumber AND countryCode").
... View more
11-14-2023
10:53 AM
This is simple search, which give me this result. Result contains fields which contains "mobilePhoneNumber" OR "countryCode" OR "mobilePhoneNumber AND countryCode" I want to return count (in one line) of all fields which contains both, mobilePhoneNumber and countryCode ("mobilePhoneNumber AND countryCode").
... View more
11-14-2023
08:04 AM
This is a part of result. What I want, to get in one line only mobileNumber and countryCode, on other line lastName, firstName, not all log where this words are meet.
... View more
11-14-2023
07:53 AM
yes, I tried like this, bus 0 events are returned
... View more
11-14-2023
07:42 AM
This query is giving this result but, I want to count by 2 or more words. Thank You
... View more
11-14-2023
06:36 AM
Hello.
I have logs which contains field "matching" which is a String type. This field contains this kind of information: [firstName, lastName, mobileNumber, town, ipAddress, dateOfBirth, emailAddress, countryCode, fullAddress, postCode, etc]. What I want to do is to compose a query that will return count of a specific search, such as [mobileNumber, countryCode] and display only the fields that contain the above words.
I tried this query:
index="source*" | where matching LIKE "%mobileNumber%" AND matchingLIKE "%countryCode%" | stats count by matching | table count matching
But the answer returns all the possible variants that also contains [mobileNumber, countryCode].
What I want is a count only for all this results
Also I want to create a table with all specific searches I do. I know how to use append, but result is like a stairs, what other solution can be used?
Than you!
... View more
11-14-2023
01:57 AM
Sorry for late answer. By "\"source\" originalField" I mean field which contains this kind of logs
... View more
08-18-2023
07:47 AM
This is how 2 success messages looks like. And I want to make 2 groups. For first, 1 query works fine, for second need to add to this query something. Thanks you.
... View more
08-18-2023
07:36 AM
with this query messages with success are not grouped. I want to have one group with success and another with success/detailedReason. Is possible that? Thank You
... View more
08-18-2023
07:26 AM
It works. Thank you. Now I saw that I have one more kind of success message. How can I group this message too?
... View more
08-18-2023
01:56 AM
After I use this query, I have a result like this. For different reasons for status failure, I have grouped messages, but for status success, every message is separate because of his Id. And the result looks like a JSON but is type String.
... View more
08-18-2023
12:50 AM
Hello community. I'm trying to extract information from a string type field and make a graph on a dashboard. In the graph, I want to group identical messages. I encounter difficulties when grouping a type of message that contains information about an id, which is different for each message and respectively for each message it returns a separate value. Ex. message: {"status":"SUCCESS","id":"123456789"}. I use this query: "source" originalField AND ("SUCCESS" OR "FAILURE") | stats count by originalField This query groups my fields that contain a FAILURE status, but does not group the SUCCESS ones because they have different IDs. I tried different substrings but it doesn't work. Can someone give me a solution?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-12-2024
02:02 PM
|
