Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About RahulMisra
RahulMisra
Engager
Member since:
08-24-2023
09-19-2023
Community Statistics
| Posts | 12 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 08-24-2023 |
Activity Feed
- Posted Re: Filter Table Output on Splunk Search. 09-19-2023 04:47 AM
- Posted Re: Filter Table Output on Splunk Search. 09-19-2023 04:41 AM
- Posted How to Filter Table Output? on Splunk Search. 09-19-2023 03:45 AM
- Tagged How to Filter Table Output? on Splunk Search. 09-19-2023 03:45 AM
- Posted Re: Regex for multiple lines of a field value on Getting Data In. 08-29-2023 01:45 AM
- Posted Re: How to Print Id's which are not present in Index search? on Splunk Search. 08-25-2023 04:13 AM
- Posted Re: Print Id's which are not present in Index search on Splunk Search. 08-25-2023 03:14 AM
- Posted Re: Regex for multiple lines of a field value on Getting Data In. 08-25-2023 02:47 AM
- Posted How to create regex for multiple lines of a field value? on Getting Data In. 08-25-2023 02:31 AM
- Posted Re: Print Id's which are not present in Index search on Splunk Search. 08-24-2023 02:51 PM
- Posted Re: Print Id's which are not present in Index search on Splunk Search. 08-24-2023 09:29 AM
- Posted Re: Print Id's which are not present in Index search on Splunk Search. 08-24-2023 08:59 AM
- Posted How to Print Id's which are not present in Index search? on Splunk Search. 08-24-2023 06:45 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
09-19-2023
03:45 AM
I have an output of
index=feds | fillnull value="" | table httpRequest.clientIp labels{}.name
awswaf:clientip:geo:country:US
awswaf:managed:token:absent
awswaf:clientip:geo:region:US-IL
awswaf:managed:aws:bot-control:signal:non_browser_user_agent
wswaf:clientip:geo:country:US
awswaf:managed:token:absent
awswaf:clientip:geo:region:US-IL
awswaf:managed:aws:bot-control:signal:non_browser_user_agent
wswaf:clientip:geo:country:US
awswaf:managed:token:absent
awswaf:clientip:geo:region:US-IL
awswaf:managed:aws:bot-control:signal:non_browser_user_agent
But need to filter "awswaf:managed:aws:bot-control:signal:non_browser_user_agent" on Table output and see the results only on "awswaf:managed:aws:bot-control:signal:non_browser_user_agent"
... View more
Labels
- Labels:
-
table
08-25-2023
04:13 AM
Just one last thing, i am getting desired results on stats ( as per my lookup file) but , events are not aliighning to stats
... View more
08-25-2023
03:14 AM
@gcusello I am getting the desired results. Accepting the solution.
... View more
08-25-2023
02:47 AM
{"type": "testlog", "configId": "22269", "policyId": "FIST_52163", "anomali": "34.87.65.2", "combinedrules": ["3000039", "3000081", "958052", "973335", "XSS-ANOMALY"], "ruleMessages": ["Cross-site Scripting (XSS) Attack", "Cross-site Scripting (XSS) Attack", "Cross-site Scripting (XSS) Attack", "Cross-site Scripting (XSS) Attack", "Anomaly Score Exceeded for Cross-site Scripting (XSS) Attack"], "ruleTags": ["ASE/WEB_ATTACK/XSS", "ASE/WEB_ATTACK/XSS", "ASE/WEB_ATTACK/XSS", "ASE/WEB_ATTACK/XSS", "ASE/WEB_ATTACK/XSS"], "ruleData": ["document.domain", ")alert(", "alert(", "')alert(document.domain)", "Vector Score: 17, Group Threshold: 7, Triggered Rules: 3000081-958052-3000039-973335, Triggered Scores: 5-5-5-2, Triggered Selector: ARGS:errorCode, Mitigated Rules: , Last Matched Message: "], "ruleActions": ["alert", "alert", "alert", "alert", "deny"], "requestId": "2ed42ca7", "method": "GET", "Host": "test.goodies.com", "path": "/carbon/admin/login.jsp", "User-Agent": "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1866.237 Safari/537.36", "status": "403", "Server": "AkamaiGHost", "Date": "Fri, 25 Aug 2023 09:10:04 GMT"}
... View more
08-25-2023
02:31 AM
I want to extract numeric values into seperate field
"combinedrules": ["3000039", "3000081", "958052", "973335", "XSS-ANOMALY"]
Expected Output:
Ruleid
3000039
3000081
958052
Three might be a case when there could be 2 rules Id in one event and i wan to see both gets displayed in a single line
... View more
- Tags:
- regex
- splunk search
Labels
- Labels:
-
field extraction
08-24-2023
02:51 PM
getting error: Error in 'EvalCommand': The expression is malformed. Expected ).
... View more
08-24-2023
09:29 AM
I got some data after removing dedup combinedrules{} 3000041 959073 981248 I want to see what events are there is search which has these Id's. This is the combined rules field containing on raw events : "combinedrules": ["3900006", "3900007", "3900013", "3900020", "3900021", "3900036", "970901" Appreciate your help.
... View more
08-24-2023
08:59 AM
No data coming in.
... View more
08-24-2023
06:45 AM
I have a lookup file( with one column combinedrules{}) which would be dynamic and i want to run a scheduled search to print ID's that are not present in the index search(has same column combinedrules{}).
Lookup File
combinedrules{}
324252
543246
search
Combinedrules{}
Search(index)
Inputlookup file
324252
No
Yes
432324
No
Yes
... View more
- Tags:
- index search
Labels
- Labels:
-
lookup
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
09-19-2023
06:45 PM
|
