Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About kuriakose
kuriakose
Explorer
Member since:
01-21-2020
05-02-2022
Community Statistics
| Posts | 9 |
| Solutions | 0 |
| Karma Given | 4 |
| Karma Received | 0 |
| Member Since | 01-21-2020 |
Activity Feed
- Karma Re: Password spraying search for ITWhisperer. 08-23-2021 06:48 AM
- Posted Re: Password spraying search on Splunk Search. 08-23-2021 06:33 AM
- Posted Password spraying search on Splunk Search. 08-23-2021 05:53 AM
- Posted Re: List index from a datamodel on Knowledge Management. 08-04-2021 07:36 AM
- Karma Re: List index from a datamodel for richgalloway. 08-04-2021 07:36 AM
- Posted List index from a datamodel on Knowledge Management. 08-04-2021 04:34 AM
- Posted Re: How to ignore a field from search if the value is null, and then search based on the second input.? on Splunk Search. 11-03-2020 07:35 AM
- Posted Re: How to ignore a field from search if the value is null, and then search based on the second input.? on Splunk Search. 10-30-2020 09:07 AM
- Posted How to ignore a field from search if the value is null, and then search based on the second input.? on Splunk Search. 10-30-2020 08:20 AM
- Posted Re: Correlate one field with other field to locate repeated value on Splunk Search. 06-26-2020 09:10 AM
- Karma Re: Correlate one field with other field to locate repeated value for gcusello. 06-26-2020 09:10 AM
- Tagged Re: Correlate one field with other field to locate repeated value on Splunk Search. 06-26-2020 09:10 AM
- Posted Correlate one field with other field to locate repeated value on Splunk Search. 06-26-2020 08:23 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
08-23-2021
06:33 AM
I made those changes still i am not getting the result what am expecting.
... View more
08-23-2021
05:53 AM
Hi, I am attempting to create a search for a password spraying attempt. I need the IP address and Hostname made with the different login names attempted to login to a particular machine within the last 5 min. Also, the number of login attempts should be more than 10. I created the below search, but that's pulling me wrong data. A sample data am expecting is attached in the screenshot index=win* EventCode=4625 Logon_Type=3 Target_User_Name!="" src_ip!="-" |bucket span=5m _time |stats dc(TargetUserName) AS Unique_accounts values(TargetUserName) as tried_accounts by _time, src_ip Source_Workstation |eventstats avg(Unique_accounts) as global_avg, stdev(Unique_accounts) as global_std |eval upperBound=(comp_avg+comp_std*3) |eval isOutlier=if(Unique_accounts>10 and Unique_accounts>=upperBound, 1, 0) |sort -Unique_accounts Thanks in advance.
... View more
Labels
- Labels:
-
stats
08-04-2021
04:34 AM
Hi, can someone one help me with an SPL so that I can list the indexes of a datamodel. datamodel name - authentication.malware Appreciate your help in advance.
... View more
Labels
- Labels:
-
data model
11-03-2020
07:35 AM
I could sort out this issue by trying |search ($test1$ $test2$). Now the search is giving the results even if one input is null.
... View more
10-30-2020
09:07 AM
I have field values, name and EmpID in my index. The above search will not work if I am giving only a single input. I have to give both the inputs then only its working. which I don't want. Sometime I will have only one input.
... View more
10-30-2020
08:20 AM
How to ignore a field from search if the value is null, search based on the second input.? I have two inputs and this search will work only if i have some value in both the fields. I need the result, even if one value is null. name="$field4$" OR EmpID="$field5$" Found a similar one here, but this did not resolve my issue. Appreciate the help in advance. https://community.splunk.com/t5/Getting-Data-In/How-to-omit-a-field-from-search-on-a-text-input-if-the-field-is/m-p/330788
... View more
Labels
- Labels:
-
search job inspector
06-26-2020
09:10 AM
Hi @gcusello, Thank you so much. This is working perfectly. A slight typo was in | where n_SHA>1 instead of dc_SHA>1 🙂 that I corrected and it's working well. Thank you so much.
... View more
- Tags:
- u
06-26-2020
08:23 AM
aid SHA abc 12345 12345 ujdk 9890 9890 yui 1239 1897 I would like to trigger an alert if a particular aid has different SHA. In the above case, field yui should trigger an alert for me. can someone help me with an SPL? Thanks in advance
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
05-02-2022
10:56 AM
|
