Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About qman
qman
Engager
Member since:
01-27-2020
10-28-2020
Community Statistics
| Posts | 5 |
| Solutions | 0 |
| Karma Given | 1 |
| Karma Received | 0 |
| Member Since | 01-27-2020 |
Activity Feed
- Posted Trigger panel refresh when checkbox is changed on Dashboards & Visualizations. 10-28-2020 07:00 AM
- Tagged Trigger panel refresh when checkbox is changed on Dashboards & Visualizations. 10-28-2020 07:00 AM
- Tagged Trigger panel refresh when checkbox is changed on Dashboards & Visualizations. 10-28-2020 07:00 AM
- Tagged Trigger panel refresh when checkbox is changed on Dashboards & Visualizations. 10-28-2020 07:00 AM
- Tagged Trigger panel refresh when checkbox is changed on Dashboards & Visualizations. 10-28-2020 07:00 AM
- Posted Re: Checking when a field value has changed on Splunk Search. 08-18-2020 07:52 AM
- Tagged Re: Checking when a field value has changed on Splunk Search. 08-18-2020 07:52 AM
- Karma Re: How to split search results into separate lines instead of concatenating? for to4kawa. 06-05-2020 12:51 AM
- Posted Re: How to split search results into separate lines instead of concatenating? on Splunk Search. 05-28-2020 07:06 AM
- Posted How to split search results into separate lines instead of concatenating? on Splunk Search. 05-28-2020 01:52 AM
- Tagged How to split search results into separate lines instead of concatenating? on Splunk Search. 05-28-2020 01:52 AM
- Tagged How to split search results into separate lines instead of concatenating? on Splunk Search. 05-28-2020 01:52 AM
- Tagged How to split search results into separate lines instead of concatenating? on Splunk Search. 05-28-2020 01:52 AM
- Posted How to subtract results from inner search and then from outer search on Splunk Search. 02-14-2020 07:27 AM
- Tagged How to subtract results from inner search and then from outer search on Splunk Search. 02-14-2020 07:27 AM
- Tagged How to subtract results from inner search and then from outer search on Splunk Search. 02-14-2020 07:27 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
10-28-2020
07:00 AM
Hi everybody, I created a dashboard with three checkboxes. Each of them amends the search behind a single value panel. Now when I tick the checkbox nothing happens. I have to refresh the whole webpage to trigger the search behind the panel with the new settings. Is there a way to trigger the panel refresh with ticking/unticking the checkbox?
... View more
Labels
- Labels:
-
single value
08-18-2020
07:52 AM
Hi! I have a similar issue. I want to check if a url classification of the proxy has changed. Could anybody explain exactly what was done in that search? I don't get it. In detail my issue is like: I have a url that is classified as malicious and all traffic to there is blocked. But maybe 2 or 3 days before the url wasn't classified as malicious and so users were able to get to the site. So I need a search which checks if the classification changed within the last few days. Any ideas?
... View more
- Tags:
- field value change
05-28-2020
07:06 AM
first of all: Ups! I just noticed I missed an octet in the IP addressas... please imagine them like 192.168.1.10x
unfortunately this doesn't work as intended. When I do this it counts only the appearence of the field_ip value.
So for example if at time 11:30 192.168.1.103 has 400 counts, with the above query timechart shows me at 11:30 a value of 1 for 192.168.1.103...
The result I get is this:
... View more
05-28-2020
01:52 AM
Hi!
I did a search like this:
| tstats summariesonly=t count from datamodel=XZY WHERE field_ip="192.168.101" OR field_ip="192.168.102" OR field_ip="192.168.103" OR field_ip="192.168.104" OR field_ip="192.168.105" by field_ip, _time
But this shows me just one line and concatenates the single field values (the different IPs) after another... so the first "quarter of the line is the first IP the next quarter is the next IP also.
When I do the same search with the following:
| datamodel XZY search | search field_ip="192.168.101" OR field_ip="192.168.102" OR field_ip="192.168.103" OR field_ip="192.168.104" OR field_ip="192.168.105" | timechart count by field_ip
It does split the field_ip into its values and shows me 4 lines. One for each IP.
Due to performance issues, I would like to use the tstats command.
(I have the same issue when using the stats command instead of the timechart command)
So I guess there is something like a parameter I must give the stats command to split the result in different lines instead of concatenating the results.
... View more
02-14-2020
07:27 AM
Hi everybody,
I need to find out all the servers on which the Windows EventID=XYZ is not logged.
Therefore I run a search for all servers in my index (to have all the servers) and then I do an inner search where I only search for servers where at least one single time the EventID=XYZ was logged.
When I now subtract this result from the "all servers" result only those should remain which didn't log the EventID=XYZ.
But how is this done?
index=servers
[search index=servers EventID=XYZ
| stats values(host) as not_wanted_servers
| fields not_wanted_servers]
| stats values(host) as target_servers
|where target_servers NOT in not_wanted_servers
The last line doesn't work but should show what I want to do.
... View more
- Tags:
- difference
- search
