×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
plaxos
Explorer
Member since: ‎04-23-2015
‎06-05-2020
Community Statistics
Posts 5
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎04-23-2015
Activity Feed
View All

Re: Set default app for LDAP users

by in Security
‎01-25-2016 08:57 AM
‎01-25-2016 08:57 AM
You are right. Thanks for the pointer. Now I have to decide whether to distribute this via deployer, and overwrite the system defaults (bad practice), or manually make the change on each SHC member. ... View more

Re: Find time of latest event type without streami...

by in Getting Data In
‎09-13-2015 10:18 AM
‎09-13-2015 10:18 AM
To elaborate ... I need to get the last 30 minutes of activity for a custid where the custid comes from an ad-hoc query through a dashboard. The activity for that custid may have been in the last few minutes or a few weeks ago. The total number of records for the customer could be in the hundreds or the tens of thousands. I am using this search with a subsearch to find the time of the last activity and put it in an "earliest" clause: search index=tlog sourcetype=csrv custid=$custid$ [ search index=tlog | custid=$custid$ | head 1 | eval earliest=relative_time(_time,"-30m") | fields earliest | format ] | stats count by Env, Region Perhaps there is a way to avoid doing two searches for this, I just can't think of it. The reason that metadata doesn't help is that the "lastTime" field is for the index as a whole, and not by custid. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma given to
View All