Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About splunker969
splunker969
Communicator
Member since:
08-30-2017
06-05-2020
Community Statistics
| Posts | 100 |
| Solutions | 0 |
| Karma Given | 17 |
| Karma Received | 13 |
| Member Since | 08-30-2017 |
Activity Feed
- Karma Re: Help with search to monitor a firewall for MuS. 06-05-2020 12:49 AM
- Karma Re: Can you search for users who are using a dashboard between certain dates? for nadlurinadluri. 06-05-2020 12:49 AM
- Karma Re: can i get the one particular host information from the metadata command? for somesoni2. 06-05-2020 12:49 AM
- Karma can i get the one particular host information from the metadata command? for pentela114. 06-05-2020 12:49 AM
- Karma Re: Search help ? for elliotproebstel. 06-05-2020 12:49 AM
- Karma Re: How to check how long splunk uf agents are down on particular servers? for somesoni2. 06-05-2020 12:49 AM
- Karma Re: How can I write a search to find hosts that are not sending logs to Splunk or show the last time a host sent logs to Splunk? for tmarlette. 06-05-2020 12:49 AM
- Karma Re: Finding whether firewall hosts sending logs to splunk ? for gcusello. 06-05-2020 12:49 AM
- Karma Re: Dashboard help ? for niketn. 06-05-2020 12:49 AM
- Karma Re: Why isn't my search showing the full results? for DalJeanis. 06-05-2020 12:49 AM
- Karma Re: What is best process of sending logs from Splunk to syslogng server ? for s2_splunk. 06-05-2020 12:49 AM
- Karma Re: How can I display images in my dashboard? for niketn. 06-05-2020 12:49 AM
- Karma Re: How do I write my search to give fast results when setting the time range picker to last 7 days? for woodcock. 06-05-2020 12:49 AM
- Karma How to assign roles to X team if model User doesn't have access to that Index? for manideep6669. 06-05-2020 12:49 AM
- Karma Re: How to write queries for below condition ? for kmaron. 06-05-2020 12:49 AM
- Karma How to resolve the problem when disc full in prod ES SHC members? for manideep6669. 06-05-2020 12:49 AM
- Karma Re: How do we permanently move some interesting fields to selected fields in a clustered environment ? for gcusello. 06-05-2020 12:49 AM
- Got Karma for Re: Why isn't my search showing the full results?. 06-05-2020 12:49 AM
- Got Karma for How do we permanently move some interesting fields to selected fields in a clustered environment ?. 06-05-2020 12:49 AM
- Got Karma for How to write queries for below condition ?. 06-05-2020 12:49 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 1 | |||
| 1 |
09-20-2018
01:22 PM
How do we identify which splunk search is consuming more memory on the splunk indexers ?
... View more
- Tags:
- splunk-enterprise
09-05-2018
11:46 AM
Accepted already @nadlurinadluri
... View more
09-04-2018
12:19 PM
Thanks @nadlurinadluri ,
This worked in my case -
index=_internal source=*splunkd_ui_access.log uri="*" NOT (user="-")
| eval access_time =strftime(_time,"%b %d, %Y : %H:%M:%S")
| stats min(access_time) as "Firstaccess" max(access_time) as "lastaccess" by user
... View more
08-31-2018
02:18 PM
This works for me
index=_internal source=*splunkd_ui_access.log uri="app uri" NOT (user="-")
| stats count by user
Can we also get the LastAcess Time stamp there by all users using the report OR Dashboard?
... View more
08-30-2018
07:39 AM
Dear @ pyro_wood ,
Thanks for answer.
This search that you provided gives wrong results .
... View more
08-29-2018
09:12 AM
I'm looking for query where we can find users using the dashboards. The report I need is of users using XabAB_TBBBBB_Dashboard in Splunk Report Window, between the 20th August - Till Date.
But when I try to find it by using below query, it gives the wrong
results .Thanks in advance 🙂
index="_internal" sourcetype=splunkd_ui_access | rex "/app/(?[^/]+)/(?[^?/\s]+)" |stats values(user)
... View more
08-13-2018
09:06 AM
Hi Somesoni2 ,
This search gives results .In DownFROM is august 13 DownTo is august12. Which is I changed as below .Please Correct query if anything not correct .Thanks In advance 🙂
index=_internal host=a OR host=b OR host=..all other hosts.. component=HttpPubSubConnection Running phone
| table _time host | sort 0 host _time | streamstats current=f window=1 values(_time) as prev_time
| eval duration=abs(_time-prev_time) | eval DownTo=strftime(prev_time,"%+") | eval DownFrom=strftime(_time,"%+") |dedup host
... View more
08-08-2018
11:48 AM
Need help on this question can anybody help me? Thanks in advance !
... View more
08-07-2018
09:38 AM
Hi somesoni2
This query is not working .Not getting any output
Thanks,
Splunker969
... View more
08-06-2018
12:34 PM
Not getting any output
... View more
08-06-2018
09:25 AM
Hi somesoni2
This query is not working .
Thanks,
Splunker969
... View more
08-06-2018
08:51 AM
Hi somesoni2 ,
Thanks for the query. In above query How can i know from which time to when the splunk server is down for example 8/3/2018 7 am to 8/4/2018 6 am .. and .Down time in hours Please ?
Thanks,
splunker969
... View more
08-06-2018
08:27 AM
Hi ,
We had list of servers a,b,c,d,e,f. How can we check how long splunk uf agents are down on the servers a,b,c,d,e,f? At present we restarted uf agents. I am looking for a query. Any help would be great. Thanks in advance 🙂
... View more
07-17-2018
03:15 PM
Hi Splunk members,
How Can I get some metrics to indicate things like search concurrency, search queue depth, cancelled/timed out searches, etc by search head and by indexer?
... View more
05-16-2018
11:24 AM
Hi all we have list of 10 Solaris servers and they are us servers we installed ufs on those servers and are pointing us deployment servers .In deployment client.conf file .Since we have search when I ran that search it is showing that it is phoning home with Uk Deployment server any Help with query ? I believe there is something wrong with Query .Please correct query if any changes need ?Help highly appreciated ?
Query -
| `get_coverage(baseline="isac_systems", feed="kpci_8100_solaris")` | eval Coverage = if('Full Coverage'=="Yes" OR 'Partial Coverage'=="Yes","Yes","No")|search "Full Coverage"="*" "Partial Coverage"="*" "Calculated Region"="*" "Phoning Home"="Yes" "Whitelisted"="*" Coverage=No "Operational Environment (Sys)"="PROD" OR "Operational Environment (Sys)"="DISASTERREC" | table "System Name" "Application" "Solution" "Calculated Asset Group" "Calculated Asset Type" "Calculated Lifecycle Status" "Lifecycle Phase" "OS Type" "OS" "Calculated Region" "Operational Environment (Sys)" "Server Zone" Component Function "Data Source Count" "Data Sources" "Full Coverage" "Partial Coverage" "Whitelisted" "Phoning Home" "Last Phone Home Time" "IMD" deployment_server |rename deployment_server as "Phoning Home Deployment Server" | fields - "." | lookup imd_splunkds_mapping IMD Country_Code AS "Calculated Region" | rename Calculated_DS as "IMD Calculated Deployment Server"
... View more
- Tags:
- splunk-enterprise
05-16-2018
10:02 AM
Hi Mate,
As we are getting the duplicate results from the csv table and the results are coming with both normal host name and hostname with FQDNS. How do we resolve this and please suggest.
Example:
host
host.com
Thanks.
... View more
05-16-2018
09:09 AM
In csv better we need to keep host names as below i got results but in more hosts than csv file .
host H
YY* YES
XX* YES
... View more
05-16-2018
08:35 AM
Hi ellitproebstel ,
Thanks :)Search is working can you help me to find the fully qualified name for host when i search its giving me host name in short cut .
... View more
05-16-2018
08:07 AM
When Iam trying to run this search its giving me wrong results .Please correct my search. In my csv is having to coumlmns one is host and other H=YES . Thanks
| metadata type=hosts index=*
| join [| inputlookup watchlist1.csv |search H=YES| rename Host as host]
| stats min(firstTime) as firstTime, max(recentTime) as recentTime, max(lastTime) as lastTime, sum(totalCount) as totalCount by host
| sort lastTime
| convert cTime(firstTime) ctime(recentTime) ctime(lastTime)
| fields host, firstTime, recentTime, lastTime, totalCount
... View more
04-23-2018
01:34 PM
Since I have the 3 tables in one panel... I can't able to drag to the horizontal. Please find the XML in the below
<search>
<query>index=_* | head 10</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<option name="charting.chart">area</option>
<option name="charting.drilldown">none</option>
<search>
<query>index=_* | head 10</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<option name="charting.chart">area</option>
<option name="charting.drilldown">none</option>
<search>
<query>index=_* | head 10</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<option name="charting.chart">area</option>
<option name="charting.drilldown">none</option>
This result in the Dashboard as
USA Regions
Region A
Region B
Region C
I need to place these in vertically instead of horizntal these are in same panel .How to orgainze .?
Region A Region B Region c
Please suggest!!
... View more
04-23-2018
12:45 PM
1 Karma
Hi ,
I have list of panels in dashboard? In one panel i have to organize panels with in that panel as vertically I have them in horizontal in that panel. Cant use Java script ?
Example
Region A
--
Region B
--
Region C
--
I need to place these in vertically instead of horizntal these are in same panel .How to orgainze .?
Region A Region B Region c
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:03 AM
|
Karma from
