×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
abhinav_go
Explorer
Member since: ‎05-28-2020
‎06-18-2024
Community Statistics
Posts 6
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎05-28-2020
Activity Feed
View All

Re: Display time in UTC

by in Getting Data In
‎06-18-2024 03:59 AM
‎06-18-2024 03:59 AM
@asieira  I tried this query but not working for me and getting Error in 'eval' command: The expression is malformed. An unexpected character is reached at `\"%Y-%m-%dT%H:%M:%SZ\"), \`   same macro:  [strftime_utc(2)] args = field, format definition = strftime($field$ - (strptime(strftime($field$, \"%Y-%m-%dT%H:%M:%SZ\"), \"%Y-%m-%dT%H:%M:%S%Z\")-strptime(strftime($field$, \"%Y-%m-%dT%H:%M:%S\"), \"%Y-%m-%dT%H:%M:%S\")), \"$format$\")   and now my search looks like: *My query* | eval utc_time=`strftime_utc(_time, "%Y-%m-%dT%H:%M:%SZ")`   ... View more

Re: Error in 'eval' command: The expression is mal...

by in Splunk Search
‎06-18-2024 03:56 AM
‎06-18-2024 03:56 AM
Any suggestions by anyone or any query to suggest which I can use to leverage to convert and enforce user's input time to UTC time format only ? ... View more

Re: Error in 'eval' command: The expression is mal...

by in Splunk Search
‎06-14-2024 03:07 AM
‎06-14-2024 03:07 AM
Even after removing the escape character , still getting error, now as "Error in 'EvalCommand': The expression is malformed." Updated query :  strftime($field$ - (strptime(strftime($field$,"%Y-%m-%dT%H:%M:%SZ"),"%Y-%m-%dT%H:%M:%SZ") - strptime(strftime($field$,"%Y-%m-%dT%H:%M:%S"),"%Y-%m-%dT%H:%M:%S")),"$format$")   Also in "validation expression" while creating macro, i wrote   iseval=1   ... View more

Error in 'eval' command: The expression is malform...

by in Splunk Search
‎06-14-2024 12:42 AM
‎06-14-2024 12:42 AM
Hello team , I am trying to create macro and than use in my splunk dashboard . The purpose is to get time of entered input in dashboard (in only UTC standard) irrespective of user’s time setting in Splunk.  My macro is : [strftime_utc(2)] args = field, format definition = strftime($field$ - (strptime(strftime($field$, \"%Y-%m-%dT%H:%M:%SZ\"), \"%Y-%m-%dT%H:%M:%S%Z\")-strptime(strftime($field$, \"%Y-%m-%dT%H:%M:%S\"), \"%Y-%m-%dT%H:%M:%S\")), \"$format$\")  and now my search looks like: *My query* | eval utc_time=`strftime_utc(_time, "%Y-%m-%dT%H:%M:%SZ")` So that always get the output in UTC standard only. But I am getting below error:  Error in 'eval' command: The expression is malformed. An unexpected character is reached at '\"%Y-%m-%dT%H:%M:%SZ\"), \"%Y-%m-%dT%H:%M:%SZ\") - strptime(strftime(_time, \"%Y-%m-%dT%H:%M:%S\"), \"%Y-%m-%dT%H:%M:%S\")), \"%Y-%m-%dT%H:%M:%SZ\"))'. How can i resolve ? Any help is appreciated. Thanks ... View more
Labels

Re: The Splunk web interface is not opening

by in Security
‎09-05-2020 03:31 AM
‎09-05-2020 03:31 AM
I am also facing same issue. and got response from curl command.How can i check my firewall(s) if that is not blocking?  ... View more

Threat intelligence framework

by in Splunk Enterprise Security
‎09-01-2020 12:37 PM
1 Karma
‎09-01-2020 12:37 PM
1 Karma
Hi , Can anyone provide me approach/steps for integrating threat intelligence framework to Splunk ES. Also , how to pull active thread feed, export offensive IP list to CSV and get hash file list from API through endpoint URL(i have that URL) using python script . I didn't understand clearly mentioned on Splunk doc so if anyone can put it together in simplified form.   Thanks  ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-18-2024 07:26 AM
Karma from
View All