Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About utk123
utk123
Path Finder
Member since:
02-11-2018
05-14-2022
Community Statistics
| Posts | 31 |
| Solutions | 1 |
| Karma Given | 6 |
| Karma Received | 0 |
| Member Since | 02-11-2018 |
Activity Feed
- Posted How to create a status bar chart? on Dashboards & Visualizations. 05-14-2022 04:40 AM
- Posted Re: Splunk wildcard for specific position of character in a host list on Splunk Search. 06-22-2021 07:37 PM
- Karma Re: Splunk wildcard for specific position of character in a host list for kamlesh_vaghela. 06-22-2021 07:36 PM
- Posted Splunk wildcard for specific position of character in a host list on Splunk Search. 06-22-2021 08:02 AM
- Posted Re: Get list of hosts and total number of hosts in 1 report on Reporting. 05-25-2021 02:10 AM
- Karma Re: Get list of hosts and total number of hosts in 1 report for ITWhisperer. 05-25-2021 02:08 AM
- Posted Get list of hosts and total number of hosts in 1 report on Reporting. 05-25-2021 12:28 AM
- Posted Re: Timechart for multiple search total on Splunk Search. 03-08-2021 10:28 PM
- Posted Timechart for multiple search total on Splunk Search. 03-08-2021 12:35 AM
- Tagged Timechart for multiple search total on Splunk Search. 03-08-2021 12:35 AM
- Posted Re: Get results per week for custom _time field on Splunk Search. 11-10-2020 06:00 PM
- Posted Get results per week for custom _time field on Splunk Search. 11-10-2020 02:14 AM
- Tagged Get results per week for custom _time field on Splunk Search. 11-10-2020 02:14 AM
- Tagged Get results per week for custom _time field on Splunk Search. 11-10-2020 02:14 AM
- Tagged Get results per week for custom _time field on Splunk Search. 11-10-2020 02:14 AM
- Karma Re: Last 6 months search using new date field for Sfry1981. 06-05-2020 12:51 AM
- Karma Re: Last 6 months search using new date field for richgalloway. 06-05-2020 12:51 AM
- Karma Re: Why is my subsearch not working? for niketn. 06-05-2020 12:50 AM
- Karma Re: how to extract multiple values into one field for thambisetty. 06-05-2020 12:49 AM
- Posted Last 6 months search using new date field on Splunk Search. 05-19-2020 05:40 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
05-14-2022
04:40 AM
I am trying to create a simple bar chart to check and report status of a service.
Something similar to Intercom Status. (https://www.intercomstatus.com)
The bar will show green if the service is up (1), and will show red if the service go down (2), in per day status.
Like a 0 (red) and 1(green).
any suggestions if this can be achieved with Splunk?
... View more
Labels
- Labels:
-
chart
06-22-2021
07:37 PM
Thanks KV, that works perfect.
... View more
06-22-2021
08:02 AM
I have a table with more than 50000 hostnames. I want to run a wild card for 5th & 6th character in a hostname list. My list sample: hostname SERVINBBB01 SERRCNAAA01 SERSSPBBC55 SERRINAAC98 SERWINSSS11 In my search result, I want to get list of hosts with IN in 5th & 6th location. Results should be: hostname SERVINBBB01 SERRINAAC98 SERWINSSS11 With asterisk(*) (example: *IN*) I am not able to get these results, as characters before and after 5th, 6th position are not same always.
... View more
- Tags:
- wildcard
Labels
- Labels:
-
Other
05-25-2021
02:10 AM
This also works, but accepted another answer as that is better in format.
... View more
05-25-2021
12:28 AM
I have 2 reports which I want to combine so that I get 1 email with both information. 1. Total number of hosts index=abcd mysearch | stats count as Hostname 2. List of hosts index=abcd mysearch | table Hostname Results I expect: Total Hostname: 145 Hostname host1 host2 host3 Please advise.
... View more
- Tags:
- stats table
Labels
- Labels:
-
saved search
03-08-2021
10:28 PM
I get below error: Error in 'inputlookup' command: This command must be the first command of a search.
... View more
03-08-2021
12:35 AM
Hello, I want total of multiple searches in timechart per week. My search in simple format last 90 days: | inputlookup abcd.csv | search host=*CC* | dedup host | stats count(host) as "List1"
| appendcols
[| inputlookup efgh.csv | search host=*AA* | dedup host | stats count(host) as "List2"]
| appendcols
[| inputlookup xyz1.csv | search host=*BB* | dedup host | stats count(host) as "List3"]
| eval Total=List1+List2+List3
| timechart span=w@1w sum(Total) as "Hosts" If I run it without last timechart line, then it gives me total for 90 days or 1 week, but I need same results calculated weekly using timechart, and display total per week.
... View more
- Tags:
- timechart
11-10-2020
06:00 PM
this doesn't work. same results. fixed_dates got results every day, not just monday or thursday. But I want to combine results for a week to Monday or a fixed day in a week, which is not working. It's because I am running a search for last 7 days, and so I only see last 2 Mondays. If I run the same search for last 6 months, then I see results for every Monday, but then the numbers are not correct. So I need to run it for last 7 days only to see latest results.
... View more
11-10-2020
02:14 AM
Hello, I am running a search for last 7 days results, and i am using fixed_date field as _time field. fixed_date can have any value in last 1 year, so I filtering for results of last 6 months. I want the weekly results to show for every Monday. Below query shows results for last 2 Mondays, but then it pickup Thursday. index=abcd sourcetype=abcd (IP=x.x.x.x OR IP=y.y.y.y)
| eval _time=strptime(fixed_date,"%Y-%m-%d")
| where _time > relative_time(now(), "-6mon")
| bin _time span=w@w1
| stats count by IP ID _time
| stats count as "Fixed vulnerabilities" by _time
Results I get:
_time Fixed vulnerabilities
2020-05-07 3678
2020-05-14 1455
....<few weekly results for total 6 months>
......
2020-10-22 5543
2020-10-29 2212
2020-11-02 7732
2020-11-09 2213 Only last 2 are Mondays, but all before those are Thursdays. how to get it for every Monday?
... View more
Labels
- Labels:
-
timechart
05-19-2020
05:40 AM
Hello,
I am trying to use another field (LAST_FIXED_DATE) as _time in my log search. LAST_FIXED_DATE got dates from 2008, 2009.....2020.
But I just want to find data for LAST_FIXED_DATE value from last 6 months. (example: Nov 2019 till April 2020)
Below query is not working, and still shows me _time value from 2008.
My query:
main search ....
| eval _time=strptime(LAST_FIXED_DATE,"%Y-%m-%d")
| table _time
Results what I see:
2008-06-30
2008-06-01
I just want _time to show values for last 6 months, and not back to 2008.
I have tried adding earliest and latest, but then I get no results.
... View more
- Tags:
- _time
04-16-2020
04:31 AM
Not this answer @to4kawa, but the answer you gave earlier worked. it seems you changed it to addtotals.
... View more
04-16-2020
04:29 AM
Below answer works. Thanks to @to4kawa for helping.
main search...
| bin span=w@1w _time
| stats count by IP VID _time
| stats count by _time
... View more
04-16-2020
04:27 AM
tried it, but it just shows Events, and no Statistics or Visualization to check results.
... View more
04-16-2020
04:23 AM
It works if I just change the sequence of _time in bin command.
main search...
| bin span=w@1w _time
| stats count by IP VID _time
| stats count by _time
... View more
04-16-2020
03:15 AM
First answer with makeresults doesn't give any results.
Second answer's logic I understand, but it doesn't seem to remove the duplicate values for IP and VID.
Maybe if you can help to modify second answer to remove duplicate values, it would work. I have tried few changes to your second answer, but no luck.
... View more
04-16-2020
02:12 AM
For my logs with IP and Vulnerability ID (VID), I have few duplicate values. Which I can easily remove with "dedup IP, VID". As this will only show single value in logs for an IP+VID combination.
But with timechart over 1 month it doesn't work, as if I dedup before timechart, it removes duplicate values and doesn't show exact results for every week.
I need dedup to run for every week separately under timechart to give correct results.
Currently running:
My main search.... | dedup IP, VID | timechart span=w@1w count
Results what I get with incorrect count:
_time ** ** count
2020-03-17 2224
2020-03-17 218
2020-03-17 689
2020-03-17 1432
2020-03-17 666
But actually if "dedup IP, VID" works separately for each week, then each week's result should be around 2000.
Thanks in advance.
... View more
03-04-2020
07:06 PM
Tried both methods, but it's not giving expected results. So I have just used notepad++ feature to replace all subnets ending with "star" from column to single row. and now all 100 subnets ending with "star" are in single row.
Like:
IP="10.10.10." OR IP="10.10.20." OR IP="100.100.20.*".....
Although it's not 100% exact, but close to exact, and working.
Thanks manjunathmeti.
... View more
03-04-2020
06:56 PM
Hi gaurav_maniar,
maybe the comments can be saved to a lookup file ? and everytime someone adds a comment it gets save in same lookup file, and pulled from there.
Not sure if that will work, so need suggestions.
... View more
03-03-2020
11:15 PM
I have a dashboard for daily alerts, and I want to add a comment text box at extreme right of it for team to add comments.
Splunk query:
index=firewall (IP="10.10.10." OR IP="10.10.20." OR IP="100.100.20.*") (Status=deny)
| stats count(IP) As "Hits" by SrcIP, DstIP, Port, Status
Results in table format:
SrcIP DstIP Port Status Hits
10.10.10.1 10.10.10.2 80 deny 11
10.10.20.1 10.10.10.2 443 deny 45
I want to add a Comments text box to extreme right, so that the table will look like this:
SrcIP DstIP Port Status Hits Comments
10.10.10.1 10.10.10.2 80 deny 11
10.10.20.1 10.10.10.2 443 deny 45
how to add this on splunk dashboard ?
... View more
03-03-2020
08:45 PM
This doesn't give any results. 😞
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
05-14-2022
08:57 AM
|
Karma given to
