cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
skovachev
Explorer
Member since: ‎02-10-2022
‎09-13-2024
Community Statistics
Posts 4
Solutions 1
Karma Given 3
Karma Received 0
Member Since ‎02-10-2022
Activity Feed
View All

Re: Why does entity import from CSV upload incorre...

by in Splunk ITSI
‎03-14-2023 01:13 AM
‎03-14-2023 01:13 AM
@skramp  Thanks for help, truly we figured it out import file needs more than one column . They should add this into a note somewhere becuase some people like to test with simple hostname lists only. ... View more

Why does entity import from CSV upload incorrectly...

by in Splunk ITSI
‎02-21-2023 04:26 AM
‎02-21-2023 04:26 AM
Hello, I have a list of few hundered servers in csv file like in the picture below.     I am trying to import servers as entities in ITSI. When I do csv import I get  below : Any Idea why is not uploading correct? ITSI we are using is 4.11.4 ... View more
Labels

Re: How to create Screen Lock Time of Windows PC c...

by in Splunk Search
‎02-14-2022 04:27 AM
‎02-14-2022 04:27 AM
HI Vatsa, Thank you for the time you spent with my problem. I am unable to figure out the regex. I am trying another scenario now where I calculate the Scree Locked time minus the screen Unlock time so I can get total duration of screen was locked on a windows pc. Here are the logs and what I managed to put together so far. Information,Audit Success,11.2.2022 г. 13:51:11,Microsoft-Windows-Security-Auditing,4800,Other Logon/Logoff Events,Security,"The workstation was locked.   Information,Audit Success,11.2.2022 г. 13:51:19,Microsoft-Windows-Security-Auditing,4801,Other Logon/Logoff Events,Security,"The workstation was unlocked.   index="........." | rename EXTRA_FIELD_8 as message | rename "Event ID" as eventid | rename "Date and Time" as DT | eval message=if((eventid=4800),"LOCKED", "UNLOCKED") | table message,DT I would appreciate any help with substracting Locked time from Unlock time and creating a Mon-Fri timechart that shows duration of a pc on screenlock 🙂 ... View more

How to create sleep time of Windows PC calculation...

by in Splunk Search
‎02-10-2022 05:39 AM
‎02-10-2022 05:39 AM
Hi,  I am using following search into Windows EventViewer System logs  that I extracted for testing: index="503461" host="hp-laptop" "Sleep Time"  Log looks like below: Information,4.2.2022 г. 12:55:47,Microsoft-Windows-Power-Troubleshooter,1,None,"The system has returned from a low power state. Sleep Time: ‎2022‎-‎02‎-‎04T10:38:18.391571900Z Wake Time: ‎2022‎-‎02‎-‎04T10:55:46.701556600Z Wake Source: Device -USB Composite Device"     I am trying to calculate the two time stamps into total duration. Can someone help with the search string, thank you 🙂 ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎09-13-2024 07:52 AM
Karma given to
View All