cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
abazgwa21cz
Explorer
Member since: ‎12-22-2022
‎11-01-2023
Community Statistics
Posts 15
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎12-22-2022
Activity Feed
View All

Re: Error inputlookup

by in Splunk Search
‎10-23-2023 08:44 PM
‎10-23-2023 08:44 PM
I did , but no solution receive , Can u help me pls :  https://community.splunk.com/t5/Splunk-Search/Error-Search/m-p/665820#M228449 ... View more

Re: Error inputlookup

by in Splunk Search
‎10-23-2023 01:47 AM
‎10-23-2023 01:47 AM
Thanks alot , i have one more questions ,   I just install misp42 app in my splunk , and add misp instance to splunk , it work      But i want compare from : index=firewall srcip=10.x.x.x , it my log from firewall , so i want compare dstip with ip-dst from misp to detect unusual access activities  , like when dstip=ip-dst : 152.67.251.30 , how can i search this  , misp_instance=IP_Block field=value , i just try some search but it not work:  index=firewall srcip=10.x.x.x | mispsearch misp_instance=IP_Block field=value | search dstip=ip=dst | table _time dstip ip-dst value action It can't get ip-dst from misp instance , Can you help me with this OR can i get some solution to resolve this  Many thanks and Best regards !! ... View more

Error Search

by in Splunk Search
‎10-23-2023 01:46 AM
‎10-23-2023 01:46 AM
Hi guys ,  I just install misp42 app in my splunk , and add misp instance to splunk , it work      But i want compare from : index=firewall srcip=10.x.x.x , it my log from firewall , so i want compare dstip with ip-dst from misp to detect unusual access activities  , like when dstip=ip-dst : 152.67.251.30 , how can i search this  , misp_instance=IP_Block field=value , i just try some search but it not work:  index=firewall srcip=10.x.x.x  | mispsearch misp_instance=IP_Block field=value | search dstip=ip=dst | table _time dstip ip-dst value action It cant get ip-dst from misp instance , Can anyone help me with this OR can i get some solution to resolve this  Many thanks and Best regards !! ... View more
Labels

Search with MISP42 App in Splunk

by in Splunk Search
‎10-19-2023 01:58 AM
‎10-19-2023 01:58 AM
Hi guys ,  I just install misp42 app in my splunk , and add misp instance to splunk , it work    But i want compare from : index=firewall srcip=10.x.x.x , it my log from firewall , so i want compare dstip with ip-dst from misp to detect unusual access activities  , like when dstip=ip-dst : 152.67.251.30 , how can i search this  , misp_instance=IP_Block field=value , i just try some search but it not work:  index=firewall srcip=10.x.x.x  | mispsearch misp_instance=IP_Block field=value | search dstip=ip=dst | table _time dstip ip-dst value action It cant get ip-dst from misp instance , Can anyone help me with this OR can i get some solution to resolve this  Many thanks and Best regards !! ... View more
Labels

Re: Error inputlookup

by in Splunk Search
‎01-31-2023 12:05 AM
‎01-31-2023 12:05 AM
my mistake . thanks alot it work now  ... View more

How to fix Error inputlookup?

by in Splunk Search
‎01-30-2023 11:29 PM
‎01-30-2023 11:29 PM
I have an issues with lookup, i create a table  I want to exclude path in lookup table from my search, so i try this query :  index="kaspersky" AND etdn="Object not disinfected" p2 NOT ([ inputlookup FP_malware.csv]) | eval time=strftime(_time,"%Y-%m-%d %H:%M:%S")|stats count by time hip hdn etdn p2 | dedup p2 it seems not working . So how can i fix this ????? Many thanks !!   ... View more
Labels

Re: The monitor input cannot produce data because ...

by in Monitoring Splunk
‎01-12-2023 10:42 PM
‎01-12-2023 10:42 PM
how can i check that ?  ... View more

The monitor input cannot produce data because splu...

by in Monitoring Splunk
‎01-12-2023 09:05 PM
‎01-12-2023 09:05 PM
I have and issues with red status :   The monitor input cannot produce data because splunkd's processing queues are full. This will be caused by inadequate indexing or forwarding rate, or a sudden burst of incoming data. i check in Indexing Performance: Instance and almost field had 100%  and when i check CPU and memory used and license used it had alot space     so how can i find the issues and can i fix this problem        ... View more
Labels

Re: Configure CRON expression

by in Alerting
‎12-25-2022 07:31 PM
‎12-25-2022 07:31 PM
it works, thanks alot ... View more

How can I configure a CRON expression such that an...

by in Alerting
‎12-25-2022 07:07 PM
‎12-25-2022 07:07 PM
How can I configure a CRON expression such that an alert was sent each 2hours in a day, and every day in weeks. ?? Many thanks !!! ... View more
Labels

Re: Cron expression

by in Alerting
‎12-25-2022 06:49 PM
‎12-25-2022 06:49 PM
How can I configure a CRON expression such that an alert was sent each 2hours in a day, and every day in weeks. ?? Many thanks !!! ... View more

Re: Set Scheduled Search

by in Splunk Search
‎12-23-2022 12:34 AM
‎12-23-2022 12:34 AM
Thanks for your answer  when i create alert from my search, it seem spam like this    and it maybe accumulated with previous result So i now i want to search in range each 2 hours, and export sum of data user sent in 2 hours how can i fix this    ... View more

Set Scheduled Search

by in Splunk Search
‎12-23-2022 12:08 AM
‎12-23-2022 12:08 AM
I want to set a Schedule for my search to find the data sent by user in our system . This is my search to catch each user sent more 2GB  I am used bin _time span=2h but maybe it not correct, it Incremental for every 2hours later.  So how can I take a search mean who sent more 2GB data in each 2 hours ?? Many thanks !!! ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎11-01-2023 06:15 AM
Karma given to
View All