Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About avivn
avivn
Explorer
Member since:
09-17-2014
03-01-2021
Community Statistics
| Posts | 15 |
| Solutions | 0 |
| Karma Given | 2 |
| Karma Received | 0 |
| Member Since | 09-17-2014 |
Activity Feed
- Posted Threat Intel module mapping multiple fields to same variable on Splunk Enterprise Security. 02-23-2021 04:20 AM
- Karma Re: How to hide HTML in panel when multiple tokens are set? for niketn. 06-05-2020 12:49 AM
- Karma Re: Splunk DB Connect 1: How to use the transaction command with dbquery? for acharlieh. 06-05-2020 12:47 AM
- Posted Re: How to count Max Sub-sequence of identical numbers? on Splunk Search. 02-26-2018 10:13 PM
- Posted Re: How to count Max Sub-sequence of identical numbers? on Splunk Search. 02-26-2018 06:17 AM
- Posted How to count Max Sub-sequence of identical numbers? on Splunk Search. 02-26-2018 05:13 AM
- Tagged How to count Max Sub-sequence of identical numbers? on Splunk Search. 02-26-2018 05:13 AM
- Tagged How to count Max Sub-sequence of identical numbers? on Splunk Search. 02-26-2018 05:13 AM
- Tagged How to count Max Sub-sequence of identical numbers? on Splunk Search. 02-26-2018 05:13 AM
- Posted Re: How to hide HTML in panel when multiple tokens are set? on Dashboards & Visualizations. 08-30-2017 12:11 AM
- Posted How to hide HTML in panel when multiple tokens are set? on Dashboards & Visualizations. 08-28-2017 07:15 AM
- Tagged How to hide HTML in panel when multiple tokens are set? on Dashboards & Visualizations. 08-28-2017 07:15 AM
- Tagged How to hide HTML in panel when multiple tokens are set? on Dashboards & Visualizations. 08-28-2017 07:15 AM
- Tagged How to hide HTML in panel when multiple tokens are set? on Dashboards & Visualizations. 08-28-2017 07:15 AM
- Tagged How to hide HTML in panel when multiple tokens are set? on Dashboards & Visualizations. 08-28-2017 07:15 AM
- Tagged How to hide HTML in panel when multiple tokens are set? on Dashboards & Visualizations. 08-28-2017 07:15 AM
- Posted Re: how to create line chart with multiple fields like timeline? on Splunk Search. 04-07-2017 11:43 AM
- Posted how to create line chart with multiple fields like timeline? on Splunk Search. 04-07-2017 08:59 AM
- Tagged how to create line chart with multiple fields like timeline? on Splunk Search. 04-07-2017 08:59 AM
- Tagged how to create line chart with multiple fields like timeline? on Splunk Search. 04-07-2017 08:59 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
02-23-2021
04:20 AM
Hi, In threat intel module when adding a new threat feed source, The feed contains also sha-256 and MD5 but I can map only one of them to the file_hash var, There is an option to map multiple fields into the same var?
... View more
Labels
02-26-2018
10:13 PM
thank you it works !
... View more
02-26-2018
06:17 AM
because i want to count the sequence of zeroes the sequence goes like this:
the values:0,0,0,0,0,1,0,1,1,0,0,
the result : 3,4,5,6,7,-, 1,- ,-,1,2
the zeros at the start continues the zeroes at the end
each value is in a different row same column
... View more
02-26-2018
05:13 AM
Hello ,
I need to calculate the maximum length of identical numbers
for example : 0,0,0,0,0,1,0,1,1,0,0 and search for the sequence of 0, the result should be 7 in this case
Anyone have any ideas how this could be accomplished?
... View more
08-30-2017
12:11 AM
thank you!
... View more
08-28-2017
07:15 AM
hello,
I have a panel with tag like this:
<panel>
<html rejects="$first$,$second$">
....text....
</html>
</panel>
I have two tokens based on different searches in the dashboard.
I want the HTML to be hidden when both the token are set.
how can I do this?
thanks.
... View more
04-07-2017
11:43 AM
the data from excel, so Splunk took the first row (the seconds) as columns name.
... View more
04-07-2017
08:59 AM
hello,
i have this raw table:
1 2 3 4 5 6 7 8 9 10
0 0 0 0 0 0 0 0 0 0
502 497 496 496 497 500 499 499 498 497
0 0 0 0 0 0 0 0 0 0
496 491 493 492 493 497 496 497 497 492
496 488 492 491 490 496 495 497 496 491
506 502 502 501 504 506 504 504 503 501
496 490 490 490 491 495 493 494 494 491
549 541 542 541 542 547 547 548 547 542
the first line indicates second, the other lines indicate unique tester with his result for each second.
how can i create a chart that contains for the 8 testers the timeline with the value of each second?
thank you
... View more
09-21-2016
12:43 AM
hello,
I'm trying to do a stats count command and to show "0" (for single value chart) instead of N/A in case the query gets no results found.
i tried fillnull but nothing happened.
thank you
... View more
- Tags:
- splunk-enterprise
09-20-2016
08:45 AM
hello
what is the command to check if a field exists in one column but not the other?
for example, to count the "10.2.3.3" because it exists in the source column but not in the target column :
source_ |target
10.1.2.3 |10.1.2.3
10.2.3.3 |10.2.2.2
thanks
... View more
08-27-2015
01:38 AM
Hey,
Ended up using dedup file_id instead of using transaction like @acharlieh suggested and it works great !
Thank you both for your help.
... View more
08-25-2015
01:57 AM
First of all thanks for the help.
I tried to do | table * | transaction file_id and got no results as well.
I do need the functionality of the transaction because in the sql table, every time there is a status update in another table it adds a line to the table I am trying to query, So I need to have a single line of each file_id with the latest status data.
After the transaction function I want to continue work with other columns, but now I'll know I'm working on the latest status data.
... View more
08-23-2015
08:34 AM
Hi,
I am trying to run the transaction command on a SQL query with DB Connect 1.
My problem is when I am using the following query:
| dbquery <connection> <SQL Search> | transaction <file_id>
I get :
No results found
< file_id> - is the column I need to group by.
The Query itself is working if I remove the transaction part.
Also, If I run use transaction on an index, it's working fine.
Any help is appreciated,
Thanks.
... View more
