cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
avishni01
Explorer
Member since: ‎07-12-2017
‎03-03-2022
Community Statistics
Posts 8
Solutions 0
Karma Given 4
Karma Received 1
Member Since ‎07-12-2017
Activity Feed
View All

cumulative sum

by in Splunk Search
‎02-07-2022 08:39 AM
‎02-07-2022 08:39 AM
Hello I have events that include a field of username ( and of course _time) .I would like to count how many users were added each month, but there are times with no new users were created.  I can find the first appearance of each user using Stats min(_time) by username And then I can use timechart to count new users by month and streamstats to get the cumulative sum. I have found how to fill the gaps if there were no new users during a month m by using the makecontinues command. what i didn't figure yet is how to fill the period before the first user creation and since the last time a user was created , until today . ... | timechart span=1mon count(username) as users | makecontinues spam=1mon _time | fillnull | streamstats sum(users) as com thanks for the help ... View more
Labels

Re: searching in 3 specific time periods

by in Splunk Search
‎11-01-2020 01:44 AM
‎11-01-2020 01:44 AM
This is exactly the kind of solution i was looking for, it works great. the only minor change was in the format part where i had to add OR a separator Thanks     ... View more

searching in 3 specific time periods

by in Splunk Search
‎10-28-2020 09:41 AM
1 Karma
‎10-28-2020 09:41 AM
1 Karma
Hello I have a sourcetype that have a lot thousands of event each minute so it is very big. i have a use case that i need to search for specific event in this source type , in some points of time during the night, (22:30-22:40 , 01:30-01:40 ,  03:00-03:10).  i have to find all the hosts that have the specific event 3 time at night in this time periods , and i need to check it for the last 7 days (the result i need at the end is count the number of night with 3 occurrence of the event in the last week) at the first step i am trying to reduce the number of events for this search by searching only for events in this time frame. i tried to eval new fields with the value of the hour, and filtering base on that field. this is not so good because splunk need to check all the events and then filter them. what is the best and efficient way to reduce the number of event that are included in my search to only those in the time periods above ? Thanks     ... View more
Labels

Configuring SAML base role - problem with new user

by in Security
‎03-25-2020 07:13 AM
‎03-25-2020 07:13 AM
hello We have a role that have permission to view an app, we have configured SAML GROUP to associate an AD group to that role. Users in this group are viewing the app correctly and it is working ok for long time. i have problem when new user is added to this group. no meter what i try , the new user cannot access the specific app , and cannot even see the app in the app list. between the things i have tried "reloading authentication configuration" , /debug/refresh but that didn't help what am i missing in this process setting permission to new user in existing group ? how can i debug the problem and understand why this user cannot access (or view ) the app ? Some information about our environment : SPLUNK 7.2.5.1 , in clustered environment Thanks Avishni ... View more
Labels

Re: Using WGET to monitor html webpage?

by in Dashboards & Visualizations
‎08-30-2019 12:37 AM
‎08-30-2019 12:37 AM
it is working fine for a simple HTML page i have created that dont have any CSS <!DOCTYPE html> <html> <body> hello this is a sample page content </body> </html> in this case - *in the selector settings of the Website Input you should put ** then to extract only the body of the html i have used the REX command index=web* sourcetype="web test" | rex field=content "(?msi)<Body>(?<testdata>.*)<\/Body>\s+" ... View more

Re: Using WGET to monitor html webpage?

by in Dashboards & Visualizations
‎08-29-2019 01:42 PM
‎08-29-2019 01:42 PM
i have used it for a while in a test environment. it is working ok but it takes some time to find the right selector. please note that the selector is based on the page CSS classes. in the search in your comment the selector is body which seem to be the html part. try finding the css class that define the text you are trying to get from the site. ... View more

Re: Using WGET to monitor html webpage?

by in Dashboards & Visualizations
‎08-29-2019 09:05 AM
‎08-29-2019 09:05 AM
hi you can try to use this Splunk app (or use it as a reference ) https://splunkbase.splunk.com/app/1818/#/overview ... View more

Re: How and where to start learning AWS to build a...

by in Splunk Search
‎11-16-2017 12:47 AM
‎11-16-2017 12:47 AM
plural-sight is a great source of information. i also use udemy. note that not all the courses there are with the same level , and some of them are not worth the time of watching them, so you should read reviews of the course before taking it. more than that udemy have a lot of promotions and sales, and you can find courses in funny price (like 10$ - that is something i can invest to learn something new) , put some interesting course in the cart and wait for promoand sale , don't pay the full price. good luck ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎03-03-2022 09:16 AM
Karma from
View All
Karma given to