Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About mnakhuda
mnakhuda
New Member
Member since:
07-31-2018
09-16-2020
Community Statistics
| Posts | 6 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 07-31-2018 |
Activity Feed
- Posted Historical License Usage on Dashboards & Visualizations. 09-16-2020 01:33 PM
- Posted Re: How do you restrict the visibility of reports and alerts? on Alerting. 01-24-2019 01:19 PM
- Posted Re: How do you restrict the visibility of reports and alerts? on Alerting. 01-24-2019 01:04 PM
- Posted How do you restrict the visibility of reports and alerts? on Alerting. 01-23-2019 07:28 AM
- Tagged How do you restrict the visibility of reports and alerts? on Alerting. 01-23-2019 07:28 AM
- Tagged How do you restrict the visibility of reports and alerts? on Alerting. 01-23-2019 07:28 AM
- Tagged How do you restrict the visibility of reports and alerts? on Alerting. 01-23-2019 07:28 AM
- Tagged How do you restrict the visibility of reports and alerts? on Alerting. 01-23-2019 07:28 AM
- Tagged How do you restrict the visibility of reports and alerts? on Alerting. 01-23-2019 07:28 AM
- Posted Re: Windows Event Query on Splunk Search. 08-01-2018 07:03 AM
- Posted Windows Event Query on Splunk Search. 07-31-2018 12:21 PM
- Tagged Windows Event Query on Splunk Search. 07-31-2018 12:21 PM
- Tagged Windows Event Query on Splunk Search. 07-31-2018 12:21 PM
- Tagged Windows Event Query on Splunk Search. 07-31-2018 12:21 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
09-16-2020
01:33 PM
I am looking for a way to create a query that will search and store license usage data per index. The idea is that I want to be able to view this visually in a dashboard (timechart). Currently, I use the following query: earliest=-30d@d latest=@d (index=_internal source=*license_usage.log* type="Usage") | eval h=if(len(h)=0 OR isnull(h),"(SQUASHED)",h) | eval s=if(len(s)=0 OR isnull(s),"(SQUASHED)",s) | eval idx=if(((len(idx) == 0) OR isnull(idx)),"(UNKNOWN)",idx) | timechart span=1d eval(round((sum(b)/1024/1024/1024),3)) AS Volume by idx useother=f limit=0 | addtotals row=t col=f fieldname="Daily (GB)" From my understanding, the internal index retention is 30 days. I do not want to change this, but be able to search back past 30 days for license data similar in format to the above mentioned query. Any advice is appreciated, thanks!
... View more
Labels
- Labels:
-
timechart
01-24-2019
01:19 PM
Thank you. There are hundreds of reports/alerts so it will take some time to implement.
... View more
01-24-2019
01:04 PM
For this I assume I would need to go to each individual alert and manually share it?
... View more
01-23-2019
07:28 AM
I was wondering if there is a way to have ALL reports and alerts visible to only specified users? For example, I would like all my administrators to have access to any and every report/alert, but I do not want regular users to be able to view them at all (as if they don't even exist).
If someone can help that would be greatly appreciated.
Thanks in advance!
... View more
08-01-2018
07:03 AM
Thank you for your response. I believe that it is over any minute. The timing aspect of this query is what I am unsure of and need further guidance on.
... View more
07-31-2018
12:21 PM
Hi, I am having some difficulty creating an alert with the following criteria:
EventCode 4769
AND multiple requests from a single Account
OR multiple requests from a single Client_Address
AND ticket requests for 3 or more unique Service_Name’s
AND frequency of 3 or more requests per minute
AND Service_Name IS NOT a computer account (Regex: \$$)
AND Ticket_Encryption_Type IS NOT 0x12
If anyone could guide me that would be very much appreciated. These logs come in as WinEventLog.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
09-16-2020
05:34 PM
|
