Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About justdan23
justdan23
Path Finder
Member since:
06-19-2019
10-26-2020
Community Statistics
| Posts | 12 |
| Solutions | 0 |
| Karma Given | 12 |
| Karma Received | 0 |
| Member Since | 06-19-2019 |
Activity Feed
- Posted Re: Getting a comma separate string from values function within stats command on Splunk Search. 10-26-2020 04:11 PM
- Karma Re: Getting a comma separate string from values function within stats command for raoul. 10-26-2020 04:08 PM
- Karma Re: How to display a Total Users label within Title of Pie Chart? for Sukisen1981. 06-05-2020 12:50 AM
- Karma Use values from two panels in a third panel for dbcase. 06-05-2020 12:49 AM
- Karma Is there any way to re-create the TSIDX files reduced by enabletsidxredctuon? for justodaniel. 06-05-2020 12:49 AM
- Karma Re: How to merge cells in a table based on value for kbarker302. 06-05-2020 12:48 AM
- Karma Sorting the top 10 values of the each field that is grouped for renjujacob88. 06-05-2020 12:48 AM
- Karma Browser type Display issues with Useragent for puneetkharband1. 06-05-2020 12:47 AM
- Karma Re: Browser type Display issues with Useragent for ramdaspr. 06-05-2020 12:47 AM
- Karma After installing a new license, how do we reset our license violation counter that is currently preventing searches? for elinblegen. 06-05-2020 12:47 AM
- Karma Does someone have a lookup table for user agent strings (browser, os, versions, ect.) that they can share? for swb03. 06-05-2020 12:46 AM
- Karma Re: How do I clear out my violations listed in the UI under Manager >> License ? for richnavis. 06-05-2020 12:45 AM
- Karma Re: Show only events WITHOUT field for Lowell. 06-05-2020 12:45 AM
- Posted Re: Sorting the top 10 values of the each field that is grouped on Splunk Search. 11-20-2019 03:02 PM
- Posted Re: After installing a new license, how do we reset our license violation counter that is currently preventing searches? on Installation. 10-03-2019 03:05 PM
- Posted Re: How do I clear out my violations listed in the UI under Manager >> License ? on Installation. 10-03-2019 02:43 PM
- Posted Re: How do I clear out my violations listed in the UI under Manager >> License ? on Installation. 10-03-2019 02:42 PM
- Posted Re: How do I clear out my violations listed in the UI under Manager >> License ? on Installation. 10-03-2019 02:42 PM
- Posted Re: OS and browser extraction from useragent on Security. 09-30-2019 03:16 PM
- Posted Re: Browser type Display issues with Useragent on Security. 09-30-2019 03:14 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
10-26-2020
04:11 PM
Works for me in Splunk 8.0.2, but now I need to add a wildcard prefix and quotes to each value.
... View more
11-20-2019
03:02 PM
Start with your initial base query result which is grouped by "destination":
index=palo | stats count by direction, dest_port | stats values(dest_port) as dest_port, list(count) as src_count, sum(count) as total by direction | sort direction, - src_count
Note: I'm assuming your query above provides you the answer of all info. Without source data, I only fixed syntax errors with comma usage.
Here, you are rolling up all dest_ports using "values", but might be needing "list" instead to keep all values and "dedup" them as needed. Assuming the query above provides the total set of records...
To query only for the first 10 records of every "direction" for the 10 greatest number of times ports were used for that "direction", you need to use "streamstats":
| streamstats count as eventCount by direction, - src_count | where eventCount < 11 | fields - eventCount
This results in the top 10 (or less) records for each "direction" grouped value.
... View more
10-03-2019
03:05 PM
It doesn't clear out the violations. Ugh! It's holding my data hostage!
... View more
10-03-2019
02:42 PM
They should learn from Atlassian and JIRA licensing. Atlassian used to hold data hostage too, but realized it was better to allow users to fully use the product they bought to self host and not hold them hostage.
Price should cover service contract, not the product after the first purchase. Regardless of when license for support expires.
Don't hold us hostage!
... View more
10-03-2019
02:42 PM
They should learn from Atlassian and JIRA licensing. Atlassian used to hold data hostage too, but realized it was better to allow users to fully use the product they bought to self host and not hold them hostage.
Price should cover service contract, not the product after the first purchase. Regardless of when license for support expires.
Don't hold us hostage!
... View more
09-30-2019
03:16 PM
Is this better than TA-browscap? I'm trying to eval all these Apps to figure out which one to use.
... View more
09-30-2019
03:14 PM
I like this as a simple, basic check to identify the Browser Type without too much complexity.
Ideally, it would be nice to parse out specifics, but starting with something basic does answer the mail on this question.
... View more
09-30-2019
03:10 PM
Do you have an example of how this is hooked up to the eval to launch the script?
(I'll look it up, but was just curious. I had a Splunk SME say it was more efficient to do it with an eval and not a script though. He wouldn't share the script though and said he needed us to give him a quote to build it. Ugh!)
... View more
07-24-2019
12:40 PM
Note: The code block in this interface adds the numbers when trying to block a data sample.
Is there a better way for me to format this?
The Preview doesn't show the numbers before I posted it.
... View more
07-24-2019
12:38 PM
The log entry I have has:
Message=DNS query is completed for the name my.big.server.name.com, type 28, query options 1073897472 with status 0 Results ::ffff:10.2.1.20
How can I extract both the Named Address and IP Address into one Extracted Field with the value:
my.big.server.name.com (10.2.1.20)
The UI gives me an option to provide my own regex, but it clips the text:
DNS query is completed for the name (?P <dns_lookup>[^\, type]+)
... View more
- Tags:
- splunk-enterprise
06-19-2019
07:52 AM
I have a Panel on my Dashboard with a Chart showing the users who use the system.
The Chart shows the first 11 Users, but there is one pie slice showing "Other" to contain the remaining.
I'm trying to modify the Source of a Chart/Panel to display a Label under the Title showing the Total Users.
I'm using the following to create my Chart against an IIS log:
index=_* OR index=* sourcetype=iis | eval UN=upper(UN) | rename UN as Username | stats count (Username) as Total by Username | eval Username=Username." (".Total.")"
Is there a way to display a Label of the count of unique Username values under the Title or somewhere on the Chart? I tried using "", but the documentation is scarce.
<done>
<eval token="resultcount_tok">$job.resultCount$</eval>
</done>
Thoughts?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
10-26-2020
07:50 PM
|
