11 months, 3 weeks ago
AzJimbo wrote a new post
ESCU Update Tracking
Description: Splunk Threat Research team (STRT) does a good job at keeping up with new analytics. However, for smaller deployments it can be difficult to […]
1 year, 3 months ago
AzJimbo wrote a new post
exploremydata – data explorer
This dashboard provides and overview of the data that is available to query. Click on the index below to review source types in that index, and then a […]
1 year, 3 months ago
AzJimbo wrote a new post
Sourcetype missing in Datamodels| tstats count WHERE index=* NOT index IN(sum_*, *summary, cim_*, es_*,splunkd* splunk_*) by sourcetype | fields – count | append [| datamodel | rex […]
4 years, 3 months ago
AzJimbo wrote a new post
Have you ever wanted to truly express your emotions related to your search results but wasn’t sure how? Why not use an emoji? But how, you ask? Well, problem solved. Welcome to the emoji bonanza!
emoji b […]
4 years, 5 months ago
AzJimbo commented on the post, License Usage by Index per Day
In reply to: SplunkNinja wrote a new post The following Splunk search query will output license usage for each index for each day for the week to date. It will also output an average for each index over the course of the given […] ViewBummer – this doesn’t work with my dev license. So I built a workaround. I can get daily usage, but not over time. So this runs every night just before the data rolls over and is lost:
59 22 * * * Sooner or later I’ll have to add a data roll off to the csv based on date collected.|inputlookup license_tracking.csv append=true
4 years, 9 months ago
AzJimbo wrote a new post
A quick dashboard panel you can plop anywhere and get a view of alerts that have recently fired, including a drilldown based on the SID of the fired alert.
Alerts Fired
index=_audit action=alert_fired […]
5 years ago
AzJimbo became a registered member
5 years ago
AzJimbo became a registered member
How can you do this without the CVS?