-
1 month ago
AzJimbo commented on the post, License Usage by Index per Day
In reply to: SplunkNinja wrote a new post, License Usage by Index per Day The following Splunk search query will output license usage for each index for each day for the week to date. It will also output an average for each […] ViewBummer – this doesn’t work with my dev license. So I built a workaround. I can get daily usage, but not over time. So this runs every night just before the data rolls over and is lost:
59 22 * * * Sooner or later I’ll have to add a data roll off to the csv based on date collected.|inputlookup license_tracking.csv append=true
|append
[|…[Read more] -
5 months ago
AzJimbo wrote a new post, Alerts in a Panel with Drilldown
A quick dashboard panel you can plop anywhere and get a view of alerts that have recently fired, including a drilldown based on the SID of the fired alert.
Alerts Fired
index=_audit action=alert_fired […]
-
8 months ago
AzJimbo wrote a new post, exploremydata – data explorer
This dashboard provides and overview of the data that is available to query.
Click on the index below to review source types in that index, and then a sourcetype to review fields. Finally, you can click on a […]
-
8 months ago
AzJimbo became a registered member
-
8 months ago
AzJimbo became a registered member
Been using this for a while, great dashboard!