-
2 weeks, 4 days agogr33nlant3rn wrote a new post
Expand JSON fields using spathindex= | spath input= path={} | mvexpand {} | spath input={}
-
9 months, 3 weeks ago
gr33nlant3rn wrote a new post
Find duplicate eventsindex= | eval x=sha256(_raw) | stats count values(host) values(source) values(sourcetype) values(index) by x | where count>1
-
1 year, 2 months ago
gr33nlant3rn changed their profile picture
-
5 years, 1 month ago
gr33nlant3rn commented on the post, Dashboard and App views by user
In reply to: john117 wrote a new post This Splunk query / search shows historical access to dashboards and apps on a local splunk server. index=_internal sourcetype=splunk_web_access host=* user=* | rex field=uri_path […] ViewThis is GREAT!
Is there a way to map the user to their email or name? Would that require another join of some sort?
I looked into the base search and didn’t see an email or name field.
-
5 years, 12 months ago
gr33nlant3rn commented on the post, Show all currently logged in users
In reply to: ItsJohnLocke wrote a new post Use this Splunk rest query to list all currently logged in users (to your Splunk server). | rest /services/authentication/current-context | search NOT […] ViewI am not sure what updated is supposed to do… but, it looked like something close to epoc time? Anyway, I cut it off and the query looked cleaner?
-
6 years, 7 months ago
gr33nlant3rn became a registered member
-
6 years, 7 months ago
gr33nlant3rn became a registered member
