Previous Page | Next Page
123456789101112131415161718
Splunk Search for Users Running All Time Searches Copy
index=_audit action=search info=completed search_et="N/A" search_lt="N/A" user!=splunk-system-user | stats count by user
0 comments
Splunk Search for Indexers a Univeral Forwarder is Sending Data To Copy
index=_internal tcpouteloop "connected to idx" | stats count by idx
0 comments
Splunk Search for Fields in CIM Datamodel Copy
| rest splunk_server=local /servicesNS/-/Splunk_SA_CIM/data/models | fields title eai:data | spath input=eai:data path=objects{}.fields{} output=fields | mvexpand fields | spath input=fields | fields - eai:data fields
0 comments
Splunk Search for Details on Active Database Connected (DBX) Connections Copy
| rest splunk_server=local /servicesNS/-/splunk_app_db_connect/configs/conf-db_connections | search [ | rest splunk_server=local /servicesNS/-/splunk_app_db_connect/configs/conf-db_inputs | search disabled=0 | stats count by connection | fields - count | rename connection as title | format ] | table title connection_type database host identity port
0 comments
Splunk Search for Database Connect (DBX) Inputs Copy
| rest splunk_server=local /servicesNS/-/splunk_app_db_connect/configs/conf-db_inputs
0 comments
Splunk Search for Deployment Clients Phoning Home to Deployment Server Copy
index=_internal sourcetype=splunkd *phonehome* component=DC* | stats latest(_time) as _time, latest(_raw) as _raw by host
0 comments
Splunk Search for Detecting Log4J jndi Vulnerabilities (CVE-2021-44228) (Log4Shell) Copy
[ | tstats count where index=* AND punct IN ("*${*","*$%*") earliest=-7d latest=now by index, sourcetype | fields - count | format ] AND (((punct=*$* AND punct=*:*) OR (punct=*%*)) AND ("*${*" OR "*%24{*" OR "$%7B*" OR "*%24%7B*"") AND ("//" OR "%2F%2F" OR "/%2F" OR "%2F/") ) | eval decoded_raw = urldecode(_raw) | regex decoded_raw="\$\S*?{\S*?j[A-Za-z:\-\$[]]*?n[A-Za-z:\-\$[]]*?d[A-Za-z:\-\$[]]*?i[^\s\/]*//.*"
1 comment
Splunk Search for Disk, CPU and Memory Details of SplunkCloud or On-prem Search Head Copy
| rest splunk_server=local /services/server/info | table splunk_server numberOfCores numberOfVirtualCores os_build physicalMemoryMB | appendcols [| rest splunk_server=local /services/server/status/partitions-space | table splunk_server mount_point available capacity ] | eval freeDiskGB=available/1024, totalDiskGB=capacity/1024 | table splunk_server numberOfCores numberOfVirtualCores os_build physicalMemoryMB mount_point freeDiskGB totalDiskGB | addcoltotals freeDiskGB totalDiskGB
0 comments
Splunk Search for Size of All Lookup Files on Search Head Copy
| rest splunk_server=local /servicesNS/-/-/data/lookup-table-files | fields title eai:acl.owner eai:acl.app | where !match(title,"\.mlmodel") | rename eai:acl.* as * | map [ | inputlookup $title$ | foreach * [ | eval b_<<FIELD>>=len(<<FIELD>>) + 1 ] | addtotals b_* fieldname=b | stats sum(eval(b/1024/1024)) as mb | eval name="$title$", owner="$owner$", app="$app$" ] maxsearches=1000
0 comments
Splunk Search for Size of Lookup File Copy
| inputlookup <insert lookup file name> | foreach * [ | eval b_<<FIELD>>=len(<<FIELD>>) + 1 ] | addtotals b_* fieldname=b | stats sum(b) as b | eval mb=b/1024/1024, gb=mb/1024 | fields b mb gb
0 comments
Previous Page | Next Page
123456789101112131415161718