Previous Page | Next Page
123456789101112131415161718
Splunk Search for A list of all lookup files Copy
| rest /services/data/transforms/lookups | table eai:acl.app filename title fields_list id | rename eai:acl.app as App, filename as "Lookup File", title as Title, fields_list as "Fields", id as Endpoint
0 comments
Splunk Search for Status of roles on Splunk servers Copy
| rest /services/server/roles | table splunk_server role_list
0 comments
Splunk Search for Roles and user permissions Copy
| rest /servicesNS/-/-/authorization/roles count=0 splunk_server=local | fields title, capabilities
0 comments
Splunk Search for Roles with access to indexes Copy
| rest /servicesNS/-/-/authorization/roles count=0 splunk_server=local | fields title,srchIndexesAllowed | rename srchIndexesAllowed as Indexes, title as Role | search Indexes=*
0 comments
Splunk Search for List of indexes that cannot be accessed by any users Copy
| rest /servicesNS/-/-/data/indexes count=0 | where disabled=0 | fields title | rename title as index | join index type=left [ | rest /servicesNS/-/-/authorization/roles count=0 splunk_server=local | fields title,srchIndexesAllowed | rename srchIndexesAllowed as index, title as role | mvexpand index | where NOT match(index,".*\*.*") ] | search role=*
0 comments
Splunk Search for Memory usage by Splunk server Copy
| rest splunk_server=* /services/server/status/resource-usage/hostwide | eval "% Memory Used"=round(mem_used/mem,4)*100 | table splunk_server "% Memory Used" | rename splunk_server as "Splunk Server"
0 comments
Splunk Search for Extract DNS information from netscaler syslog Copy
sourcetype="citrix:netscaler:syslog" DNS | rex field=_raw "^\s+(?<date>[^:]+):(?<time>[^\s]+)(?:[^:\n]*:){3}(?<source_ip>[^#]+)(?:[^/\n]*/){8}\d+#(?<dns>(?#)[_a-zA-Z0-9.-]+)(\.\/)" | eval date=date." ".time | table date, source_ip, dns | rename date as Date, source_ip as Source, dns as DNS
0 comments
Splunk Search for Access to dashboards by app Copy
index=_internal sourcetype=splunk_web_access host=* user=* | rex field=uri_path ".*/(?<title>[^/]*)$" | join title [| rest /servicesNS/-/-/data/ui/views splunk_server=* | search isDashboard=1 isVisible=1 | rename eai:acl.app as app | fields title app ] | rename title as dashboard | stats count by _time user dashboard app host | rename user as User, dashboard as Dashboard, app as App, host as Host, count as Count
0 comments
Splunk Search for Generating command with events Copy
| windbag
0 comments
Splunk Search for Unsuccessful OSX logins Copy
sourcetype=osx_secure | rex field=_raw "authinternal\sfaile\sto\sauthenticate\suser\s(?<user>\S+)" | stats count by user, host | sort - count
0 comments
Previous Page | Next Page
123456789101112131415161718