index=_internal sourcetype=splunk_python action="handleCreate" | stats latest(_time) as _time by loginUsername indexName
0 comments
| rest splunk_server=local /servicesNS/nobody/-/storage/collections/config | fields title eai:acl.owner eai:acl.app | where !match(title,"\.mlmodel") | rename eai:acl.* as * | map [ | inputlookup $title$ | foreach * [ | eval b_<<FIELD>>=len(<<FIELD>>) + 1 ] | addtotals b_* fieldname=b | stats sum(eval(b/1024/1024)) as mb | eval name="$title$", owner="$owner$", app="$app$" ] maxsearches=1000
0 comments
index=_internal sourcetype=splunkd (alert_description="'certificate expired'" component=SSLCommon) OR (component=TcpInputProc AND "certificate verify failed")
0 comments
[ | tstats count where punct=#* by index, sourcetype | fields - count | format ] _raw=#*
0 comments
[ | tstats count where punct=#* by index, sourcetype | fields - count | format ] _raw=#* | eval gb=len(_raw)/pow(1024,3) | timechart span=1d sum(gb)
0 comments
index=_internal sourcetype=splunkd group=search_concurrency name=search_queue_metrics | timechart avg(current_queue_size)
0 comments
index=_audit action=edit_user operation=create |rename object as user |eval timestamp=strptime(timestamp, "%m-%d-%Y %H:%M:%S.%3N") |convert timeformat="%d/%b/%Y" ctime(timestamp) |table user timestamp
0 comments
index=_audit action=search info=completed search_et="N/A" search_lt="N/A" user!=splunk-system-user | stats count by user
0 comments
index=_internal tcpouteloop "connected to idx" | stats count by idx
0 comments
| rest splunk_server=local /servicesNS/-/Splunk_SA_CIM/data/models | fields title eai:data | spath input=eai:data path=objects{}.fields{} output=fields | mvexpand fields | spath input=fields | fields - eai:data fields
0 comments