The dojo of Splunk. Learn, share, teach, mentor.
Videos
Latest Activity
Michael Wilde replied to Nikita's discussion Count failures and success via transaction"How are these transactions linked together... by a field called "ID"? If so.. just build them with the field ID, and then use one of the MV commands to extract a field with success or failure in it. Paste some samples and…"
Event aggregation
Event aggregation
Is there any way to create event aggregation in splunk ?
what happened is I got license violations do to Windows security event
log that repeated itself over 600,000 times in 2 hours
is there a way that I can "teach" splunk to alert when such a think
happen and ignore or drop the excessive event
splunk version is 4.0.10 .and for now I have an alert on license
violation , after the alert I searched for the 'Top
five sourcetypes (by total KB indexed) in the last 24 hours' (splunkninja.com/profiles/blogs/getting-more-intelligence-on)
and found the problematic event , but I only did this after the license violation
occurred
any ideas ?
Is there any way to create event aggregation in splunk ?
what happened is I got license violations do to Windows security event
log that repeated itself over 600,000 times in 2 hours
is there a way that I can "teach" splunk to alert when such a think
happen and ignore or drop the excessive event
splunk version is 4.0.10 .and for now I have an alert on license
violation , after the alert I searched for the 'Top
five sourcetypes (by total KB indexed) in the last 24 hours' (splunkninja.com/profiles/blogs/getting-more-intelligence-on)
and found the problematic event , but I only did this after the license violation
occurred
any ideas ?
Views: 15
© 2012 Created by Michael Wilde.
