XXXXXX y XXXXXX y
So this is my value of a field z . How to replace this with XXXXXX y.
Below is not working
rex mode=sed field=z "s/XXXXXX y XXXXXX y/XXXXXX y/g"
↧
Replace field value using rex
↧
Getting local ports into Splunk
Hello
I have splunk enterprise installed on a local macos device for testing. I get the DNS traffic into splunk.
I have tried the GUI to add a UDP port 53 data input, but get receive this problem `Parameter name: UDP port 53 is not available.`
I have also tried `sudo /Applications/Splunk/bin/splunk add udp 53`
Parameter name: UDP port 53 is not available.
and this `sudo /Applications/Splunk/bin/splunk enable listen 53`
Parameter name: TCP port 53 is not available.
I understand ports below 1024 must be root, however i don't want to run splunk as root, and i am not sure this is the problem.
Can someone please confirm if i have to run splunk as root to be able to list to my own local ports, or do i have some other issue, and what are some options to get local ports < 1024 into splunk?
↧
↧
Calculate memory usage on windows machine ??
I am trying to setup a Memory utilization dashboard for windows machines. I did try to set up the dashboard but I am able to get it only to a stage where I can only setup dashboard for memory available But I need metrics for memory utilized by time.
Here is what I am trying
index=**** sourcetype="Perfmon:Available Memory" | bucket _time span=15m | eval gigabytes=(((Value/1024)/1024)/1024) | eval GB=round(gigabytes, 2) | timechart avg(GB) by host limit=0
Any help is greatly appreciated.
↧
sql app for splunk document
i want to install sql app splunk but i cant fine any documentation about it, can you help me how can i set up this app ?
↧
Single value panel colour trend using JS and to refer value from lookup file
I have a single value panel which displays a numeric value and i want to color the panel background based the number range.
the range will be changed periodically so i want to get the value from input-look to apply the color on the panel.. is it possible?
@niketnilay pls help
↧
↧
use the correct charset for \xCB
Hi at all,
I have to ingest in Splunk logs from a mainframe that contains some chars that are pipe (|) and Splunk read as \xCB.
Anyone can suggest the correct CHARSET to use to correctly read these chars or a workaround to solve the problem?
I cannot replace them because it doesn't seem possible to read them using a regex.
At the same time I cannot leave them in the log because all the regexes to extract fields have problems for the presence of there chars.
I'm studying a solution, but if anyone has an idea...
Thank you in advance.
Bye.
Giuseppe
↧
How can I add a static value into a table row
I would like to create a dashboard to have some charts for showing statistics of occurrence. the query for plotting the chart is as follows.
| chart count(range) as "Count" by range
But I would like to include the device with the range = 0. i.e. Which cannot be logged with Splunk but I have the static value that is calculated by Total - Count(range>0), how can I insert this value into table such that it can be plotted in the chart?
I know that the scenario is little bit hard to understand, to put it briefly , I would like to add a static value as one of the data into the existing table. Is it possible to do that?
↧
Where to find documentation of OLD (pre 6.3.x) Splunk Universal forwarder?
In the splunk official documentation pages, http://docs.splunk.com/Documentation/Forwarder/7.1.2/Forwarder/Abouttheuniversalforwarder
The document version starts ONLY from 6.4.0
Any links/bookmarks to get the older installation documentation and release notes (eg 6.2.14 version) etc.?
↧
Calculating another time frame based on time input
I am trying to build a dash where I need to calculate another earliest and latest based on an input of time.
The second time would get calculated depending on the values in a dropdown, see below example.
I want to add 90,180 or 1 year to the time set in the input="time". I have tried to add the calculations into the input but it is not returning any values. I have also tried to include
| eval calc_early=strptime($main_time.earliest$,"%Y-%m-%d")
| eval comp_early=relative_time(calc_early,$review_modifier$)
| eval calc_late=strptime($main_time.latest$,"%Y-%m-%d")
| eval comp_late=relative_time(calc_late,$review_modifier$)
In the query itself but that is also not working.
-6mon@mon now Previous 180 Days Previous Quarter Previous 180 Days Previous Year -1q@q 7776000 -6mon@mon 15552000 -1y@y 31536000
| eval calc_early=strptime($main_time.earliest$,"%Y-%m-%d")
| eval comp_early=relative_time(calc_early,$review_modifier$)
| eval calc_late=strptime($main_time.latest$,"%Y-%m-%d")
| eval comp_late=relative_time(calc_late,$review_modifier$)
↧
↧
Splunk DB connect not getting all data from the server
Hi,
I have added new table to Splunk DB Connect, it fetching only 30% of the data from the Database.
Below is the SQL query given
SELECT Guid, JobName, UsageEnd, TotalAllPages, TotalPrintedPages, PrintPages, CopyPages, ScanPages, FaxPages, BWPages, ColourPages, DuplexPages, LargePages, SmallPages, PrintLargePages, PrintSmallPages, PrintBWLargePages, PrintBWSmallPages, PrintColLargePages, PrintColSmallPages, CopyLargePages, CopySmallPages, CopyBWLargePages, CopyBWSmallPages, CopyColLargePages, CopyColSmallPages, ScanLargePages, ScanSmallPages, ScanBWLargePages, ScanBWSmallPages, ScanColLargePages, ScanColSmallPages, ColLargePages, ColSmallPages, BWLargePages, BWSmallPages, Print2ColPages, Copy2ColPages, RXFaxPages, TXFaxPages, AmountPaid, AltPrice0, AltPrice1, AltPrice2, PrinterID, PrinterName, PrinterLocation, ServerName, SerialNumber, UserID, UserName, UserLogin, GroupID, GroupName, CCID, CCName, CCPathName, SheetsUsed, NonChargeable, NonChargeReason, TypeOfJob, LFPJob, LFPCopyJob, LFPPrintJob, LFPScanJob, LFPCopyBW, LFPCopyCol, LFPPrintBW, LFPPrintCol, LFPScanBW, LFPScanCol, DateMMDDYYYY_101, DateMMDDYYYY_110, DateYYYYMMDD_102, DateYYYYMMDD_111, DateYYYYMMDD_112, DateDDMMYYYY_103, DateDDMMYYYY_104, DateDDMMYYYY_105
FROM DsPcDb.dbo.uFExport WHERE UsageEnd>=? ORDER BY UsageEnd ASC
Thanks in advance
↧
How to get the result of timechart value divided by a number.?
search command
host= index= sourcetype=syslog job=* "jobname" | dedub job | fields - _raw | timechart span=1d count by jobname
I get the result as
_time jobname
2018-09-08 24
2018-09-07 12
2018-09-06 36
But I need the result as below ( like dividing the jobname field value by 6)
_time jobname
2018-09-08 4
2018-09-07 2
2018-09-06 6
Please suggest.
↧
Event counts with start and end time
Hi,
I have event like "DB connection failed" in db_logs sourcetype.
I would like to get the start and end time between which count of occurrences of "DB connection failed" exceeds 100.
So, something like-
Start Time End Time Count
9/10/2018 14:20 9/10/2018 14:58 159
9/10/2018 12:56 9/10/2018 12:58 101
9/10/2018 10:40 9/10/2018 11:10 111
↧
Is it possible to make "scrollWheelZoom setting" disabled in missile map app ?
Hello,
I would like to make MouseScrollsetting disabled in missile map apps.
But the following option settings do not work for missile map apps.
-mapping.tileLayer.minZoom
-mapping.tileLayer.maxZoom
-mapping.map.scrollZoom
Addtionally, I tried changing the following "scrollWheelZoom: " of Javascript in missile map apps.
source: .../apps/missile_map/appserver/static/visualizations/missile_map/visualization.js
---------------------------------------
L.Map.mergeOptions({
// @section Mousewheel options
// @option scrollWheelZoom: Boolean|String = true
// Whether the map can be zoomed by using the mouse wheel. If passed `'center'`,
// it will zoom to the center of the view regardless of where the mouse was.
scrollWheelZoom: false,
---------------------------------
However "scrollWheelZoom" setting did not work when I changed true to false.
Do anyone hava a idea about the setting to make it disabled or the zoom setting to be disable?
I would appreciate any idea.
Best regards,
↧
↧
Risk Rating Calculate
I am using Splunk Version 6.4.1 and installed SPlunk DB connect App 3.1 and connection is established.
I can see the tables in Splunk , I need to calculate Risk rating of that particular parameter How I can calculate with using SPlunk Query.
Currently data is not showing with that particular application, Is it possible we can calculate Risk rating
Thanks,
Sahil
↧
Help me with extraction
Hello,
Help me to extract rows which contains Remote Desktop Users or Administrators fields name:
"Server";"Local Group";"Name";"DisplayName";"Type";"Domain";"SID"
"server.peter.fd.com";"Remote Desktop Users";"S-1-5-21-1326131322-1829978501-250757269-1454717";"";"User";"EU1";"S-1-5-21-1326131322-1829978501-250757269-1454717"
"server.peter.fd.com";"";"$AT";"";"user";"domain";"S-1-5-21-1326131322-1829978501-250757269-1584230"
"server.peter.fd.com";"";"$OZ";"";"user";"domain";"S-1-5-21-1326131322-1829978501-250757269-1570766"
"server.peter.fd.com";"";"$TS";"";"user";"domain";"S-1-5-21-1326131322-1829978501-250757269-1505491"
"server.peter.fd.com";"";"$TH";"";"user";"domain";"S-1-5-21-1326131322-1829978501-250757269-1083479"
"server.peter.fd.com";"";"$SS";"";"user";"domain";"S-1-5-21-1326131322-1829978501-250757269-1528479"
↧
Is it possible to delete a specific user data once its indexed?
hi Team,
Would like to check is it possible to delete a specific user data once it gets indexed. If the data is in multiple indexes and sourcetypes which we are aware of then is it possible?
Thanks,
Sree
↧
Is it possible to set a token through an html form rather than an input?
Hello,
I'm trying to set a token from within an html form which is within a panel. Since the date input in HTML is very useful, I'm trying to pass that value to a token for use in dashboard panel searches. Here is an idea of what I'm trying to do (it doesn't work):
Is what I'm trying to do at all possible?
Thank you and best regards,
Andrew
↧
↧
Modifying rows and columns in the Splunk table
Hello,
I have written a splunk search which produces the following table:
from to parameter value
A C bla_1 111
B D bla_2 222
I want to modify that table into the following:
from to value
A bla_1 111
B bla_2 222
bla_1 C 111
bla_2 D 222
Would you have any ides on how to achieve this?
Thank you.
↧
Extracting String from an Event
Here is a sample event that essentially tells me which user ( **UG32791**) was using the game at that time.
For each user multiple such events are created. I want to be able to know *in each hour how many distinct users were connected* to the server.
I could use some help in parsing the user name from the events and then do something like | stats dc(user_name) by hour
2018-09-10 09:07:40,502 INFO [http-nio-116.0.1.1-8082-exec-212] [BreakssFogFilter] UG32791 POST https://rambo.ixngames.com/userLogout.action 5928653kb
↧
How to display the results sorted in desc order ?
I am trying to display the response times in chart for my services , But how do I display the response times results in chart in desc order (Highest number first)? | eval Date=strftime(_time, "%Y-%m-%d") | chart avg(response_time) over services by Date | rename * as avg_* | rename avg_services as services | foreach avg_* [eval "<>"= round('<>',2)] | rename avg_* as *
↧