Use app without DB Connect
For various reasons we don't use DB Connect or heavy forwarders in our environment, but I'd like to evaluate this app. I've managed to extract the SQL query from the app and have exported the data into...
View Articledifference between extracting data from the UI and the API in 6.3
We just upgraded from 6.2.2 to 6.3.3 and see a difference with how data can be pulled out of Splunk using curl as compared to the UI and then exporting data. I can run my search in the UI and I table...
View ArticleConditional count distinct if
Hello all, I'm looking to do a "count distinct value if record type = foobar" type of scenario. Hopefully, I'll be able to articulate what I'm trying to do here. record type A: record: person name: bob...
View Articlehow do you programmatically bump a search head?
Is there a Splunkish way (via curl or rest or something) to do the equivalent of clicking the bump button on the _bump page? It seems silly to write a script that has to generate the button click...
View ArticleIs it possible to configure inputs.conf to forward events based on "Custom...
Hi Splunk Community, Can one configure inputs.conf to forward events based on a "Custom Views" in Event Viewer? Specifically, we are looking to forward the events Certification Authority events. ![alt...
View ArticleHow to edit my search to pull the first instance of an AnyConnect VPN...
I want to know if anyone can help me pull the first instance of a VPN Connection for each start and end session. Anyconnect is currently set up to refresh all VPN session every 30 minutes. The problem...
View ArticleHow to configure a local Splunk Enterprise instance as both a forwarder and...
Hi, I have installed Splunk Enterprise version locally and configured the below from Splunk Web. 1-forwarding host:port, (localhost:9997) 2-receiving port to match with the same port.(9997) 3- Data...
View ArticleHow to edit my search to display a table of user IDs and IP addresses?
I have a search that searches for source IP addresses that hit a specific site. Then takes the source IP and “appends” that to the main search. I can get this to work producing raw data entries, but I...
View ArticleWhat is the limit of AppDynamics API calls can Splunk do?
Wondering if the calls are concurrently executed or sequential, or if there's a setting I can change in splunk (or in AppD perhaps?) thanks in advance!
View ArticleSplunkweb Navigation conflict between Splunk Add-on for Cisco ISE and the...
I recently installed the Splunk Add-on for InfoBlox as a fairly new Splunk user, and there seems to be a conflict between that and the Cisco ISE add-on. When I click on the Infoblox app in the search...
View ArticleDashboard drilldown not opening in new window
I have a drilldown dashboard which works fine, but my requirement is to open in a New Tab/New Window when clicked and it is not working I tried the below: $click.value$$click.value$
View ArticleHow to detect when a server has stopped indexing logs in Splunk?
I need to know what server(s) has stopped ingesting logs OR for which server the logs are not ingesting into Splunk. Thanks,
View ArticleAutomatic extraction of fields not happening for json data input to Splunk...
I have a process to send json format data to Splunk on an udp port. In settings I have mentioned `sourcetype = _json`. Splunk is able to detect and syntax highlight the data when search, but it is not...
View ArticleTheres is a limit by source on index?
I have an index "main" and several sources associated with this index. The size limit of the index has been reach (150MB), but when I look for the earliest event, there is a difference between the...
View Articlecorrelation of alerts to create dashboard
I have created alerts based on use cased for e.g. failed authentications. These alerts pertain to different datasources, - Failed auth on Windows Failed auth on Linux etc. The alerts results go into...
View ArticleAdding Unit with Value along with timechart
Dear Experts, We are trying to add unit with value with timechart. My query is : index = xyz sourcetype = csv source = "C:\\Users\\co*" | eval Capacity =IPDU1_power+IPDU2_power | timechart...
View Article[Search "A"OR"B"] is not equal to [Search "B"OR"A"]
Hi I try Splunk myself after I've join in Splunk beginning Course and found this strange result. Does it bug or something? sourcetype = access_combined_wcookie | search status="200"OR"500" is not same...
View ArticleSplunk Connect - Cloudera
Hello Sir/Madam, I installed Hadoop 2.6.0-cdh5.4.2 both in Splunk side and as well my Hadoop cluster side. When I tried to run the following command: hadoop fs -ls hdfs://<>:8000 I get the below...
View ArticleHow to edit my stats search to find the percentage of a range?
I'm trying to build a simple SPL query to display the max, min, range (difference), and percent of the difference to the max value. index=myindex source="mysource"| stats max(count), min(count),...
View ArticleIs it possible to run a search with a cron expression inside the search?
My requirement is to monitor files daily, weekly, monthly, and quarterly and I have to search during a specific time period for all these types of files and show how many were not received. Not sure if...
View Article