How to search the number of times an IP address comes up in our network...
I'm searching for how frequently an IP address comes up in our network traffic during a 30, 30-60-60-90- and 90-120 day period. My search looks like the one below: index=networkTraffic | stats...
View ArticleInstead of a Home Page showing up with three different URLs, is there a way...
Is there anyway to treat all loaded home pages for a given URL path to be the same? For example the home page can show up as: 1) ending with forward slash, for example: `http://mysite.com/site1/` 2)...
View ArticleWhat are best practices for handling data in a Splunk staging environment...
All, We use a Splunk staging environment to test system upgrades and fine-tune props and transforms before deploying new indexing configuration into production. That's brought the temptation of letting...
View ArticleWhy am I getting this lookup error in our indexer cluster after installing...
After installing the Tenable PVSI app (#1844 on Splunkbase) on the search heads in our search head cluster, we get the following error from all 8 of the indexers in our indexer cluster: 'Could not find...
View ArticleHow to get the maximum value from a timechart table?
Hi folks, I am trying to obtain the maximum value from any cell in a table generated by a timechart search. For example, in the attached image the search string is: index=_internal | timechart count by...
View ArticleSearch Head's KV Store data replicating to Indexer
Hi , I have distributed environment ( 1 Search Head, 1 Indexer), and I have created KV Store lookup on the Search Head and set replicated = true. Now I am trying to use that same KV Store (which should...
View ArticleNo search results from AWS add-on, only log files are listed in 'Data Summary'
AWS add-on is running on a Splunk Head for test purpose and we are trying to fetch CloudTrail logs. Account, input source and proxy configuration seems to be correct. But I can't see any search result...
View ArticleHow do I compare distinct counts of a given field between two different time...
I have a CSV file that a list of customers and their orders. The format is as follows: OrderDate, OrderNumber, Customer, OrderAmount Same order number can be on multiple lines because a customer can...
View ArticleHow to get stats average with a where clause in the same search?
If I run this search: index=main sourcetype=Metrics MEASUREMENT_POINT_NAME = "Test" | stats avg(ELAPSED_TIME) I get the expected average. If I run the following search, I get the expected results of...
View ArticleSearch help to identify when start/finish tasks fail to finish properly.
Need some advice on a search. I have a logfile that clearly states starting and finishing tasks for each of the Batch Process jobs that run. There are ~70 different batch process jobs which are clearly...
View ArticleSplunk C# SDK: Why am I getting error "The handshake failed due to an...
I am getting the following error while build and run the Splunk C# SDK. Message=The underlying connection was closed: An unexpected error occurred on a send. Source=System StackTrace: at...
View ArticleHow do I get data from a website (browser console logs) to Splunk using the...
Hi, How do I get data from a website about errors, debug logs (console.log) to Splunk? I have used the Javascript SDK and the issue is with how the credentials need to be passed. It's like posting my...
View ArticleScript to automate uploading diags to box.com
I wrote a script that will create a diag and upload it to a folder on box.com. I have a copy of this script in my NFS home and I use another script to trigger it remotely on all of my servers whenever...
View ArticleHow to set colors for non-numeric values in single value visualizations?
Dears, I am having difficulty setting set colors for non-numerical values. Has someone gone through this problem? Main DashboardAlertas de Sistemasourcetype=syserrordapp | stats max(Level) count |...
View ArticleWhat happens to my multi-site indexing cluster when connectivity between...
Background: There are two types of ACKs in play here. - First is an inter-indexer ACK for data replication in an indexing cluster. When an indexer replicates a slice of data (when the slice hits 128K,...
View Articledoes snap-to mean snap forward or snap back?
for example if the time is 8:55 and I look for events -h@h, does that mean 7:00 (8:55-1=7:55, then to @h is 7) or 8:00? (8:55-1=7:55 but closest @h is 8:00) thanks
View ArticleSplunk Forwarder Windows Installation Fails with Error Code 1625
=== Verbose logging started: 4/4/2016 8:59:13 Build type: SHIP UNICODE 5.00.9600.00 Calling process: C:\Windows\system32\msiexec.exe === MSI (c) (A8:64) [08:59:13:892]: Resetting cached policy values...
View ArticleHow to send logs from a Kiwi syslog server to Splunk?
How to integrate Kiwi syslog server with Splunk? I mean what configuration changes are required to perform on the kiwi syslog server end.
View ArticleHow to integrate IndusGuard Application Scanner with Splunk ?
I am not getting any link or document to integrate IndusGuard Application Scanner with Splunk. Please help on the same.
View ArticleTo Get sum of hosts
Hi, i have a simple query where i am getting response times by host. i want to get the sum of hosts as a filed. I have to use that field in Slack. host=xxx* sourcetype=yyyyy | stats avg(time) by host...
View Article