Run mutiple unrelated search in one command
I have several searches, about 10, each of which produces a CSV file as an output. I would like to run this as scheduled jobs on a weekly/monthly basis. Is there a way to combine all these searches...
View Articlesearch command
Hi at all, I have a very strange behaviour in one of my search: - I extracted a field from a raw as a part of a word: "2016-04-13 12.12.45 ZZ1234567890123456789" and I need to take only the first 8...
View ArticleHow to install the Splunk Add-on for Fitbit in Splunk 6.4 on Linux?
Could you please provide installation instructions for Splunk 6.4 on Linux? thanks
View ArticleWhere do you install the InfluxDB Connect app?
Where do you usually install this app? Is it an app that is accessible via webserver? The documentation posted with the app is severely lacking...
View ArticleHow to place and sort data in a table for a single event based on the field...
Hello, I'm having trouble breaking apart an event into a chart. I have an event with 15 data points. The field titles are Alpha_1, Alpha_2, Alpha_3, Bravo_1, Bravo_2... all they way until Echo_3. I...
View ArticleRunning a basic search on XML formated events, why are search peers reporting...
I'm trying to run a very basic search against XML formatted events: sourcetype=ilo:events | xmlkv I'm getting the following error back from my search head: 9 errors occurred while the search was...
View ArticleHow did one of my users create a data model even though they have only a user...
He created the model under the search app, so I verified that he does not have write access to that app either. I even logged on as him to test it and I could not create one, so how did he do it?
View ArticleHow can I move logs from one index to another?
We recently moved several different logs that were in the "main" index to a newly-created index in order to organize our data on our lun a little better. I'm wondering if there is a way to move data to...
View ArticleUse NOT in IF condition
I have 2 files Account and Account.TXT and I have to get only the "Account" file details if( (like(filename,"Account%") AND NOT like(filename,"Account%.txt%") ),filename,"X") but it is returning both...
View ArticleUnreliable export using Python SDK
I've written a query that creates a stats table with a medium sized result with around 5 cols and 100k+ rows. When I run the query in the UI, it gives me consistent results. If I create a search job,...
View ArticleVerify the time in the response from IDP is in UTC time format.
I am working on integrating SAML authentication in our Splunk environment and I am running into following error after getting a response from the SAML request. "The conditions saml response failed...
View ArticleUI for checkboxgroupInput not updating when token for same is updated in...
I am creating a form (Simple XML converted to HTML) in Splunk 6.3.1. I am allowing the user to select which fields are returned in the table. To do this, I have a search which pulls values from a...
View ArticleHow to output a certain field from a lookup based on comparing the event...
I have a set of events. Based on that timestamp, I need to do a lookup with different data which looks something like this: Start_Date End_Date Phase 11/16/2015 0:00 11/20/2015 23:59 Build 1 11/30/2015...
View ArticleHow to get search results from SplunkJS on click of a button?
I'm trying to follow the instructions here, but making the app my own a bit. I have converted my XML dashboard to HTML and am working on editing the JavaScript to make it do something. I have a button...
View ArticlePerformance and Resource Usage on UF vs Splunk Enteprise Install
All, I have a couple small use cases where a full install of Splunk with the GUI disabled might be better than using a UF. And honestly, just curious. 1) Mainly some props manipulation/transforms I...
View ArticleWhy R6034 error while installing Splunk Enterprise 6.4 on Win 8.1 64-bit?
Why am I getting a error while installing Splunk Enterprise 6.4. The dialog box indicates: Microsoft Visual C++ Runtime Library Runtime Error! Program: C:\Program Files\Splunk\bin\Python.EXE R6034 An...
View ArticleUniversal forwarder compression testing
Hi, I'm wanting to assess the improvement in network utilisation after turning on compression. Is there any query of the internal index or metrics that are collected that can allow me to assess the...
View ArticleField extraction while searching question.
I want to extract the ip address as field 'ipaddress' while querying. 04-15-2016 05:34:01.228 -0400 ERROR HttpClientRequest - HTTP client error: Connection reset by peer (while accessing...
View ArticleHow to combine two fields into one to run a stats count search?
I have log events which are little different, but each event has a unique name which I am interested in. However, this unique name is not in one field. Say I have names of transactions which I want get...
View ArticleWhy am I unable to run the initial Home Monitor app setup with error "Page...
Just started using Splunk and trying to get the Home Monitor app working. Followed the directions posted via YouTube, installed Home Monitor, then Google Maps, and rebooted after each. When I log back...
View Article