How to create dependency between dropdown and time range picker in one...
I have a dashboard, where I need to add one dropdown with values like LOR, LTDS, then need to create one Time span picker like 30 minutes, 1 hour, 1 day and then the time range i.e for last 7 days or...
View ArticleSearch not showing all events
Hi, i do have the following problem: index=atmo_pc sourcetype=SE10 Station=60 as you can see, my search is pretty basic. It is just a small part of a whole Dashboard, which depends on the selected...
View ArticleSplunk Reports with multiple queries
HI, Currently, I'm using 18 planels in dashboard with 18 different queries to pull the results from same table. As you aware that dropdown filters will not enable the email schedular feature.., Is...
View ArticleAbout spliting events
For example, the following logs are available. 2018-05-17 10:00:00.000 columnA columnB columnC 1111111 2222222 3333333 aaaaaaa bbbbbbb ccccccc I want to index this log as two events as follows. _time...
View ArticleSplunk not picking up all the files from the folder it is Monitoring
I am using Splunk 7.0.1, Trial Version. I have a folder that consists of JSON records. These JSON records are created by a Python script by parsing a log file. On keeping that folder to monitor in...
View Articlehow to use mvfilter to find out three or more evals?
suppose my search like this | eval A1=mvindex(mvfilter(a1="1" OR a2="2" OR a3="3") | eval B1=mvindex(mvfilter(b1="1" OR b2="2" OR b3="3") | eval C1=mvindex(mvfilter(c1="1" OR c2="2" OR c3="3") so here...
View Articlemerging multiple events into single events
Hello Splunkers , I have one file whose starting line can be anything but that file ends with "Completed Backup" line . So currently the contents of file is getting indexed line by line based on time ....
View ArticlePossible duplication OR Splunk indexing some of events more than once in...
I suspect that I may have duplicate events indexed by Splunk after the splunk DB_connect_app upgrade from 2.4 version to 3.1.3 version. The cause may be my originating files having dupes OR my Splunk...
View ArticleUnable to find from where a field is being extracted
I have checked all my forwarder and indexer and search head apps. but unable to find from where a field it's extracted.
View ArticleHow to exclude multiple time ranges from multiple searches by defining the...
I have a number of services monitored by Splunk, and as the maintenance breaks should be excluded from performance calculations, I found from the community a solution of type: index=my_data_index |...
View ArticleTrial license usage wrong?
Hi, I am running a Splunk Enterprise server v.7.1.0 with the trial license (500MB/day) and was just given a violation warning that I've exceeded the daily allowance. When I go to the License Manager...
View Articlesendresults Command|How to Dynamically Highlight the rows of result set in...
I have query like index=abc|table KPI RULE_ID BATCH_NO STATUS I am sending the result to an email where I want to highlight the row whose STATUS="Payment Medium Created". I want this to be done in...
View ArticleCan splunk found a log file if it is present in zip folder?
I have yearly multiple folders which were zipped except the present year folder. Each and every folder has a specific log file. But I want to monitor those log files from this year. So can anyone tell...
View ArticleSophos and syslog
**First Part** I configure central syslog server where I planned to have all logs from all syslog devices. my syslog configuration is below: $ModLoad imudp $UDPServerRun 514 $template...
View ArticleExpired server.pem and sslVerifyServerCert = false on splunkforwarder
Hello guys, could you let me know if splunkforwarder will continue to work if sslCertPath=$SPLUNK_HOME/etc/auth/server.pem specified in outputs.conf is expired with sslVerifyServerCert = false? Does...
View ArticleWhy does my DB Connect not connect to Microsoft SQL Server using Kerberos...
I am running a linux server and trying to establish a connection to McAfee with the SQL server using kerberos authentication. I have downloaded and installed the correct driver and DB connect...
View ArticleApp Update
Is this app still being maintained by the developer? It looks like the last version update was back in 2016. We are currently using this app but have had to reconfigure some of the back end (DM) to...
View Articleconvert my dropdown to radio button input
I have drop down listing down countries . for example my drop down has values as shown below .Now I want to display just two radio buttons instead of drop down ,which should be just UK and US and all...
View ArticleSplunk dispatch and srtemp cleanup question
Hi, I want to cleanup my srtemp and dispatch . When users abruptly stop searches in the middle, splunk is creating temp folders etc under srtemp and no cleaning them. ALso clean dispatch command...
View ArticleWhy does splunkd.exe have a spike in connections?
Why does the "Application Name: \device\harddiskvolume2\program files\splunkuniversalforwarder\bin\splunkd.exe" make excessive connections to the machine? I have run into this issue of it maxing out my...
View Article