Table - compress rows into multiple columns
Hello, I am going through my company's indices and their sourcetypes and I want to create reports for each sourcetype to display all of their fields in a table. However, there are a lot of sourcetypes...
View Articleaverage calculation
sourcetype="MATIZ" host=A OR host=B or host=C | base search | timechart span=1d eval(round(avg(response_time),2)) by host with a search preset for 'last 30 days' Our system comprises of three hosts....
View ArticleHow to configure Monitoring console via CLI or REST
Is there a way to put the monitoring console in distributed mode using CLI or REST?
View Articlehow to display only those rows which have the fillnull values
index=abc |chart sum(" Views") by "Site" ,"Event Date" | fillnull value=0 how can I display only those rows which have the fillnull value
View ArticleProblem forwarding data from Universal forwarder
I am trying to index new data and it is not happening. I am indexing a single log file that is being written to by the server when ever new events are added. I put this statement into the MSIADDED...
View ArticlePopulating Dropdown with List of Indexes Not Working
I can't get a dropdown box to populate. I'm trying to allow the user to select an index from a dropdown list on my dashboard. I can run the search query in the query block and get results, but it won't...
View Articlein Penal result getting unwanted "NaN" in search query getting correct result.
in my Splunk query result getting result as "NaN" but i will run my query in search i will get correct result not NaN Please help me regarding this.
View Articlein Panel result getting unwanted "NaN" in search query getting correct result.
in my Splunk query result getting result as "NaN" but i will run my query in search i will get correct result not NaN Please help me regarding this.
View ArticleTransform to nullQueue depends on search?
Hello, I've been spending the last month experimenting with _Splunk_. Lately, i've tried to reroute a specific event to the _nullQueue_, with the intention of preventing it from being indexed: May 18...
View ArticleEmail Alert triggering when it shouldn't be, what's going on?
I have a search that shows the number of logs from various indexes for the last 60 mins. I have this saved as an alert to email me IF the event count < 1 million. I keep getting an email every hour...
View ArticleWhy am I unable to forward data from Universal forwarder?
I am trying to index new data and it is not happening. I am indexing a single log file that is being written to by the server when ever new events are added. I put this statement into the MSIADDED...
View ArticleWhy do I keep getting an email every hour despite the trigger condition not...
I have a search that shows the number of logs from various indexes for the last 60 mins. I have this saved as an alert to email me IF the event count < 1 million. I keep getting an email every hour...
View ArticleWe set interval = 0 * * * * (cron style) for a new input of Website...
We set interval = 0 \* \* \* \* (cron style) for a new input of Website Monitoring app, but the url is checked every 8 min. The app version is 1.4.0. Thank you.
View Articleextract field from adfs logs
I am trying to extract data out of an adfs log, but I do not how how I would do this (regex and I can't seem to get along..). I have the following data extracted into a field called "Message" that is...
View ArticleSplunk-Web : how to generate directed graph on nodes and filter
Hi experts, please help. I am using Splunk Web. I am learning splunk. I want to have nodes visualized as directed graphs in splunk. Dummy test data. ![alt text][1] What I want to do: - The right table...
View Articlecorrelate between tow sources
hi i have tow devices, i want to check the result of the same event in tow devices. for example if one source is blocked in one device on another device what is the action! Device A = fw=x.x.x.x...
View ArticleJavascript SDK oneshotsearch , unable to fecth two query
var http = new splunkjs.ProxyHttp("/proxy"); // Create a Service instance and log in var service = new splunkjs.Service(http, { username: "admin", password: "", scheme: "https", host: "localhost",...
View Articlesplunk handling csv file with each line have different format
dears, I have CSV file consist for example of multiple numbers of line each line has different header and length depending on word in the line for example if column two in file contains cpu then it...
View ArticleCheckpoint OPSEC log collection Error
Hello I am trying to integrate Checkpoint logs into Splunk using the OPSEC LEA modular input/TA. I notice the below error post configuring the connections and inputs 2018-05-20 05:53:33,998 +0000...
View ArticleHow do I export my dashboard onto Python shell?
I have recently tried out on exporting data via Splunk SDK (Python) to test out the connection between the SDK and Splunk which works. But now I want to export my display onto my Python shell. I'm...
View Article