Addtotals possible on stats list/count search?
I have the following search results and would like to add the count totals up. If I add the following line: |addtotals fieldname=Blocks I see the total, but the issue is for items with only one line,...
View ArticleHow to group by count with a stacked chart?
I have the following search... index="server_inventory" NOT "OS Name"=enclosure NOT "OS Name"=na NOT "OS Name"=unknown| eval Mfg=lower(Mfg) | eval "OS Name"=lower('OS Name')| replace windows* with...
View ArticleDrilldown to events distilled by bin command.
I've got a search I'm using in a dashboard panel that uses the bin command to group time in 10 minute intervals. The search is below: sourcetype=snmpget_hardware_utilization_data | eval cpu_warn = 70 |...
View ArticleSparklines Going Off the Page
All, I've been seeing this for a few weeks now. I want to say the problem started with our 6.2 upgrade. But all my sparklines are going off page basically. Forcing me to scroll out. These used to sorta...
View ArticleHow to get my search that currently gives me IP addresses to also give me the...
So I have a search that gives me IP addresses of internal servers. Would like to modify it so that it gives me the IP and DNS name of the servers. Looking through other Answers, I have created a...
View ArticleDoes the AMQP Messaging Modular Input support AVRO as the transport format?
Hi, Customer has data in AMQP message bus. Data is encoded using AVRO. Assume binary format, not JSON. Questions: Is there a need for an additional message handler described here?...
View ArticleFor a clean installation of a Splunk forwarder, how do we retain a previous...
Hey there, If we were to do a clean install of a Splunk forwarder (rip out previous version of forwarder), is there a way to retain/backup the previous forwarder's search information/history (CRC...
View ArticleWhy are saved alerts not appearing in the list of searches in Splunk Web?
If I create an alert via the "Searches, reports, and alerts" page in Splunk Web and save it, it doesn't appear in the list of searches on that page (even searching with an app and owner of "Any"),...
View ArticleHow to mask a field at search time only if the data is > 30 days?
I have a requirement to mask the value of a field after 30 days. The events are json events. The users need to be able to see/search all the fields except 1 for up to a year. The 1 field must be hidden...
View ArticleHow to recognize updated values in a look-up table
I have a look-up file that will constantly be updated through user input. How can I get Splunk to recognize new values in a look-up file that has already been indexed? Thanks for the help!
View ArticleAWS Splunk Enterprise - After Reboot Cannot Login With Named Admin Account
Splunk Version: 6.3.0 Splunk Build: aa7d4b1ccb80 I have cloned the default administrator account, made the clone a named account, logged in with the new named administrator account, and deleted the...
View ArticleHow to get my Deployment server to appear in the DMC?
Hi, I have a dev env, and noticed that my deployment server does not appear in the DMC. How do I get it to appear?
View ArticleAll dashboards are blank for splunk app for palo alto app
When I look at the Threat Dashboard, I can see data populating from the index=pan_logs. When I attempt to drill down or display any other dashboard, I get no results found on all panels. .When I give...
View ArticleLimit index license usage per day
Hi, I have Splunk running with several indexes configured. I want to limit one index (index=dev) so it will not use more than 1GB of the total license (10GB) per day. Can anyone help and explain how to...
View ArticleHow to configure inputs for Ariba?
I am interested in guidance for monitoring Ariba. I think it's a SAP application, but I've not been successful in finding anything on the web. Thank you for your assistance. David
View ArticleHow can I let users choose the displayed language from a drop-down list in...
Hi, I need to let Splunk users internationalize a Splunk App (dashboards, views, etc) without changing their browser settings. The user should have a drop-down list with the available languages to...
View ArticleHow to configure Splunk to set the event timestamp based on filename for date...
Hello, I don't know if it is possible get this setup. I should load into Splunk a log file with lots of events, but I am not able to set up the timestamp in the right way. In the filename, I can seen...
View ArticleWhy does my modular input Run() command generate thousands of events (rather...
I have a question about some odd behavior I'm seeing in my Modular Input app; specifically: [https://github.com/Qumulo/qumulo_splunk_app/blob/master/bin/qumulo.py#L296-L321][1] There is a bug here, but...
View ArticleIs there a way to track and audit deleted ticket/case/investigation to build...
Is there a way to track and audit deleted ticket/case/investigation? I am looking to see if I can build a report identifying this info. Thanks,
View ArticleRunning a scheduled search and saving the results to a summary index, how do...
Hi, I created a search that returns me a table with some values, follows: ... | table name, id, date I scheduled my search to run every day at midnight and the results are saved in the summary index....
View Article