Getting locale in Javascript and gettext()
I am trying to either (or maybe I need both) get the locale setting of the client in Javascript to replace some tokens in my search string, as well as trying to find if the gettext function is...
View ArticleSendemail script execution failed and no python.log entry
I am unable to get the sendemail command to send an email via either a saved search, or an on demand search. In the case of an on demand search (sample:) index=dnsf "*error*"| stats count by host |...
View ArticleGetting Duplicate message when doing search for User ID (title)
This is the search I used: |rest /services/authentication/users splunk_server=local |fields title |rename title as user |table user | sort user | dedup user I wanted to get the user Id and then use...
View ArticleNeed to get rid of columns with no values?
I want to look at values in savedsearch.conf using the REST API, however a lot of blank columns show up! When I type in this search: | rest splunk_server=local /servicesNS/-/-/saved/searches/ The...
View ArticleQuery Window Size is required and should be at least 1 minute
[ms_o365_message_trace://Ouro365data] delay_throttle = 1440 index = o365 input_mode = continuously_monitor interval = 3600 office_365_password = THE_PASSWORD office_365_username =...
View ArticleWhat does -# mean at the end of my frozen buckets?
I am working on a script to thaw frozen buckets. Part of my script is to validate that the selected buckets are valid. We have an index cluster that currently just freeze to a shared path. I run...
View ArticleVDI dynamic VMs and Splunk forwarders
How do you go about ensuring splunk forwarders forward all data from a gold image created VM that then gets blown away when a user logs off? How are people managing VM creation/destruction and in...
View ArticleWhy do I have blocked queue messages but my DMC doesn't show queues as full?
Hi, I'm noticing a fair amount of blocked queues in my internal logs, especially for the exec queue. However, when I look at the DMC, and the indexer in question, those queues are not anywhere near...
View ArticleCan I force forwarders to use TLS 1.2 by disabling SSL3?
I need to disable SSL3 and enable TLS 1.2 across all of Splunk Enterprise. SSL3 is being disabled entirely in my organization. If I just add "sslVersions = -tls1.1, tls1.2, -sslv2, -sslv3" to the...
View ArticleRegex not working
I have a regex that should remove everything after a second underscore. When I try to search with the regex, it doesn't work. Any ideas? I must be doing something wrong, just can't figure out what....
View ArticleUsing radio button choices in case statements
Hi, I have a simple checkbox as shown below - Event TypeAllEvent1Event2Event3Event4$$payload.type$$ == "" OR * I have a query which basically checks if Type is "A" or "B" and based on that selects x...
View ArticleGetting hold of an eval from subsearch
Hello, How do I do something like this in splunk? eval base_starttime = [search index="app_event"| eval starttime = strftime(sometime, someformat) | return starttime] | (then use base_startime ....)...
View ArticleHow to get rid of columns with no values?
I want to look at values in savedsearch.conf using the REST API, however a lot of blank columns show up! When I type in this search: | rest splunk_server=local /servicesNS/-/-/saved/searches/ The...
View ArticleSearch losing events as number of events increase
I have a search that compares an expanded multi value field against a lookup table and returns those events where at least one of the field values was not found. My thinking is: If a `singleColumns`...
View ArticleDoes Splunk enterprise support Apache Ambari? Is so, in what way can I...
I am trying to find out relation of ambari with various log management frameworks.
View ArticleOrder of Search terms - Does it matter?
Recently I was working on a lab module 12 - question 22: Search the web application data for all events where a user purchased a product successfully. Use the stats sum function to sum the Price field...
View ArticleUsing the results of one search to perform another
I want to list ALL customers who bought a watch and then use their userId to list out all of their purchases(not limited to watches). I'm trying to solve this using subsearches. But, its not helping....
View ArticleHow to add custom color to blank cell
How to add custom color to blank cell I tried doing {"": #112233} and it doesn't work. if the value in the cell is lets say 12 doing {"12" : #112233} gives #112233 to the cell, but how to add the color...
View ArticleTimechart;How to display hrs and minutes on Y axis and Date on x axis?
Hi Folks, How to display hrs & minutes on Y axis and Date on axis by field values? The challenge here is am unable to display hrs & minutes on y axis.
View Articlewhat is splunk bootstrap ? is there any documentation to explain commands...
I am new to splunk , need this to setup my cluster . I want to understand search head and what required in search head
View Article