Would you create rex or regex to extract a string and create a new field?
I have the raw data below. How do I get the strings after the "action": and put all the results into a new field?...
View ArticlePalo Alto - usage by category
We're collecting Palo Alto logs into Splunk and palo alto app dashboards are currently not enabled. I'd like to create a Splunk paloalto report that does site by site category and usage by category...
View ArticleHow do you turn this test string into a regular expression
Hello How do you convert the following test string to a regular expression, if the test string contains spaces? Because the string "type" appears several time in the log, to differentiate the instance...
View Articletimediff based on non-sequential sequence IDs
I have a requirement wherein I have to find timedifference of 2 events. Below is an example on the event type: Host Time SeqID Transaction a 1:00:00 5 Start b 1:30:00 7 Start a 1:45:00 9 Complete b...
View ArticleMysterious Illogical Error - Trying to Forward - Parameter name: Path does...
Hello Team, I am trying to do a simple thing. I am trying to forward a log file to my remote Splunk indexer. I am using the command : `./splunk add monitor /path/to/log/file/appname.log` This command...
View ArticleHow to create a chart to show count of events by hour over days in a week?
Below is the search query i used in order to get a similar chart but the hours are not consecutive, as shown in the Legend's table on the right side. What i have in mind was to create a chart that...
View ArticleConvert IP address to lat and long to use the Missile Map
Hi all, I'm using the Missile Map app in Splunk to visualize multiple connections from staring point to destination. But I have trouble converting my two fields `FromIPAddr` and `ToIPAddr`, which are...
View Articlewhy collect command not working ??
Hello everyone I have a SH and two IDX I run a search in SH and using "collect" command i push the results to a index=sql which is available in IDX1 and IDX2 (load balanced based upon the availability)...
View Articlehow do I filter the error logs of that particular container?
I have configured splunk with http event collector on docker, so I am storing the logs of all the container into splunk index I am able to filter the logs of each container with tag name , but how do I...
View ArticleHow to configure Splunk statistics table to display more than 100 rows
Hi all, How to configure Splunk statistics table to display more than 100 rows? can this be achieved by editing a specific .conf, .js files? Thanks in advance :)
View ArticleExtracting delimited values from a field with a dynamic length?
I have a field that contains column names delimited by spaces that I need to break out into separate fields for filtering purposes. The values are simply the column names, like shown below: THIS_COLUMN...
View ArticleHow to split multiple lines in table to separate rows
I have some data from Tenable and I am trying to weed out the rows with multiple values into its own row. ![alt text][1] [1]: /storage/temp/252085-capture1.png A good example would be is the 4th row...
View ArticleHow to add "edit visualization" outside edit mode?
Hi, would like to ask how to add the "edit visualization" button outside edit mode? That way users can choose what visualization they'd want to see in a panel without having to click the edit to change...
View Articleeval case match a fields value as a substring to other field
Hi All, index="index1" sourcetype="SC1" OR sourcetype="SC2" | eval Ticket_Main5 = (Ticket,1,5)| eval Ticket_master = case(sourcetype="SC2" AND like(LINK_LIST, Ticket_Main5),SC2_Ticket,1=1,"NotFound")...
View ArticleHow to assign value to a field which is not present in some of the events and...
How to assign value to a field which is not present in some of the events and compare that value with other values from other events where that field is present? I have events where field named...
View ArticleTried to edit the viz_editor_schema.js but nothing changed
Hi all, I've edited the viz_editor_schema.js to change the maximum limit of rows displayed of a statistic table, I did some bumps, debug refresh and I even restarted my Splunk instance several times...
View ArticleHow can a forwarder monitor a dynamic path?
How can a forwarder be setup to monitor files with a dynamic path? For instance, I have a folder structure such as this: `\\shared\tests\{DateTime.NOW}\logs\xxx_yyy_{DateTime.NOW}.xml` `DateTime.NOW`...
View Articlewebsite monitoring inputs.conf file configuration
Trying to find out the inputs.conf configuration to add Website via directly editing the inputs.conf file for availability monitoring. Please suggest with examples -Thanks
View ArticleHow to create tag cloud drilldown?
In the dashboard, I am created a tag cloud Visualization but the tag cloud Visualization "edit drilldown" is invalid. how to make the drilldown function use directly?![alt text][1] [1]:...
View Article