Quotes around first word in inputlookup value
I am using an input lookup to exclude results from a search (e.g. index=main NOT [| inputlookup test_lookup.csv | fields value]. The searches I am trying to exclude contain values with quotes, such as...
View ArticlePopulate dropdown menu using lookup and tokens with multiple field values
I am trying to populate a dropdown menu using a lookup table that contains all my server's hostname in one column and their Category in another | inputlookup UFlookups.csv | dedup Category | stats...
View ArticleHow do I change the owner of alerts in splunk web UI or conf file?
Dears, I have around 100 alerts configured in splunk with one AD user. Since this AD user is left the organization, I need to change the ownership of all alerts under his name to my name. Is this...
View ArticleHow to configure Load Balancing on Splunk Search Heads?
Hi! So I set up a F5 Load Balancer and listed all of my Splunk search heads as pool members. Apparently the load balancer performs a health check, and therefore, requires a health monitor URI and a...
View Articleavg many fields
HELLO I try to do an avg on multiple fields but i dont succeed for one field i use this / stats avg(ReadOperationCount) BY host but if i want to do the same for 2 fields (toto for example), how to do...
View Articlehow to deploy search head and indexer
Hi how to deploy search head and indexer with detailed steps regards smdasim
View ArticleMail Alert Notification Is Not Working After One Month
Hi Experts, I have triggered Mail alert notification on the real time format. I got last email alert notification on 30.06.2018 after that I got error which is visible in search result but didn't get...
View ArticleWhat is the optimum setting value?
In my environment, 800,000 mails are sent a day. This time, when introducing Microsoft Office 365 Reporting Add-on for Splunk, I am worried about the following values. 1.interval 2.query_window_size...
View ArticleMSSQL ERRORLOG problem
I am using splunk to monitor the MSSQL ERRORLOG files. My goal is to list the failed and success logons into MSSQL. Without using **db connect 2** and just the **Splunk_TA_microsoft-sqlserver**, am I...
View ArticleThe replication factor process is not complete?
we have 3 indexers, since two weeks ago 2 indexers down, after 2 weeks from repair the servers became UP, but there is a delay in the replication factor process? is this normal or not? There is a...
View Articledisplay start and endtime in results
I would like to write a query which will start with "starttime=06/08/2018:00:00:00 endtime=06/08/2018:00:01:00 index=* ..." and then take starttime and endtime as parameters... and create an epoach...
View ArticleDisplay the Results of Search Query at regular intervals of time with fixed...
Hi , Currently am running below SPlunk Search Query where am using earliest=-0d@d latest=-2m. earliest=-0d@d latest=-2m | spath message | rex field=message "TradeID = (?\w+)" | dedup 1 id sortby -_time...
View Articlesplunk db connect - google bigquery
has anyone created the connection between the google bigquery and splunk and if so what did you use in your types conf file Thanks
View ArticleGeo Heatmap not showing data points on the map.
Hi all, I am having difficulty with geostats and the Geo heatmap visualization. No matter what I input into the geostats command nothing is displayed on the map. The same geostats results show up on...
View Articletstats subsearch
Hi, I have a tstats query working perfectly however I need to then cross reference a field returned with the data held in another index. Example query which I have shortened | tstats summariesonly=t...
View ArticleWhere can I find documentation on the "Network Traffic App for Splunk"?
I'm looking for any documentation on the "Network Traffic App for Splunk". I have searched the Splunk wiki and Splunk Answers but have not found anything on this app. My apologies if my search-foo is...
View ArticleSplunk DB Connect Alternative
Hello everyone! My team and I are weighing our options for various ways to connect to our databases with Splunk; however, our main Splunk department does not have the DB Connect app installed. From...
View ArticleSplunk Alert -No Delete Option
There is no delete option under the edit menu for a splunk alert. The alert is disabled now but need to delete it. The option is not showing up for the alert owner and splunk admin. Are there any other...
View ArticleRex field extraction
1. Could someone help me extract the two bold words from the following sample SAMPLE EVENT 1 2018-07-02 08:51:44,648 https-nsse-nio-8663-exec-18 LRQ9923 531x698404x16 1kvc79 99.103.154.114,30.128.209.1...
View ArticleSplunk python SDK to update kvstore error
Getting this error when using batch_save to update kvstore through Splunk python SDK. This works fine when posting same content through curl, not sure if some limitation through splunk SDK. Anyone have...
View Article
