Splunk for non-streaming data (structured)
Hello, I will be using Splunk for non-streaming information. The reason I am using Splunk is a) my company already has licenses and b) the power of transforming data into visualizations. I am using a...
View ArticlePersonal Dev License still out there?
Anyone know where to get the 10g personal dev license? I'm not talking about the 50g dev/test one. I was sent to a link via support but that seems to take me to the 50g one and is "pending review".
View Articlehow to achieve this result by using for each command ?
so serverlist splunk_server A A B B C C J D I K here both are multivalued I need to write a query to get the results as serverlist splunk_server result A A D B B C C J D I K I don't want these...
View Articlehard time reaching sales
with the difficulty of reaching sales i figured i would ask here. if i get a perpetual license, how long can i continue to use the software after the first year if i choose not to continue the support?...
View ArticleHow do I search a match a specific source against an input lookup
I am attempting to run the below, however I am not getting any results. **source="source.tsv" [|inputlookup appname| fields inputfield AS "field"]** I can search **source="source.tsv"** and get the...
View ArticleIs there a way to submit events with user 'nobody' ?
Hi. I am trying to submit events, from a scripted input, with user 'nobody' I am getting this error: HTTP 403 Forbidden -- insufficient permission to access this resource In order to submit my events I...
View ArticleHow to Interpret License Usage Page - Splunk Enterprise
Hello Team Splunk! I am having some trouble interpreting the license usage page in *Splunk Enterprise*. Figures 1 and 2 below show the parts I am confused about. Figure 1 shows that there was some type...
View ArticleInputlookup in dropdown to display different columns
Hi all, I'm creating a dashboard that contains drop downs that allow viewers to select a field `user_id` and the table will **display a list of user_ids and other columns' value** regarding the id. But...
View Articlecompute the macro name to be used in a search
Hi Guys, Is it possible to calculate the name of a macro to be used in a search from a token value? I have a drop down list of system names that I have corresponding macros for. eg key = ABC - macro =...
View Articleremove the first row in the search result
Hi splunkers, i have a search result like **base_search |timechart count by filedname** and result displaying like mentioned below. _time filedname1 fieldname2 2018-6-10 3 30 2018-7-10 150 12100...
View ArticleDifficulty reaching splunk enterprise web interface from a cloud server...
I have an installation of splunk enterprise on a google cloud server, the server has an internal IP and an external IP, the installation was completed successfully with no errors and splunkd is...
View ArticleHow to fix one column in a table when using the scroll bar (moving left to...
I have table having 34 columns, So I need to fix first column while scrolling bar left to right or vice versa.
View Articledashboard panel shown blank, on enabling search ,runs perfectly in search app...
My panel in a dashboard is showing nothing,completely blank,no error nothing.However when I enable search in the panel and runs it in the search app,the query is showing proper result. Any idea what is...
View ArticleHEC configuration
Hi, Anyone tried Ryan site on HEC using rsyslog and HAproxy (https://www.rfaircloth.com/2017/02/10/building-perfect-syslog-collection-infrastructure/) Any issue met? I tried and my HAProxy shows (Error...
View ArticleNeed to remove hand icon from a pie chart after drilldown
i have a pie chart with drilldown. When one value is chosen , the pie shows that value with 100% ( which is correct) However,There is a hand icon which still shown on hovering that pie indicating...
View ArticleCan i truncate tsidx files as we are facing disk space issue ?If yes then...
Can i truncate tsidx files as we are facing disk space issue ?If yes then what is impact ?
View Articlehow can I configure my transforms.conf to filter specific events
**Now here ,this is a test log** Thu Jun 08 2017 03:06:50 www3 sshd[2294]: Failed password for beyonce from 10.1.10.172 port 3529 ssh2 host = node1 source =secure.log sourcetype =asd Thu Jun 08 2017...
View Articleerror message from attach file
![alt text][1] [1]: /storage/temp/255691-3.jpg Hi I Question error message from attach file.
View ArticleField Extraction updated but how to activate in Data Modell?
I have updated the Field Extraktion for some fields but the Data Modell still use the old Definition. How to make the new Definition activ in the Data Modell?
View Articlehow to merge this case
I have a table like this one, and I want to know how to merge different values based on one field. example table) [AS-IS] ![alt text][1] [TO-BE] ![alt text][2] ps. a/b/c is the value when at/bt/ct is...
View Article