Problem with timechart after a join
My base search is just building a timechart of 3 utilization rates over time. Two rates come from one source, one from another via a join. Seems to work fine. index=XXXX sourcetype="XXXX" | eval...
View ArticleCopy reports from one standalone machine to another the easy way. No fancy...
I have scoured the internet in search of a simple way to copy reports and dashboards from one STANDALONE machine to another and I cannot find a simple answer. I have no network access on these machines...
View ArticleSplitting JSON into events
I am currently trying to split my json into multiple events at index time into Splunk. Although when I do this it breaks each line into multiple events. I am not good with regex, so I tried using the...
View ArticleHow to monitor Oracle Service Bus Console 12.c in Splunk ?
I am trying to Monitor the Oracle Service Bus console 12c to check project status, deployments, job status, long run Schedule jobs. Please help me with proper Splunk App's to monitor. Splunk Version :...
View ArticleUpload license via api services/licenser/licenses and getting "The license...
Hi. I am trying to upload a valid license via the API: $ curl -u 'user:pass' https://:8089/services/licenser/licenses -d 'name=Splunk.license' -d 'payload=...' In handler 'licenses': Splunk.license:...
View ArticleSplunk web redirect to FQDN?
I was looking around and maybe my googling is the best today, but I cannot seem to find a way to redirect the Splunk webserver. Basically our customers can access our Splunk servers with either the...
View ArticleApp Exporter
When using "App Exporter" where does the app go after you hit the "export" button. It doesn't look like the app is working. Do I open a folder and hit ctrl V or something? Thank you in advance.
View ArticleSearch head unable to find new index in cluster
Hi all, My current setup consists of 1 x Search Head 3 x Indexers 1 x Cluster Master 1 x DS 1 x Test Forwarder I created a new index via an indexes.conf file in the cluster master...
View ArticleIndex Cluster Migrations
3 nodes in cluster at source Cluster1(source idx cluster)- Search and Replication Factor set to 2. and Cluster2 (Destination) has 8 nodes in cluster (edited) I am not sure how to start when copying...
View ArticleWorkday Addon - Request Failed with Error Code 401
Hello, I am in the process of working with our Workday team to setup Splunk to ingest Workday activity logs. As we work through the process we have our Workday area configured within Workday, including...
View ArticleSearch using map wont work in Dashboard "search is waiting for input"
Hi all, Thank you in advance. I have a search using map that works fine in search, but when i add it as a dashboard (whether i add it exactly the same or with other tokens for fields) is doesn't work...
View ArticleIntegration of SharePoint to Splunk
Is it possible to pull all information in CSV file inside of the root folder when doing the integration of sharepoint to splunk?
View ArticleHow do i access nested JSON?
I have message that contains nested JSON inside which contains a `message` field that contains a `Java exception` ` {xxxx: "some-fields-here", message: {"logRecordType":"X",...
View ArticleSplunk popout when column have values exceeding threshold
I need to automatically create a popout window / other in-dashboard notification when certain thresholds are broken within a table. Thus far I have managed to configure Splunk popouts triggered by on...
View ArticleI want to display a panel only if the user clicks on one specific column
The requirement is to display a panel only if the user clicks on a specific column in a previous panel. Kindly help.
View ArticleHelp with Masking data
We have application writing logs as Windows Events . There are 3 fields that we wanted to mask .. Accept-Language=en-US,en;q=0.9 Authorization=Auth...
View Articlehelp please : inputs problem
hi i have configurate my universal forwarder and splunk so i can find my machine in the host list of splunk .. but i think i have a problem in the inputs.conf because i can't find the sourcetype and...
View ArticleForward specific indexed data
Hello, here is my scenario server: Splunk_A has index_a index_b and index_c Splunk_B has Index_d index_e and index_f is it possible to copy only index_f from Splunk_B to Splunk_A and configure...
View ArticleHow to delete blank space
How to delete blank space ![alt text][1] xml example ![alt text][2] [1]: /storage/temp/254699-有高度间隙.png [2]: /storage/temp/254700-code.png
View Articleinputs.conf help
hii in the inputs.conf i wrote [monitor://C:\var\log*.log] disabled = 0 sourcetype= log index=me but when i tape the command splunk list inputstatus i find C:\var\log*.log type is missing what should i...
View Article