Error Code 1 when running .bat script in response to an alert
I set up an alert so that when it triggers it runs a script called test.bat (this is a windows environment) which is located in $SPLUNK_HOME/bin/scripts. The .bat script is just a one liner that says...
View ArticleHow to make Radio button selection appear in Search Box field
Hi all, I have created a dashboard with a search parameter that grabs fields as per the chosen radio button. However, I want to make this a little user friendly so that the chosen field can display in...
View ArticleHelp need to fix error "The expression is malformed. Expected LIKE." (Using...
Hi, I am looking for some help on how to remove the malformed expression error coming from the query below, many thanks for your time: index="test" Policies=policy1 Destination=*@* | rex max_match=0...
View ArticleHow can I get the result ?
How can I get the result ? thanks ! ![alt text][1] [1]: /storage/temp/254702-行转列问题.png
View Articlenew index and sourcetype
should we modify the props.conf and the transforms.conf when we create a now index and a new sourcetype ?
View ArticleVery high Mongod CPU Usage on SearchHead
Hi, On my search head Mongod is consuming most of my CPU. **115786 splunk 20 0 40.4g 10.6g 10.5g S 93.8 68.3 7416:45 mongod** 81093 splunk 20 0 262404 96308 13996 S 6.2 0.6 0:03.92 splunkd 1 root 20 0...
View ArticleLicense Usage - Previous 30 days shows no data after upgrading to 7.0
Using the license usage tool in splunk (Settings->Licensing-ZUsage report) I can see all info on the today tab, but when I klick the Previous 30 days tab I get "no resoult found" in all searches....
View ArticleHow add an add-on icon using Splunk Add-on Builder App?
Hi, I am trying to add an icon or logo to the add-on that I am creating with Splunk add-on Builder App to be downloaded on Splunkbase before packaging it. I could not find a documentation on this. Can...
View Articlexml rest import not spltting into envents
I have a dashboard xml export from another app. the xml does not appear to be forrmatted as true xml using <> for some sections. in the sample code below I need the break on each section starting...
View Articlestarting splunkd on windows the check-xml-files command fails permission denied
We are using Splunk Enterprise 7.1 on windows. I'm attempting to start splunk daemon unsuccessfully. Within splunkd.log I see this: 08-15-2018 15:23:29.835 -0700 INFO loader - Automatic migration of...
View ArticleHow to modify/resize my table column widh based on its contents using CSS ?
HI, I am using a table command to print out _time, application, name and events generated by that application using table command. The problem is events are long and it is crossing the page, need to...
View ArticleHow to make the radio button selection appear in a search box field in a...
Hi all, I have created a dashboard with a search parameter that grabs fields as per the chosen radio button. However, I want to make this a little user friendly so that the chosen field can display in...
View ArticleHow can I filter the same source IP amount that is greater than 1000 per hour?
I want to monitor the connection status of some network device, and I want to trigger an alert which the same source IP address access the device greater than 1000 per hour. How can I achieve this...
View ArticleCan you forward specific indexed data from one server to another?
Hello, Here is my scenario server: Splunk_A has index_a index_b and index_c Splunk_B has Index_d index_e and index_f Is it possible to copy only index_f from Splunk_B to Splunk_A and configure...
View ArticleHow to delete blank space in a dashboard?
How to delete blank space ![alt text][1] xml example ![alt text][2] [1]: /storage/temp/254699-有高度间隙.png [2]: /storage/temp/254700-code.png
View ArticleChart Visualization Varying Data Values
Hi all, I am having an issue with a dashboard that I am working with. The values of the bucket I am using vary from 1 to ~800. Because of this, it makes it impossible to effectively convey the data...
View ArticleHow do I take data from a search and output to REST API
I need to pass data from Splunk to an external system based upon a triggered Alert. Could I use the REST API to pass the JSON data or would a python script be a better approach?
View ArticleSending Splunk Alerts to Netcool using SNMP v3 in Windows 10
Hi All, We have a requirement where we are supposed to capture error from the logs using Splunk running on Windows 10 machine which will trigger a script to send the details to Netcool using snmp...
View ArticleHow can I retrieve another field value from dashboard dropdown?
I have an index which consists of 2 fields: name and id. When I created the dropdown, I made it base of name since it is easier for user to identify. But I really need the id as an input for my other...
View Articlewrite regex to capture different url pattern and display in chart
I have couple of different url patterns in my logs and I want to write a regex to extract different url patterns into a field and group the similar patterns together and display a chart . following are...
View Article