compare event count today vs yesterday vs last week vs prior week
Hi, i want to compare event count today with yesterday,last week and prior week using timewarp complete day like day starting to till now
View ArticleCould you make a table over or by the fields being represented or the...
With the "chart" or other functions, could you make a table over or by the fields being represented or the statistical functions being used? The result of which I'm thinking would have rows saying...
View ArticleAny way to distribute local system files (conf) to search heads?
I want to make changes to web.conf and distribute them. Any way to do it for search heads? Thanks.
View ArticleSplunk VNX App for VNXe Devices
Trying to integrate VNXe devices(VNX3200 series) using Splunk Add-on for VNX, where it uses naviseccli commands to run on the VNX boxes. However, its throwing error "CLI commands are not supported by...
View Articlehow to drilldown an event to see data 15 minutes before that events time and...
Can we drilldown an event to see data 15 minutes before that events time and 15 minutes after For example the event in is.. [8/16/18 6:49:41:163 EST] Website crashed Error : 404 [8/16/18 6:58:41:163...
View ArticleThe request was aborted: Could not create SSL/TLS secure channel.
Dear Team, I am new to Splunk and trying to create one same for hitting the Splunk endpoint from the c# Code. I have configured in my localhost. When i access the below URL, i am getting **Login...
View ArticleSplunk SDK for Java
Hello Guys, As we know, we can connect to splunk from java using SDK for java on port 8089 and running over https. But now i want to connect to splunk running on http over 8089 port. How to achieve...
View ArticleIs it possible to containerize Splunk in Azure Cloud for an on-Premise...
hi All, Is it possible to containerize Splunk in Azure Cloud for ON-Premise environment like backend servers , Master, SH's , Indexers, Deployment server, Depoloyers, HF's . If supported, would it...
View ArticleError with Splunk Stream: Unable to initialize modular input "streamfwd"...
Hi All, We are receiving below error in Splunk Stream App we have installed a separate Universal forwarder and installed the Stream Add-on on it to read PCAP files. Any help on the same would be...
View Articleheavy forwarder does not forward data from db connect
Hello, I have set up a heavy forwarder with DBX. The connection to my sample database (mySQL) works, but the data is not forwarded to my indexer. I tested the connection by forwarding the syslog from...
View ArticleSearch SPL to show messages menu
Can someone tell me the Splunk query to match the contents of the "Messages" menu item? As an example, i see the following message in my messages drop down from the menu but I want the Splunk query...
View ArticleDeveloper License Extension
Dears, I have requested for the developer license extension last week but haven't seen any reply from Splunk. Requested for the license again today. Sent an email to devinfo@splunk.com. Any chances of...
View ArticleSplunk Query
Hi Splunkers, Need a help in forming a splunk query. Requirement: Find the time difference (delta1, delta2,delta3.......) between events by specific field. Example: User A eventcount =5 [delta1,...
View Articledatamodelsimple returned error code 1
Ran the simple command below | datamodelsimple External search command 'datamodelsimple' returned error code 1. Splunk version 7.1.1 CIM 4.11
View ArticleDetect password in username field followed by successful logon
To detect a failed login following by successful login (within a 60 second) period, I run: index=myindex sourcetype=wineventlog:security (EventCode=4624 OR EventCode=4625) | transaction Account_Name,...
View Articlefind max length where field name is firstName_1,firstName_2...
My splunk entry is firstName_1="Tom" firstName_2="Jerry" firstName_3="Tom1" firstName_4="Jerry1" I would like to find max length of firstName. Answer for above entry should be 6 as firstName_4 length...
View ArticleSplitting columns into rows
Hi Splunk Gurus, I have an unusual requirement where I need to create two rows from one: A | B | C |D | E to Row 1 - A | B | C | D Row 2 - A | B | C | E I think i could achieve this by using APPEND but...
View ArticleRegex command to remove the special character
I want to remove the special character after number .. pls help data : 7.62\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 i want : 7.62. the number is not constant it will keep changing...
View ArticleKVStorageProvider --- saveBatchData:upsert --- No collection available
i keep seeing this error in the internal logs kvstorageprovider - an error occurred during the last operation ('savebatchdata:upsert', domain: '0', code: '0'): No collection available. we aren't using...
View ArticleWhat does the view Settings -> Sourcetypes (Under Data Section) tells us?
Hi, I am working on troubleshooting one issue where data from a particular sourcetype is not getting parsed correctly. Came across this page under Settings -> Sourcetypes and want to understand what...
View Article