How can I make use of search string and token to display text in panels?
I am developing a dashboard to analyze users logs from an email application. The dashboard has Time (Time Picker) and Email (Drop-down List) as inputs. Users are able to select time range and a email...
View ArticleIs it possible to display breadcrumbs navigation on dashboards.
Hi, I want to add "Breadcrumbs Navigation" in all of my dashboards like, parentMenu->childMenu Why I require this because, in my navigation menu, there are multiple Dashboard with same Name. like...
View ArticleFailed to load custom visualization
Hi! I have followed the steps for creating a customized visualization (see http://docs.splunk.com/Documentation/Splunk/6.4.0/AdvancedDev/CustomVizTutorial), but when I am testing the visualization in...
View ArticleHow to extract the duration in seconds from values like "2 dy 13 hr 49 min 13...
Hi, I would like to extract the duration in seconds from values like this: "2 dy 13 hr 49 min 13 sec" "1 hr 49 min 41 sec" "12 min 56 sec" For constant values (e.g. with only min & sec) I would...
View ArticleIs it possible to assign roles to only have access to certain summary indexes?
Greetings, I have read through the Knowledge Manager Manual on summary indexes, but am left with a question for my usecase. Our environment aggregates the internet connection for many departments into...
View ArticleHow can I detect and alert on significant changes in a field value over time?
I want to create an alert that will trigger when the count of a certian type of event changes significantly from what it has seen in the past. See my data table below. You can see right in the middle...
View ArticleIs there a command or search to see which unique Cisco firewalls are sending...
Does anyone know the command or search string to see which Cisco firewalls are sending traffic to Splunk?
View ArticleWebsite Monitoring: Can we configure a new index to use with this app?
I may have overlooked this, but I am using the Website Monitoring app in Splunk and I want to set up a new index for this app to use. Does anyone know if you can configure the index with the Website...
View ArticleIs possible to monitor Cassandra database logs in Splunk?
Hi, I am using Splunk Enterprise. Now we are planning to monitor Cassandra logs. Is it possible to monitor Cassandra database logs with Splunk? Thanks in advance
View ArticleHow to search for the exact URI with wildcards within the URI field?
Hi All, I have following URI in my logs. /svc/appName/1234567890/catalog/search/(status), /svc/appName/1234567890/catalog/search/(info) /svc/appName/1234567890/catalog/search/(update),...
View ArticleWhy are email alerts not getting sent?
New to Splunk I have a search `index="data_collection"` They have it set up to email them. When you are looking at search, you see tons of results ... but no email is ever sent. alert type real time...
View ArticleHow can I extract specific data from a complex block of XML?
So I've been reading around and most people point to xpath, but after hours of troubleshooting I can't seem to get it to work in my scenario. I'm trying to extract **decision** and **reasoncode** as...
View ArticleHigher value of squash_threshold no longer making a difference (6.2.1 vs. 6.3.3)
When we upgraded to 6.3.3 from 6.2.1 the license usage data has gone from <1% being squashed to almost 40%. On 6.2.1 I had set the squash_threshold value to 5000 from the default 2000 and we were...
View ArticleHow do I find the time difference between these events?
We have the events like below (fields like flowId, action..etc) and need a final output between the events (action = FLOW_END_SUCCESS and FLOW_START) time difference based on flowId, 2016-05-18...
View ArticleMy search works when I run it manually, but why does it not produce results...
index=main source=locations sourcetype=location_information | search * AND address=$token1$ OR address="LocationXYZ" | table site_name, address, state, country When I run this search manually, it works...
View ArticleWhat is the quickest way to remove indexers from a multisite indexer cluster?
Hi, I have a number of indexers that are part of a multisite indexer cluster. I don't care about any of the data that is on these indexers. What is the quickest way to remove them? Can I just shut them...
View ArticleCreate audit object on ALL tables
I'm following this guide to create table audit for each table. However, I have a question what if we have >100 tables. Is there any short hand that can create audit table for ALL tables in one step?...
View ArticleHow do I use requireHeader to override indexing settings for a TCP input?
The `inputs.conf` documentation describes a `requireHeader` setting for TCP inputs:> requireHeader = bool> Require a header be present at the beginning of every stream.> This header may be...
View ArticleHow do I use a header to override indexing settings for a TCP input?
The `inputs.conf` documentation describes a `requireHeader` setting for TCP inputs:> requireHeader = bool> Require a header be present at the beginning of every stream.> This header may be...
View ArticlePls help re-create this chart in Splunk
![alt text][1]![alt text][2] Trying to recreate this chart in Splunk - can anyone assist, as i'm a bit uncertain where to start. Hits = SampleCount Network Time = Network Time Server Time = Server Time...
View Article