How to ingest data from IBM data power
Whats the best way to get data from IBM data power into Splunk. I understand that it does not have an OS, so cannot install a UF in IBM data power. Thank you in advance
View ArticleWhy do the fields on datamodel "ns_waf" doesn't exist?
Hi. Fields present on datamodel "ns_waf" doesn't exist. Anyone have these fields extracted? nswaf_action, nswaf_appliance, nswaf_company, etc. This app doesn't have any extraction defined on...
View ArticleOptimizing Accelerated Data Models
My company is heavily using CIM accelerated data models for our security monitoring. We are currently experiencing performance issues and we think that data model acceleration is contributing to them....
View ArticleHow do you parse JSON from a specific field?
I tried search in the community support section for something similar to my issue. I am trying to parse a specific field which is actually in JSON format. Is there a way to parse out anything within...
View ArticleMap a group with the hash (#) character in the group name
Hello! We have some AD groups with start with a hash (#) e.g. #Managers. Is it possible to include these in group mappings for LDAP? Thanks!
View Articlemultiple dashboards on a single monitoring screen and auto scrolling enabled
How to put multiple dashboards on a single monitoring screen with only one visible at a time and auto scroll enabled. is there a way if this can be done ? Please advise.
View ArticleKVStorageProvider --- saveBatchData:upsert --- No collection available
i keep seeing this error in the internal logs kvstorageprovider - an error occurred during the last operation ('savebatchdata:upsert', domain: '0', code: '0'): No collection available. we aren't using...
View ArticleCreate Dashboard
![alt text][1] [1]: /storage/temp/255729-0.jpg Dear all. I need support create Dashboard same this pictute . I not use Splunk App for AWS. I want to display format fraction result (Total login / Error...
View ArticleA Clean "| table *"
Given that my search criteria is this: `index=some_index sourcetype=some_sourcetype`, is there a shortcut to piping the `| table *` command where splunk-created fields are automatically excluded?...
View ArticleAssign keys to tokenised string
Hi there, Can someone help me with reading the tokenized string and assign the keys to each index retrieved. It is difficult for me as it is not key/value format to read. Log sample:...
View ArticleMoved Status Overview dashboard to new app now missing the js and css niceness
Hey, I used the status overview search in my custom app and it works apart from the css and js parts for example when we get a 401 or 501 error - this is not highlighted. added the form details to my...
View ArticleUpload File vs. Index-once Monitor File
![upload vs monitor file (index once)][1] [1]: /storage/temp/254722-upvsmonit.png Would like to get some enlightenment on what's the difference between the two. TIA
View ArticleSplunkd service will not start
After upgrading Splunk App for Windows Infrastructure to latest version from splunkbase (https://splunkbase.splunk.com/app/1680/) it asked for a restart of splunk. I accepted the restart and then alot...
View ArticleUnable to get count when variable names has a "-"
One of the queries i'm using has a variable with a "-" and splunk is unable to get me the stats count using the variable. Example : your search | stats count by Order-Type Is there a limitation on the...
View ArticleHow can I split multi values in a single value ?
Hi guys, I wanna get 2 values in a single value (visualization) as picture. ![alt text][1] Please help me. Thanks [1]: /storage/temp/255732-splunk.png
View Articlehow to calculate Throughput
how to calculate Throughput if i have this data. index=perf host=prod-* sourcetype=tc_metric earliest=-10min | eval host_type=case(host LIKE "%wap%", "WAP", host LIKE "%web%", "WEB", host LIKE...
View Articlehow to combine more than three types of charts in one chart.
hello everyone, I'd like to know how to combine three types of charts in one chart. I'd like to make just one chart using column chart, line chart, area chart. I've known that if overlay option , two...
View ArticleExtracting Key value pair
I have data like **Data: {"code": "abc", "version": "2018.6", "name": "testdata", "group": "QA", "DB": "oracle"}** in the field **Message**. How can I export the key and value pair in a table. So, I...
View ArticleFailed to reap - because of directory not empty
We have a lot of theese errors in splunked.log, I have searched a lot to find an solution but to no success. *ERROR DispatchReaper - Failed to reap...
View Articlesearch template ??
Hi i need to create a search template using splunk so i want to know what are the steps that i have to follow ? must i creaet an apps ? are there any easy way without using xml ?
View Article