How to re-index / sync new data from directories which are monitored?
Hi, each day, I download new logs in directories which are monitored. I would like to know how to force Splunk to add these new logs just after their downloading. PS : I don't want to re-index all my...
View Articlecreate search template ??
Hi i need to create a search template using splunk so i want to know what are the steps that i have to follow ? must i creaet an apps ? are there any easy way without using xml ?
View Articleunable to Send access.log events to the web index. Hosts should be www1,...
Hi , I have created indexer{2 indexers] in AWS environment with 2 fowarder and 1 search heads. If I create indexes on a search head/indexers using GUI will the configuration as shown below. I am not...
View ArticleMultiselect option not getting displayed if the option is chosen in differnt...
Hi, I have a dashboard with multiselect input, MetricLatencyThroughputErrorAlltruetruetruetruetruetrue The probelm here is if i select Latency first, the panels of Latency gets selected. If I select...
View ArticleAn error occurred (AccessDenied) when calling the AssumeRole operation: Roles...
I am getting this error while configuring AWS add on with splunk , let me know if you have any solution.
View ArticleHow to get distinct count of a field only for the latest events?
I'm constantly feeding my splunk with a .csv source, all of them with a pattern ïn their name: "Data1.csv", "Data2.csv", "Data3.csv", etc... These csv's have a table like: _time | Extracted_Host |...
View Articlesplunk index cuts out some lines
Hi, I am testing splunk config from my local machine before implementing it in production. So i am indexing a json file of about 5000 lines. However when it is indexed I get one event with about 138...
View ArticleHEC Sourcetype
Hello everyone! I just have a brief question regarding the HEC input. Our primary data input is the HEC. For new applications that want to forward through our deployed Heavy Forwarder, we must first...
View ArticleLookup File data retention Question
Hi Team, I have requirement to show last 90 days worth of app login stats broken by day. I have a lookup table/defnition created and i have saved search that writes the summary data every morning 5 am...
View ArticleLimitation on number of boolean clauses within search string
Is there a limitation on the number of search boolean clauses (i.e. OR, AND) within a search string? For example | search 'user1' OR 'user2' OR 'user3' OR ... 'user180' It seems like the color of OR...
View ArticleHow to find the RequestPerSec by Country using ClientIP adddress ?
Hi I have a query which would list me avg, max & P95 requestpersec for the selected time range index=test client_ipaddress=* |eval requestcount=1 | timechart per_second(requestcount) AS...
View ArticleUse predict with split by function?
Is there a way to split by using predict. I can predict on a single factor, e.g. | timechart span=1h max(values) as values | predict values How about: | timechart span=1h max(values) as values by user?
View ArticleAccess token label in javascript?
I have a dropdown input field with associated token="offset". I want to use the label associated with the token value in a javascript function. How do I access it?
View Articlereport is not sending an email.
I can see the report in the -searches and reports but I don't know its not triggering the mail.
View ArticleDB Connect 3.1.3 Hive connection
I am trying to install the Hive driver so that I can send Splunk data to the company's hadoop instance. I found two articles that had some good details. Each uses a different method. I tried both and I...
View ArticleSymantec TA field Extractions not working
Hello All, I am troubleshooting an issue with the Symantec TA. Fields are not being extracted correctly and I am stumped as to why. I can take the regex out of transforms and put it directly into the...
View ArticleHow can I extract key value pair in a table?
I have data like **Data: {"code": "abc", "version": "2018.6", "name": "testdata", "group": "QA", "DB": "oracle"}** in the field **Message**. How can I export the key and value pair in a table. So, I...
View ArticleHow to create a search template (macro) using Splunk?
Hi I need to create a search template using Splunk so I want to know what are the steps that I have to follow? must I create an app? are there any easy ways without using XML?
View ArticleHelp with Regex to remove HTML tags
Hello, Could someone please help me with removing the HTML tags from fields. The data is a few sentences, such as remediation of a Microsoft patch, but contains links within. This data is coming in...
View ArticleHow to filters the event by differ date than mapped in sourcetype
We have Date1 mapped in the sourcetype for the index. So if I select last 7 days in the date filter data is filtered on date 1. But for my project I need to use Date2 as a date / duration filter in the...
View Article