How to write a cron schedule to execute in every 5 mins between 7 am to 12...
How to write a cron schedule to execute in every 5 mins between 7 am to 12 min-night ?
View ArticleOverlay goal trendline
Hi, I want to generate a timechart count of actual values and overlay a trendline of expected goal growth. Basically I want to trend how my data is growing over time with a visual of how I hoped it...
View ArticleWhat is the best way to generate a timechart count and overlay a trendline of...
Hi, I want to generate a timechart count of actual values and overlay a trendline of expected goal growth. Basically I want to trend how my data is growing over time with a visual of how I hoped it...
View ArticleHow do I convert the following data into a pivot table?
With the following search index=msperf sourcetype="perfmon_processor_xml" | xpath outfield=Architecture "//COMMAND/RESULTS/CIM/INSTANCE/PROPERTY" | mvexpand Architecture | rex field=Architecture...
View ArticleIs there a way to avoid the join command between indexes?
I'm trying to get my head around the alternatives, but can't see how I could get rid of the `join` in the following query: index="docverificationengine" "Issuing country does not match WR records for...
View ArticleNeed to use these 2 searches because of multikv with 1 table
So here is my search index=someindex sourcetype=somesourcetype source="someloglocation*" eventtype="nix_kernel_attached" "\"outcome\":\"success\"" | multikv | mvexpand _raw | rex field=_raw...
View Articleregex for counting fields
hi i have one question, is it possible to count the number of event in regex format for writing in transforms.conf?
View Articlerex extract field not working as expected/ miss handling ")" in regex
Hi I have a field with following value 16/08/2018 03:04:11 - Christian (Work notes) Remote Desktop Notes: - still unable to remote in to the machine 10/08/2018 07:11:53 - Christian (Work notes) Remote...
View Articlefile without line feeds and carriage returns
Hi at all, I have a file without CR al LF to divide events. I usually parsed these files without problems (e.g. SAP logs), but now I don't know why it doesn't run! this is an example of my file...
View ArticleChart only values 15% above calculated average response
I've created a chart that only shows run times above a 60 day average and it's corresponding average, which works perfectly. However, now my users are looking to narrow these to occurrences that are...
View ArticleUnset inputs link list
Hello community, please can you give me some help? I have in my dashboard three different inputs link list each with different options, my question is: It is possible to do that when selecting any of...
View ArticleWhat is the max value for maxHotSpanSecs
Manual says to not go below an hour, but I am getting: Invalid key in stanza [main] in /opt/splunk/etc/system/local/server.conf, line 46: maxHotSpanSecs (value: 31536000). so it sounds like there is a...
View ArticleHow to check if an account or username is locked through Splunk? This is not...
We have been issues when application stops responding , when a particular account gets locked. I would like to create an alert to overcome this issue.
View ArticleHttpListener - Socket error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong...
Hi, I started to get the error below after my splunk was updated: HttpListener - Socket error from 127.0.0.1 while idling: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number I thought was...
View ArticleexcludeFromUpdate is not ignoring the directories.
I am trying to push a specific .conf as part of the /local directory of myApp from Deployment Server. I have provided the excludeFromUpdate attribute to ignore a couple of directories which I do not...
View ArticleColorpalette help
Hi I use this colorpalette code in my xml But the value of my threshold has To be in % I do 10%,20% but it doesnt works An idea please? Code: [#DC4E41,#EC9960,#53A051]10,20
View Articleforward events to multiple indexers
hi everyone, I have web server events. I want to forward specific events that contain digits 404 to index1 and remaining event to index2. below is an example event: 12.130.60.4 - - [13/Jan/2016...
View ArticleCPU usage of /apps is 100 percent on a indexer
In one of indexer the /apps usage is 100 per.How can I know what is the root cause which app is using more CPU Filesystem Size Used Avail Use% Mounted on /dev/mapper/apps-apps 5.3T 5.3T 1.1G 100% /apps
View Articlesysmon props.conf _time extractions is working but isn't adding the...
My props.conf time extraction looks like this and works great for extracting the time and milliseconds from the tool to get data in in splunk. Added it for both Xml source and WinEventLog....
View ArticleQuestion about perfmon:logicaldisk
Hello I want to monitore the free MB and the free space of my logical disk So in inputs.conf I have : [perfmon://LogicalDisk] index = perfmon counters = Free Megabytes;% Free Space;% disabled = 0...
View Article