How to know the number of events processed in a dashboard?
Question1. I have a dashboard with multiple timecharts type query running with different logic and different preset times. I want to know how many events were processed as a part of that chart to run....
View ArticleTimechart with multiple rows
I am trying to setup a timechart and I am a beginner in Splunk. I'd like to show a timechart with two rows, i.e., two sets of data for a week). I have below query: `index=myindx "Box Sales Job:" "Total...
View ArticleWhy does my sed replace command replace too much?
I need some help figuring out why my sed replace command is replacing all of the text to the end of the event in Splunk rather than just the specific text I had it look for. As part of a...
View ArticleSplunk_TA_nix: why are my reports showing "No results found"?
Hi, I'm having troubles with TA_nix application installed in RHEL 7, Splunk version 7.1.1 . I'm getting the data from my server that have TA_nix installed; also my Splunk server (single instance) has...
View ArticleSplunk App for AWS: Availability timeline for 7.1.2
When will the Splunk App for AWS be available for Splunk Enterprise 7.1.2? Thanks!
View ArticleCustom alert script fails with sendalert
I'm trying to create a custom alert application. All I want to do right now is to see what kind of parameters I can pull and utilize. So I'm just doing a simple print into a file. I created an app...
View ArticleAlert on different cron schedules
We have 4 tasks that run on different schedules and log an event in the application logs when the job starts. The task is to alert if the job doesn't run on a prescribes schedule. Can this be done with...
View Articlewhy no passwd file
Hi, I had to recover a passd for splunk, and deleted the passwd file and then restarted splunk, but no new passwd file is generated. I thought Splunk auto-generated this file when this happens? I am...
View ArticleHow to set the order of queries to be run in a Splunk dashboard
We have 2 different searches which interrelated. 1st search is called through a macro which publishes its result into a lookup file. while 2nd search uses the data from the lookup file(result of macro)...
View ArticleHow do you set up a timechart with multiple rows?
I am trying to setup a timechart and I am a beginner in Splunk. I'd like to show a timechart with two rows, i.e., two sets of data for a week). I have below query: `index=myindx "Box Sales Job:" "Total...
View ArticleHow do you create an alert for different cron schedules?
We have 4 tasks that run on different schedules and log an event in the application logs when the job starts. The task is to alert if the job doesn't run on a prescribed schedule. Can this be done with...
View ArticlePassword Recovery: Why was a new passwd file not generated?
Hi, I had to recover a password for Splunk and deleted the passwd file and then restarted Splunk but no new passwd file is generated. I thought Splunk auto-generated this file when this happens? I am...
View ArticleHow do you set the order of queries to be run in a Splunk dashboard?
We have 2 different searches which are interrelated. 1st search is called through a macro which publishes its result into a lookup file. While 2nd search uses the data from the lookup file(result of...
View ArticleUnable to monitor logs from windows machine.
Hi, I am struggling to monitor files from a windows machine. Below is my inputs.conf file [default] index=maspat [monitor://C:\MASPAT\Results] sourcetype=mas crcSalt= ignoreolderThan=1d Not sure why I...
View ArticleApp pushed to Universal Forwarder from D.S except inputs.conf. Please advise.
I have created a custom app on D.S and pushed it on the U.F. The app got pushed successfully except only the inputs.conf I have tried everything from `splunk reload deploy-server` to reloading the U.F,...
View ArticlePlease help me identify why Splunk is omitting extracting milliseconds from...
Hi folks, running into a strange issue here. Taking the following json: { @timestamp: 2018-08-29T13:07:10.508997+00:00 component: auth-proxy- event: Health Call eventdetails: Health check call is good...
View ArticleUse Font Splunk 6 for Splunk 7
Hi All! i want use font splunk 6 for splunk 7. How can i do?
View ArticleAudit who disable Data Input
recently we found one data input for receiving syslog was stop we dont know is the service issue auto stop or someone who disable it, i tried to search index=_audit, also even i saw some log edit...
View ArticleHow to rewite query to change columns to rows, rows to columns
How to convert below query such that rows are converted to columns index=data earliest=-1w@w latest=now |eval requestcount=1 | timechart per_second(requestcount) AS RequestPerSec | eventstats...
View ArticleHow to Remove Token Name on When Token Has No Value
We're working on an HTML table with `` that displays value of token (such that `$token1$`). We don't know how to remove the token name `$token1$` when we deselect from the inputfield. Here's a clearer...
View Article