How to embed a timechart visualization from a Splunk query into a web app?
I have the following Splunk query that produces the following visualization: ![alt text][1] I would like to embed this exact visualization into a web app using an iframe. How can I do this? Currently,...
View ArticleTime chart display question
Just want to ask why sometimes there is a dot in my time chart graph? and how to erase that? The dot looks like picture attached. ![alt text][1] [1]:...
View ArticleTransforms.conf REGEX issue
8/30/18 9:38:51.000 AM **rec_type=71** dns_query=s3.amazonaws.com dns_record_name=A src_tos=0 ssl_expected_action=Unknown ... 8/30/18 9:14:19.000 AM **rec_type=109** id=185 rec_type_desc="Web...
View ArticleHas the TA Metricator prevented cluster peer restart for anyone else?
We have the metricator TA deployed in our cluster and when performing a rolling restart, the process is held up by the various metricator scripts not shutting down. Manually killing the TA python...
View ArticleAutomatic lookups not working
Hey Splunk, long time lurker, first time poster. I am attempting to perform an automatic CIDR lookup from a CSV file on a specific sourcetype. I can manually perform the lookup and get data back, but...
View Articlehow to check the earliest event can be queried from a index
My understanding is Splunk will purge old data for an index when the disk usage limit is reached. Is there an easy/fast way to track what is the earliest event a query can trace back at all time?...
View Articlehow to find the earliest event a query can search in an index?
my understanding is splunk will purge old data in an index when the disk limit is reached. what is the easy/fast way to find out the earliest available event in an index? Thanks in advance
View ArticleHow do you calculate average time between transactions group by two fields?
I have logs from a SIP proxy server and I'm trying to get metrics from SIP transactions metrics from a SIP proxy server logs. I have the following events: Peer AAA events: Time, call id A, message A.1,...
View ArticleHow search by unicode value?
Hi, I have the following example record: 30/08/2018 13:30:27.996;VM1;ASH;AccessModule;processPacketBuffer;MSISDN;xxxxxxxxxxxx;;INFO;;;Return Access ;...
View ArticleNo Data input following 7.1.2 upgrade on 2008 server
Hello, I have upgraded my Splunk Enterprise 6.5.1 to 7.1.2 on a Windows 2008 R2 (https://answers.splunk.com/answers/672130/splunk-win2008r2-upgrade-65-to-71.html for my last thread). I have enabled the...
View ArticleVisualizations: Why is there a dot in my time chart graph?
Just want to ask why sometimes there is a dot in my time chart graph? and how to erase that? The dot looks like picture attached. ![alt text][1] [1]:...
View ArticleWill someone help me with my REGEX in this Transforms.conf?
8/30/18 9:38:51.000 AM **rec_type=71** dns_query=s3.amazonaws.com dns_record_name=A src_tos=0 ssl_expected_action=Unknown ... 8/30/18 9:14:19.000 AM **rec_type=109** id=185 rec_type_desc="Web...
View ArticleWhy are my automatic lookups not working?
Hey Splunk, long time lurker, first time poster. I am attempting to perform an automatic CIDR lookup from a CSV file on a specific sourcetype. I can manually perform the lookup and get data back, but...
View ArticleFor the Splunk Add-on for AppD, what is the format of the "Parameter" field?
I wish to hit "/controller/rest/applications/app-name/request-snapshots?time-range-type=BEFORE_NOW&duration-in-mins=60" but it doesn't seem to be working. I've tested with a REST client and it...
View ArticleSplunk crashes
Hello, my splunk keeps crashing when I try to download software ever sine I added in the [proxy_config] and http:// and https:// to the server.conf file... When its not in there it doesn't crash....
View ArticleWhy am I unable to complete Splunk 7.1.2 installation on my Mac OS 10.13?
I followed the procedure mentioned in the third module of Splunk fundamentals 1 course to install Splunk on Mac OS 10.13. All of the steps were completed. The Splunk short cut icon is created on the...
View ArticleHow do I perform math against two searches?
I have two searches that use the same index and each return a numerical total, differing only in the period of time of the data they look at. How would I perform math on the search results for example...
View ArticleCan I exclude certain columns in a table from drilldown?
Hello, Basically just want to know if there is a way in the Splunk XML to exclude certain columns in a table from drill-down making them essentially un-clickable? While others are still clickable? Thanks
View ArticleDoes the Splunk universal forwarder offer some sort of time monitoring...
All, SO bad guy changes the time on the system. Does the fowarder KNOW there is a sudden time change and log it? I think security pros call this TOCTOU?...
View ArticleHow can I override sourcetype and redirect to another index?
Hi Guys, I want to override sourcetype for all events before being indexed and redirect some of those events (those with ERROR) to another index with the overridden sourcetype. So, I need events to be...
View Article