Can you help me format a table that would generate the highest CPU users per...
G'Day I've got some data I'm pulling out of some events with a search: HOUR - Two digit hour of the day PROCESS - Name of a running process CPU_USAGE - The CPU the process used during the hour What I...
View ArticleSNMP -- Correcting date/time output and rogue ap mac address
Hello, I just configured an SNMP-Trap on an RHEL box to send to Splunk. Getting the following output: Agent Hostname: (hostname) \N Date: 5 - 8 - 8 - 9 - 6 - 4461316...
View ArticleHow to exclude log from sending to splunk to save quota
Hi guys. I have daily quota for 3G. but the log is too much. So im trying to exclude some log like heart beat send to splunk to save some usage. Im trying to use Splunk Filter Rules -> Exclude...
View ArticleShare a basic hello world script with Ruby?
All, I need to send some data from a Ruby script to HEC collectors. Anyone have a basic hello world script they can share? Doesn't need to be fancy.
View ArticleHow do I exclude log from sending to Splunk to save quota?
Hi guys. I have daily quota for 3G. but the log is too much. So, I'm trying to exclude some logs, like heart beat, to send to Splunk to save some usage. I'm trying to use Splunk Filter Rules: ->...
View ArticleHEC: Share a basic hello world script with Ruby?
All, I need to send some data from a Ruby script to HEC collectors. Anyone have a basic hello world script they can share sending a string to a HEC with ruby? Doesn't need to be fancy.
View ArticleSPL: How to perform a SQL Like Minus Operation?
I am trying to remove certain logs from a base query of a certain type based on the results of another query of a different type of log. Both are connected by the user field. Specifically, I have...
View ArticleWhy does Splunk keep crashing when I try to download software?
Hello, my Splunk keeps crashing when I try to download software ever since I added in the [proxy_config] and http:// and https:// to the server.conf file... When its not in there, it doesn't crash....
View ArticleColor coding for values by rows
Hi All, I have two to three rows, something like below: ABC 98 97 67 DEF 50 45 23 GHI 3 2 1 three rows of a table is as shown above. Now i need to apply three color codings to each row based on ranges....
View ArticleSearch for IP address hitting a specific port + any other ports
I think this should be within my grasp, but I don't seem to be able to create a search that returns what I'm looking for. I'm trying to return from syslog any IP address that hits a specific port (say...
View ArticleHow to detect the beginning/ending of Daylight Savings Time?
I have a report in which a date/time field is converted from GMT to MST/MDT, depending on if it is currently in Daylight Savings Time. Since DST ends/begins on a different date every year, how do...
View ArticleHow do I Search for IP address hitting a specific port + any other ports?
I think this should be within my grasp, but I don't seem to be able to create a search that returns what I'm looking for. I'm trying to return from syslog any IP address that hits a specific port (say...
View ArticleTime token changes in a comparison timechart
I successfully put together a graph that compares bandwidth consumption over a period of time (currently hardcoded to 60 minutes) with that of the previous week. Now having troubles hooking my query up...
View ArticleTokens: Why is the search element with depends attribute not working?
I am trying to define a chained search where filters are applied if the corresponding token is set. But, in the example below, the depends attribute seems not to work as expected. The search is waiting...
View ArticleHow do you calculate average time between transaction groups by two fields?
I have logs from a SIP proxy server and I'm trying to get metrics from SIP transactions metrics from a SIP proxy server logs. I have the following events: Peer AAA events: Time, call id A, message A.1,...
View ArticleHEC: Share a basic hello world script with Ruby to send to HEC?
All, I need to send some data from a Ruby script to HEC collectors. Anyone have a basic hello world script they can share sending a string to a HEC with ruby? Doesn't need to be fancy.
View ArticleSingle Value: Trellis View - color change based on string values
Hello Ninjas - I am not sure if I am having a brain fart or if I am just not grasping this. Seeking some help, please. I have searched for a good few hours now and have read several of the docs. I have...
View ArticleField extractions
When using the curl get, I am receiving a json response, however with no field extraction. SPATH is not working and, neither are my manual regexes. I would like the extracted fields from the json, or...
View ArticleNeed hand write a [subsearch with me]
Firstly, i am trying to separate 1) cachekey=false in one query and 2) cachekey=true in another query and 3) with both combined in one query. also i want avg response time and perc90 response time....
View ArticleI'm looking for a query to search for users logging in remotely via either...
We had a user log in remotely either with ESXI with a VM, with Remote Desktop or with the command prompt using SSH. Our Splunk server is on a domain and we are trying to determine who logged in and...
View Article