Regular Expression help
Hi, I am looking for some help regarding Splunk Regular Expression. I have a data something like this in a field "field1" - \P1 S+ box 5.00 Dol\BUNDLE_1 0.00 Dol\ P2 Not applicable 15.00 Dol\ DISCOUNT\...
View ArticleIs there a way to export all searches, alerts and reports from all users to...
Hello guys, my question is pretty simple. Is there a easy way to export all your searches/reports and alerts created from every user, from one splunk indexer instance to another instance? My only...
View ArticleHow to implement "not in" in splunk
How to implement "not in" in splunk? I want to find out the data that is not in the collection, as shown below ![alt text][1] But always make mistakes, as shown below. ![alt text][2] [1]:...
View ArticleAlert when process appears in multiple IPs
Say I have a table of processes and IP addresses. I want to make an alert when a certain process was monitored in multiple computers during the last 24 hours. How can I do it? Very specific question I...
View ArticleWhy does adding a table command after transaction result in no results found?
| inputlookup id_test.csv | reverse | eval _time=now()| transaction Col_A startswith=(Col_C=yes) returns results: ![alt text][1] With table and even fields afterward, there are no results: ![alt...
View ArticleIF statements to determine which table to format in
Hi there, I'm wondering if it's possible to format a Splunk query like so: IF results contains "this string" THEN use these formatting commands OR IF results contains "a different string" THEN use...
View Articlesplunk search command to raise alert when the count is high compare to other...
Dear All, Need help here in raising alert for the host having higher count than others. Below is the output of my search query. Please suggest the comparison or suitable command to raise alert for the...
View Articlemy Splunk GUI is not showing up after the upgrade from 6.3 to 7.0 ?
Hi Splunkers, I have distributed environment having 2 IDX's, 2Sh+1SHQN and 1 Deployer. I have successfully upgraded Deloyer from 6.3 to 7.0 but when I tried to upgrade the SH's from the same version,...
View ArticleIs there a Splunk search command that raises an alert when a host's count is...
Dear All, I need help raising an alert that would return which host has a higher count than the others. Below is the output of my search query. Please suggest the comparison or suitable command to this...
View ArticleWhy is my Splunk GUI not showing up after the upgrade from 6.3 to 7.0 ?
Hi Splunkers, I have distributed environment having 2 IDX's, 2Sh+1SHQN and 1 Deployer. I have successfully upgraded Deployer from 6.3 to 7.0, but when I tried to upgrade the SH's from the same version,...
View ArticleWith a full list of class C IPs, how can i get Splunk to show me how many...
We are searching new environments monthly. I can get Splunk to stat out a total list of ips, but i'm not sure how to get it to find all the VLANs. ideally i would like to show all the available fields...
View ArticleLicense Usage justification Report
Hi Team, I am facing license violation issue, I have received 4 warnings (29th 30th 31st 1st august) but 2nd and 3rd september there is no violation but what we are thinking is we dont want to take...
View ArticleWhere can I find developer resources for developing a new HUNK add-on ,...
For Hunk , there is an add-on to query mongoDB as a virtual index. I would like to develop a similar add-on for HUNK to query a different database type. Where can I find developer resources or examples...
View ArticleHas anyone successfully configured _HTTPOUT_ROUTING in outputs.conf?
hi all, i read about the _HTTPOUT_ROUTING in outputs.conf at https://docs.splunk.com/Documentation/Splunk/7.1.1/Forwarding/Routeandfilterdatad . Unfortunately, I didn't find anything in the specfiles...
View ArticleCan I change the APP folder's permissions?
I want to use the Git tool to manage the Splunk APP code. The Git needs write and read permission for the APP folder, but when I create an app by Splunk web, the permission of app folder is...
View ArticleWhy is my search returning no events after data entry?
Hello I have done a data entry in Splunk for the log event below : [WinEventLog://Microsoft-Windows-PowerCfg/Diagnostic] checkpointInterval = 5 current_only = 0 disabled = 0 index = windows start_from...
View ArticleHow to convert the time format to UK and 24 hour time?
Hello, I have a field called in_time with example output = 8/31/2018 10:21:59 PM (GMT) I'd like this time (e.g. out_time) to be extracted and converted to read 31/08/2018 22:21:59 Can you help? Many...
View ArticleWill someone help me with my Regular Expression query?
Hi, I am looking for some help regarding Splunk Regular Expression. I have a data something like this in a field "field1" - \P1 S+ box 5.00 Dol\BUNDLE_1 0.00 Dol\ P2 Not applicable 15.00 Dol\ DISCOUNT\...
View ArticleCan you help me with a License Usage justification Report?
Hi Team, I am facing a license violation issue, I have received 4 warnings (29th 30th 31st 1st august) but 2nd and 3rd September there is no violation. But what we are thinking is we don't want to take...
View ArticleWhy are my searches only hitting one Indexer in a cluster ?
Hello everyone. I have a multisite Indexer cluster. 2 IDX (IDX01, IDX02) and CM 2 SH with a deployer and a VIP to SH cluster site 1 SH1 IDX01 CM site2 SH2 IDX02 search affinity is enabled. For example...
View Article