Invalid result in getting span between two dates
This code: | makeresults | eval StartTime = strptime("2018-01-01 00:00:00", "%Y-%m-%d %H:%M:%S") | eval EndTime = strptime("2018-01-01 00:10:00", "%Y-%m-%d %H:%M:%S") | eval Elapsed = EndTime -...
View Article誤ったタイムスタンプが表示される
props.confでTIME_PREFIX、MAX_TIMESTAMP_LOOKAHEADやTIME_FORMATなどを正しく定義したにも関わらず、検索結果に表示されるタイムスタンプ情報(_timeの情報)が実際のタイムスタンプと異なっています。 例えば、「2018 Jan 11 16:36:16」が「1970 Jan 1 12:05:43」として表示されます。...
View Articleblacklisting file with pattern in the filename
Hello, We would like to exclude some files from indexing using blacklist. At the moment it looks as follows and works fine `blacklist...
View ArticleWhy is the extracted field not shown and not available for search
I extracted three fields the data is `\\VMMSNEWPALM2SER\Process(TIDC.Imports)\% Privileged Time, ,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0` I want to extract the `VMMSNEWPALM2SER` ,...
View Articlesame search query returns different number of results
Hi, I have Splunk Free (I am afraid this is not present in the "choose product" list, switched from "Enterprise Trial"...). I am using the same user (there is only admin user in Splunk Free), and run a...
View Articledynamic comparison of todays to last week
index = abc App_Name=xyz earliest=-0d@d latest=now | multikv | eval ReportKey="Today"|append[search index = abc App_Name=xyz earliest=-7d@d latest=-6d@d | multikv | eval ReportKey="LastWeek"| eval...
View ArticleCan we change background color for the Splunk input choices ?
I have a dashboard where panels hide/show according to the linked list choices you are making, Now i want the choices to have a specific color change and font color, when i am trying to use background...
View ArticleIssue regarding summary index fields
Hello, I have created a scheduled search which populates summary index from a custom index. My main custom index has around 100 fields, but those fields are not appearing in summary index, only host,...
View ArticleSend failure while pushing PK to search peer = https://*.*.*.*:8089 , Read...
I'm getting the above warning messages in the internal Splunk logs every minute from each of our 3 x search heads. The search peer in question is in our secondary site (let's say B) to the search heads...
View ArticleHow to create a dashboard with dependencies between assets, like a tree or...
How to create a dashboard with dependencies between assets, like a tree or topology, something like the one used in the "IT Service Intelligence" app? Thank you very much in advance.
View ArticleCombine multiple cron job into a single cronjob for a single db input
Hi All, I have a db input created in splunk db connect app. I want to execute the query based on cron schedule. The problem is I want to run the first job in every 45 mins starting from 0:00 to 12:00...
View Articlewant to trigger severity based on two violations and below criteria
sourcetype=xreGuide XRE-07*** IS_VISIBLE=true | bucket _time span=10m | stats dc(receiverId) as receiverIds by _time | eval psev=case(receiverIds<=499, "4", receiverIds<=9999, "2",...
View Article"View Capabilities" page missing...
We upgraded our splunk and found that when you click on "view capabilities" for a user in the AccessControls >> Users page it'll take you to a great picture of buttercup 404. Does anyone know...
View ArticleRex Help in a search query
I have a field values with below formats and need to extract the end value extensions like (cjs, js ..,etc) from it and store it in a separate field . Can anyone help me with this? Thanks...
View ArticleCustom Adaptive Response Action in ES with Validation
Hello, I'm unable to get field validation in a custom Adaptive Response Action in Splunk Enterprise Security. What I would achieve is field validation that obliges the user to fill the field (required...
View ArticleCan you help me trigger severity based on two violations and below criteria?
sourcetype=xreGuide XRE-07*** IS_VISIBLE=true | bucket _time span=10m | stats dc(receiverId) as receiverIds by _time | eval psev=case(receiverIds<=499, "4", receiverIds<=9999, "2",...
View ArticleJSON format log getting truncating
I have a log which has a JSON format lines in the middle. Splunk is extracting the log but is truncating JSON part to 26 lines. How do I get the full log without Splunk truncating the JSON lines.
View ArticleCould you help me use rex to extract end value extensions from field values?
I have field values with the below formats and I need to extract the end value extensions like (cjs, js ..,etc) from them and store them in separate fields. Can anyone help me with this? Thanks...
View ArticleJSON format log getting truncating
I have a log which has a JSON format lines in the middle. Splunk is extracting the log but is truncating JSON part to 26 lines. How do I get the full log without Splunk truncating the JSON lines
View ArticleIn a dashboard, can we change background color for the Splunk input choices ?
I have a dashboard where panels hide/show according to the linked list choices you are making, Now, i want the choices to have a specific color change and font color. So, when i am trying to use a...
View Article