Can you help me with summary index field issue?
Hello, I have created a scheduled search which populates a summary index from a custom index. My main custom index has around 100 fields, but those fields are not appearing in the summary index. Only...
View ArticleWhy am I getting the following "send failure" message in my internal logs:...
Here is the complete warning message: Send failure while pushing PK to search peer = https://*.*.*.*:8089 , Read Timeout I'm getting the above warning messages in the internal Splunk logs every minute...
View ArticleHow do you create a dashboard with dependencies between assets, like a tree...
How to create a dashboard with dependencies between assets, like a tree or topology, something like the one used in the "IT Service Intelligence" app? Thank you very much in advance.
View ArticleHow do you combine multiple cron jobs into a single cron job for a single...
Hi All, I have a db input created in the Splunk DB connect App. I want to execute a query based on a cron schedule. The problem is I want to run the first job every 45 mins starting from 0:00 to 12:00...
View ArticleAfter upgrading Splunk, why is the "View Capabilities" page missing?
We upgraded our Splunk and found that when you click on "view capabilities" for a user in the AccessControls >> Users page it'll take you to a great picture of buttercup 404. Does anyone know...
View ArticleWhy is my JSON format log getting truncating?
I have a log which has a JSON format line in the middle. Splunk is extracting the log but is truncating the JSON part to 26 lines. How do I get the full log without Splunk truncating the JSON lines?
View ArticleWhy is my below search throwing the following error: "Predict Error: Too few...
The search below throws the error whenever there are more than two hosts searched for.: **command="predict", Too few data points: -5. Need at least 1 (too many holdbacks (5) maybe?)** If searching for...
View ArticleWill you help me fix my license usage by host query?
Hello All, I am using Splunk version 7.1.0 for the Distributed Management Console (DMC) and I want to calculate the license usage by host. I am using the below query: index=_internal...
View ArticleDistributed Monitoring console unable to find indexers
I followed the instructions for setting up the monitoring console in distributed mode. I have added the cluster master, search heads, and deployment servers as search peers. The monitoring console can...
View ArticleHow do I pull multiple events in a large XML file
Our vulnerability scanner is only able to provide XML output and i would like to get this into Splunk. The problem I am running into is that each system can have multiple events called audits. I would...
View ArticleMy alert isn't being triggered for some reason.
Hi everyone, I'm trying to set up an alert for daily license usage and notify me when it reaches a certain threshold. | rest splunk_server=shaklee-splunk-enterprise /services/licenser/pools | rename...
View ArticleCan you help me figure out why alert isn't being triggered?
Hi everyone, I'm trying to set up an alert for daily license usage which would notify me when it reaches a certain threshold. | rest splunk_server=shaklee-splunk-enterprise /services/licenser/pools |...
View ArticleThe Http Event Collector (HEC) accepts but doesn't index _json event with...
Hi, I've tracked down an issue we've been having where some events being sent through our HEC haven't been indexed, even though it responds with HTTP 200 and Success (0). I've found two workarounds for...
View ArticleCan you help me create a search query that would make a dynamic comparison of...
I wrote the following query for today's comparison with last week: index = abc App_Name=xyz earliest=-0d@d latest=now | multikv | eval ReportKey="Today"|append[search index = abc App_Name=xyz...
View ArticleChange single panel color based on text result
I'm working on creating a dashboard with a single panel view. My search is determining if i'm processing data in x, y or x+y. I can get the dashboard to correctly display the location but i'd like to...
View ArticleMetadata TRANSFORMS- not being applied after series of
I have a customer with a nightmare syslog server environment -- different sourcetypes in different log files on different syslog servers, shared unqualified hostnames used in different data centers,...
View ArticleConfigure trace and audit log collection - no \local folder under...
Cannot find a \local folder under %SPLUNK_HOME%\etc\apps\splunk_app_db_connect\ after installing the DB_Connect add on. Have restarted the SQL services and Splunk service. We are running Windows Server...
View ArticleCreate a Table With Each Row Being a Log and Every Column Being a Recognized...
I was wondering if there is an easy way to create a table that contains every single recognized interesting field instead of doing the usual `| table field1, field2...` method. To be clear I want to...
View ArticleTransaction Duration Issue
Hey all, I wanted to see if someone can help me out with this. Basically im trying to get a duration for the time in between 2 scenarios. Im trying to get how long it takes for each user to get from...
View ArticleMetadata TRANSFORMS- not being applied after series of transforms
I have a customer with a nightmare syslog server environment -- different sourcetypes in different log files on different syslog servers, shared unqualified hostnames used in different data centers,...
View Article