Json event breaking no longer working since indexing method changed.
Hello! I have some json data being generated by a client-side tool: { "name": "open_sockets", "hostIdentifier": "ip-172-30-1-242.ec2.internal", "calendarTime": "Tue May 24 10:37:31 2016 UTC",...
View ArticleCloudWatch Logs inputs not streaming into realtime search, why?
I am running the Splunk Add-On for AWS, now at version 4.0.0 as of tonight. I'm mostly interested in CloudWatch Logs events. I understand that each input has a polling interval. I've set my interval to...
View ArticleQuality and commitment to AWS Add-on
Just looking for some feedback on where we are in the lifecycle of this Add-on and the commitment to quality. Is it alpha, beta, RC? Having spent a few weeks now trying to use the plugin I have had...
View ArticleHow to drilldown (open) dynatrace client from Splunk UI.
I tried procedure described in below link. https://community.dynatrace.com/community/display/DL/Splunk+Application And dynatrace data is shown in Splunk, however "Drill down to CompuwareAPM" option is...
View ArticleWant an Event report in 15 minute time frames
Hello I want to generate an email report on our syslog once every 15minutes listed down with the events on that time frame. Not a mail for every syslog. Sort of a Rollup email that includes whatever...
View ArticleBandwidth utilisation report of a router
Hi We have newly setup splunk and it is being used for windows servers performance reports and dashboards. Now our Network team wants us to send the reports for Bandwidth utilisation for few of their...
View ArticleHow to drilldown (open) AppMon (dynatrace) client from Splunk UI.
I tried procedure described in below link. https://community.dynatrace.com/community/display/DL/Splunk+Application And dynatrace data is shown in Splunk, however "Drill down to CompuwareAPM" option is...
View ArticleSend parameters to View from navigation panel
I have a view which I want to reuse across multiple Apps. I have configured the view using a navigation setup. However, I want to dynamically send the value of Hostname to the view based on the app...
View ArticleHow to create eventtype on transaction
Hi Team, I am creating pie chart based on eventtype, For my one of the application logs. I have two logs for one unique request. So i have used transaction to find out duration. But now problem is I...
View ArticleHow can we convert SPLUNK 4.3.2 module code to lastest SPLUNK 6.3 HTML...
HI All, Can you please help me in converting the below module code in to HTML code , 0,"licviol","licviolno") |eval class2 = if(Violations>0,"licviol1no","licviol1") | table...
View ArticleAdding risk scores to incident review
Is it possible to add the risk scores to the notables listed in Incident Review? I think it's possible to achieve this with UBA, but I don't have UBA and am unlikely to have it in the short to medium...
View ArticleAdding risk scores to incident review
Is it possible to add the risk scores to the notables listed in Incident Review? I think it's possible to achieve this with UBA, but I don't have UBA and am unlikely to have it in the short to medium...
View ArticleHow to call a Stored Procedure using DB Connect2 app
I have SP on my SQL server and want to call the SP after regular intervals and index the SP return result set. How cna this be possible using DB Connect 2 app?
View ArticleHow to use rex to extract Linux directory sizes and names (Part II)?
**Additional** question 'to the same scenario': "How to use rex to extract Linux directory sizes and names?" On other servers where I ran the same script, the output differs when retrieving the data...
View ArticleNot all DCs returning msad:nt6:health
I have setup the TA-DomainController-2012R2 app on all 6 of my Domain Controllers, however only 4 are returning any data when I search index=msad sourcetype="msad:nt6:health" All 6 return when I search...
View ArticleCannot find System Activity in 6.4
Hi there, The Activity > System Activity was very useful in the previous Splunk versions, letting you quickly access to last Errors and the like. It has been removed in 6.4. The documentation says...
View ArticleDBX2 menu bar not showing
after upgrade to 6.2.2, DBX2 menu bar is not showing. No UI options for explorer, operations, health etc. I assume this is some priv problem, but I don't know which one.
View ArticleNot able to edit kvstore lookups with lookup editor app
Hi I have created a kvstore collection as below in collections.conf [samplecollection] replicate = true Then i created a lookup based on above kvstore collection in transforms.conf [samplekv_lookup]...
View ArticleHow to put user in two different roles with conflicting access
I have role #1 that can access a set of apps with limited index access. I have role #2 that can access different apps with all external index access I have a user that would like both roles but when he...
View ArticleDefault behavior of Checkbox object in forms
The default behavior of a checkbox is to have all items unchecked. This can be overridden by entering the specific defaults in the default field. However, this is pretty much useless when the data that...
View Article