Why is there no \local folder under splunk_app_db_connect when trying to...
Cannot find a \local folder under %SPLUNK_HOME%\etc\apps\splunk_app_db_connect\ after installing the DB_Connect add on. Have restarted the SQL services and Splunk service. We are running Windows Server...
View ArticleHow to get the time duration between two scenarios?
Hey all, I wanted to see if someone can help me out with this. Basically im trying to get a duration for the time in between 2 scenarios. Im trying to get how long it takes for each user to get from...
View ArticleWhy is my JSON format log getting truncated?
I have a log which has a JSON format line in the middle. Splunk is extracting the log but is truncating the JSON part to 26 lines. How do I get the full log without Splunk truncating the JSON lines?
View Articlealert on search result that are higher than a specific value in the column
I am trying to trigger an alert based on a value that is in a column. Below is the search I am running |`node_details(SERVER NAME)` | search Node_ID="Node3" (stats.key="node.cpu.sys.max" OR...
View ArticleCan I generate report to a shared network location
Hello, Looking for suggestions on how to generate a Splunk report on a network drive. Instead of email with attachment, is there a way to generate a report to be placed on a network share? Thank you!
View ArticleSplunk Add-on for ServiceNow - The ServiceNow Update set is outdated!
Hi, It looks like the latest version of this update is not available as an update set:...
View ArticleCan you help me create an alert that triggers when search results are higher...
I am trying to trigger an alert based on a value that is in a column. Below is the search I am running |node_details(SERVER NAME) | search Node_ID="Node3" (stats.key="node.cpu.sys.max" OR...
View ArticleThe ServiceNow Update set is outdated — Shouldn't there an update for the...
Hi, It looks like the latest version of this update is not available as an update set:...
View ArticleHow do you create a table with each row being a log and every column being a...
I was wondering if there is an easy way to create a table that contains every single recognized interesting field instead of doing the usual `| table field1, field2...` method. To be clear I want to...
View ArticleAfter installing the DB_Connect Add-on, why can't I find \local folder when...
I cannot find a \local folder under %SPLUNK_HOME%\etc\apps\splunk_app_db_connect\ after installing the DB_Connect add on. I have restarted the SQL services and Splunk service. We are running Windows...
View ArticleDMC not displaying accurate DISK usage values
Hi, I see that DMC is unable to give the right volume usage for a particular partition in the servers. It is showing wrong partition value in every instance for that particular partition name. Any...
View ArticleWhy _internal logs from heavy forwarder is not getting to indexers after a...
All of a sudden _internal logs from HF stopped coming to indexers after a splunkd restart. But i see _audit logs making it to indexers. I see splunkd.log on HF is growing. There is no change in...
View ArticleSplunk DB connect netowrk connection error
Hi All, I installed DB connect on my Heavy forwarder No firewall running on my splunk and the Oracle database we are trying to connect requires firewall port to open. They opened the firewall port of...
View Articlexyseries custom sorting
I want the results of the following query will be sorted by order I declare. For some reason, it does not work so I might missed something: my_query | eval _time = time| bucket _time span=1d | stats...
View Articleeval - Why am I being stupid?
I am attempting to write a search which uses eval show the difference between two assignment groups. A number of assignment groups which all begin with ABC. I want to group all of these as 'IDS'.I then...
View ArticleHow do I extend the number of results that an external script returns to more...
Hello, I have an external script that makes calculations. The problem is that it is limiting the number of results to 100000. By default it is 50000, but I managed to extend it to 100000 by adding the...
View ArticleSourcetype configuration - Duplicate fields
Hello Splunkers, I am trying to configure a sourcetype in Advanced section. For example, I create a field alias by creating the key/value: ![alt text][1] [1]: /storage/temp/254920-1.jpg When I perform...
View ArticleHow to hightlight a tabel cell based on a field of the search result?
I am trying to highlight the cells of my result table. I have seen multiple examples showing how to highlight a cell based on the value shown in the actual result table. What I need to achieve is, that...
View ArticleManaging sourcetype
Hello Splunkers, Is it possible to edit a sourcetype after its creation? Thank you in advance! Afroditi
View ArticleSearch an lookup csv
Dears, I'm trying to use the lookup for Splunk to read a file and tell me if I'm collecting the logs to the host of that file. What I need: Check if I'm getting logs from hosts that are in a csv. I am...
View Article