GroupBy multiple fields within single result
I have a splunk query which results in the output as: INFO :url="some_url": APIFilter.onComplete@87 :...
View ArticleList of searches run in the X period and by who ?
Hi, Is there a way to search for what searches have been run over a period of time and by who - preferrably listing the search run also. gratzi
View ArticleNo results DBX
I like to use DATABASES. I connected DBX and made a connection. With the query: | dbxquery query="SELECT * FROM \"XXX\".\"XX\".\"X\"" I can find my results, but in the search I like to use it with...
View ArticleCan we filter events coming from specific splunk_server?
The search head we use searches events from test and prod indexer. In prod, we only need to capture the one from prod indexer. Can we filter events coming from specific splunk_server? or how to point a...
View ArticleChart Drill Down changes Date time range
I have dashboard with chart inside it. The query of the chart is: **base_search | eval _time = time| bucket _time span=24h | chart count over _time by app_risk| fields _time,Critical,High,Medium,Low**...
View ArticleField alias's don't work for CIM data
I am trying to map incoming events to CIM fields using alias's. I followed the documentation here, https://docs.splunk.com/Documentation/Splunk/7.1.3/Knowledge/Addaliasestofields, but it didn't work...
View ArticleConditional Streamstats
Hi splunkers, Suppose I have the following table: Date ItemsPurchased UnitPrice 1/1/1111 20 0.5 2/1/1111 10 1 3/1/1111 -7 0 4/1/1111 8 0.2 Which is basically a representation of my stock, where the -7...
View Articletab delimited file not getting split in the indexer
Hi I am new to splunk Am trying to split Tab delimited file in the indexer . Below are the entries of the different config files . In spite of these the data that gets ingested in splunk is not split...
View ArticleChange sourcetype via field extraction and transforms
Hi there, One of UF is configured to send logs to sourcetype testData. I'd like to push some of those logs matching a certain pattern (all logs matching the "[A][B]" pattern) to sourcetype testData_B....
View ArticleJoin two stats searches and run stats/group on the result
I'd like to join two searches and run some stats to group the combined result to see how many users change/update browsers how often. In my IIS logs I have one search that gives me a user agent string...
View Articlecan any one help me on shell script which check the user of splunk process.if...
can any one help me on shell script which check the user of splunk process.if it is not running with splunk user we should get a email alert.our splunk is running on linux platform
View ArticleSplunk DB Connect: ERROR org.easybatch.core.job.BatchJob - Unable to write...
Hi All, We observed ConnectTimeOutException failures for some of our DB Connect Inputs. Can someone advise what may cause this error and how to resolve it? [QuartzScheduler_Worker-32] ERROR...
View ArticleIncreasing indexer disk space
Hello, I'm running my Splunk cluster on cloud, and I'm running out of disk space. I'm planning on increasing the available disk space but I'm wondering if there might be any side effects on doing this...
View Articlejoining 2 tables but showing whats not in table 1?
this successfully shows a combined table with users that are in Table1 and Table2, however I want to show all users in table1 that are NOT in table 2? How can i do that? | inputlookup table1.csv | join...
View ArticleOutput stops all outputs routing when 3rd party server goes down.
Hi, I am getting a weird issue, if the syslog server fails it stops all data being indexed by the default TCP out, then splunk fills its buckets and falls over. Am I missing something to set it to...
View ArticleSplunk Architecture : Between AWS Accounts & VPC's : Multi-site or single...
We are deploying hosting to various organisations in our "company". Each organisation in our company may consist of numerous apps (100+ and 5,000+ employees), our intention is to provide these...
View ArticleChart Drill Down changes Date time range
I have dashboard with chart inside it. The query of the chart is: **base_search | eval _time = time| bucket _time span=24h | chart count over _time by app_risk| fields _time,Critical,High,Medium,Low**...
View ArticleUpgrade Splunk Universal Forwarder from 6.2 to 7.2
Hello, is it possible to Upgrade the Universal Forwarder in one Step from 6.2 to 7.1 or is a intermediate step (Upgrade to 6.5) required? Splunk Enterprise: 7.0.1 Yes or No(with workaround) should be...
View Articletstats count field pairs
Hello everybody i want to count how often does a specific pair of src-dest appear smth like src, dest, count 10.10.10.10 11.11.11.11 3 10.10.10.10 11.11.11.12 1 10.10.10.10 11.11.11.13 12 i use...
View ArticleHow do I get the next to the last value(or field) of a record??
I have data that looks like this; When I perform my search the data returned by splunk looks like this on the dashboard; date="date" username="username filename="filename" 1000 bytes You can see the...
View Article