Browser hangs on the visualization
Hi, Great job on this add-on, it is really great! I've noticed when you use this visualization, especially when you copy a search, or open search from a dashboard that uses the add-on. The clustering...
View ArticleSplunk Field Extraction
If I have log files with multiple logs in them of different formats, and I only want to receive one instance of the Login_ID, though it occurs multiple times in the file in different logs, therefore...
View ArticleSystemd unit with pid tracking for Splunk
With a simple systemd unit file you can tell systemd how to start and stop a Splunk instance, but if the Splunk instance is restarted outside of the systemd process (due to a cluster bundle push or a...
View ArticleHello! I'm trying to perform some simple arithmetic on 3 separate search...
For Example: Suppose you have 3 numbers from search results 1,000 2,000 and 3,000. I want to be able to display 3,000-2,000. In a new panel with a new label. I was thinking perhaps append? But I am...
View ArticleHow to add multiple scripts in a form/dashboard?
How can I add multiple scripts to a form? When I use the following line of code, the following error occurs:> Attribute script redefined
View ArticleIssues with the configuration of an indexer's cluster
Hi Splunkers, I face some difficulties installing an indexer's cluster composed of 2 indexers with a master node. I have the the exact same configuration for both indexers ( x.x.x.77) and (x.x.x.78)...
View ArticleCustom app banner logo css bug fix for IE.
As the splunk bug fix url doesn't work anymore I might aswell post here. Bug manifests as a logo banner that is stretched across the width of the naviation bar. This only occurs in internet explorer....
View ArticleHow to merge two apps in deployment server
I am looking for some help in managing apps using deployment server. Here is the case. I have two different apps, sending two different logs from same set of servers. The index and sourcetype are the...
View Articlewhat is the best way to change sourcetype for Linux Audit Events coming from...
Hi, We have Linux Audit log data coming in Via OSSEC into Splunk. For this data, source is set to "/var/ossec/logs/alerts/alerts.log" and sourcetype is "ossec_alerts". We are unable to see this data in...
View ArticleDo we need to create index(custom) on each and every cluster node??
Hello, i am new to splunk. i am trying to deploy indexer cluster (single-site) as the diagram in the docs suggest that we need to connect every forwarder to each and every single peer in the cluster....
View ArticleNotable Event Chart Overlay
I'm trying to do a chart with a timeline as to when notable events come into our environment. A simple search with a time picker works well: `notable` | timechart count span=1h This gives us a column...
View ArticleAPP Alert Manager
I'm trying to install the app "Alert Manager". However, the in installation setup appears this error. "Default index "alerts" doesn't exists. Did you install and configure **TA-alert_manager**...
View Articlesplunkd.exe takes ages to restart
hi, we have numerous servers that have the splunk forwarder installed. the service splunkd takes over 5 mins to restart. the service stops but when the restart occurs it takes over min. if we monitor...
View ArticleSetup DMC - Forward Data or not
Hi all, I am not sure if I understood how to setup the DMC correctly. So I have two independent indexers, two searchheads and a bunch or heavy forwarders - I'd like to monitor them all with the DMC....
View ArticleWhy am I getting different GUI pages from the same URL?
I have two search heads (prod and QA). On https://*prod*/en-US/manager/search/datainputstats I get the desired DataInputs page. However, on https://*QA*/en-US/manager/search/datainputstats I get a...
View ArticleMaximum disk usage quota has been reached
Hi, I am having a problem with the disk usage quota. Actually, I have this error message whenever I try to make a search. The thing is that I deleted everything in the job manager and even nothing...
View ArticleMaximum disk usage quota
Hi, I am having a problem with the disk usage quota. Actually, I have this error message whenever I try to make a search. The thing is that I deleted everything in the job manager and even nothing...
View ArticleHeat map, Color in a table based on values
How to change the color of the cell by checking the results, below an value to change to red and above the value to blue ![alt text][1] [1]: /storage/temp/135181-color.png Similar to this image......
View ArticleHow to search the percentage of values in a field?
I'm trying build a bar chart from an asset list that shows by bunit what percentage of a field called **last** has a value in it. I used `isnotnull` to create a field with yes/no values, but I'm not...
View ArticleHow to join my two searches to monitor a combination of two status fields for...
Hi Splunkers, We are looking to join 2 searches in getting a single point result. Currently we have a search which gives UP and Down status. When a server is UP, it turns to green, and if down, it...
View Article