Splunk 6.x Dashboard Examples: How to edit my JavaScript to color results of...
I'm trying to paint the results of a table that are greater than 1. I already downloaded the app "Splunk 6.x Dashboard Examples", the example of the app works, but when I try to change to my table,...
View ArticleHow do I edit my "rex mode=sed..." statement to remove square brackets and...
Hi, I need to remove square brackets and content within it from a field in a search. eg: Input: My name is John [Employee] Output: My name is John I tried with the following expression: rex mode=sed...
View ArticleWhy am I unable to add a new member to a search head cluster with constant...
Hi all, I got a running search head cluster on latest Splunk Version 6.4.1. I now need to add an additional member to the Cluster, and processed as described here:...
View ArticleHow to access to Mongo KV Store from Mongo client?
Hi all, I'm using icinga to monitor my servers and I would like to use the mongo plugin to monitor the kv store. The problem is that it is password protected and I cannot query with admin privileges....
View ArticleSetting up a universal forwarder and receiver to forward _internal logs, why...
Hi, I want to forward metrics and splunkd logs with /apps/**SplunkUniversalForwarder** app to my indexer via TCP 9997 port to manage forwarder, but there are some ERRORs. There are problems connecting...
View ArticleIs it possible to configure transforms.conf on a forwarder to add a hostname...
Hi, I want to add hostname or host IP to the head of each row before forwarding. Is it possible with transforms.conf? Can a Splunk forwarder learn and set host info to any token so we can use it conf...
View ArticleIn 6.4.x, why is Splunk not displaying all my saved searches in my drop-downs?
Hello, I've used the view.py hack in a previous version of Splunk to populate my drop-downs with more than 500 results. This appears to no longer work in version 6.4+. Anyone else experience this? Any...
View ArticleDMC not displaying new indexers
When adding a new indexer to my cluster, the DMC doesn't show it in the instances view. I have to go to DMC > settings > General Settings and click on the apply changes button to make it happen....
View ArticleDo i need to point search head to master node or search peers of an indexer...
Hello, I have a indexer cluster setup. i don't want to configure a search head node in a cluster. i want to start a new Splunk Enterprise instance that i want to enable as a search head and search...
View ArticlePassing eval statements with quotes through python sdk command line
The following search works just find in the search bar in splunk: index=stuff earliest=-1d | eval newtime = strptime(datefield, "%b %d %Y %H:%M:%S") | eval checktime = relative_time(now(), "-2d") |...
View ArticleDropdown populated by search - wait for input
I have a dropdown who's search is dependent on another dropdown. As it returns a long list I would like to require the user enter several characters before the dropdown query is run - is this possible...
View ArticleCustom search to Find First Time Account Access
Im looking for a custom built search string for finding first time account usage for Windows accounts. Any suggestions? Thank you
View ArticleHow to quickly update transaction count on dashboard
Hello everyone, We have a dashboard that displays the number of transactions for the day, as a single value panel. The search is very simple and easy as each transaction is a separate event in the log:...
View Articlewhat should an event look like? best practices, etc...
I've been asked to create my best case/wished-for Splunk event and our tech team will create it for me. I think I'm in a bit over my head because I don't know what "best" should look like. These events...
View ArticleIs it possible to set up and use the Splunk Add-on for Unix and Linux without...
Is it possible to setup and use the Splunk Add-on for *Nix, and splunk_TA_Nix, without having to actually install the forwarder on the *Nix servers? Right now, all of them are configured to just...
View ArticleAfter moving DB folders back into Thaweddb, then rebuilt and restarted the...
While I wait for Splunk support to get back to me on my case, I'll pose the problem here. After moving DB folders back into Thaweddb, I completed the needed steps from the 6.3.4 documentation to...
View ArticleDB Connect v2: Which Database Types option should I choose for SQLite dB?
Hi I just installed DB connect v2 app and I'm trying to setup a connection with a SQLite db. I couldn't find the SQLite db option in the *Database Types* menu. Which option should I choose for SQLite?
View ArticleSplunk 6.x Dashboard Examples: How to edit my JavaScript to color results of...
How to change the line color to red when the "Alerta" is zero? ![alt text][1] [1]: /storage/temp/137189-coolor.png My code JS: require([ 'underscore', 'jquery', 'splunkjs/mvc',...
View ArticleSummary Index Backfiller fill_summary_index.py broken? "No scheduled times...
Hi Fellow Splunkers, After having upgraded to 6.4.1 yesterday, I had a go with fill_summary_index.py again, and noticed that am still getting the same error "No scheduled times for your time range",...
View ArticleIs it possible to create a text field where users can type keywords to search...
I'm making a table that reports the error events on servers. I was able to make this work fine, allowing it to show the error string, the host and directory it occurred on, and the time it occurred....
View Article