How do you delete a private dashboard?
How do you delete a dashboard which is in private since the user left the company? let me the process please.
View ArticleHow do you assign a value to a field if it is missing the event?
I have the sample data which has all the fields like below [11/07/2018 09:59:00] CAUAJM_I_40245 EVENT: ALARM ALARM: JOBFAILURE JOB: HYGIEIA_EC2_LOAD_ROOT **MACHINE: hexx.com** EXITCODE: 110 The below...
View Articlesparkline not show trends
I have the following query, however, the sparkline didn't show the trend instead one single value everything else is a straight line. what did I miss sourcetype=metrics name=http*://* rename...
View ArticleHow do you convert a month number to a month string?
Some timestamps use month numbers like "11" rather than strings like "Nov". I'm using this eval to make the conversion: | eval...
View ArticleHelp with Query for alert
Hello experts, I am new to splunk. I have a file with below values .I have Indexed time as well. I need to write a query to alert if any id has text=started and consequent 2 other texts ( it can be...
View ArticleSearch Results for User Incorrect Password
Hello, I have a user that occasionally experiences lack of connectivity over VPN into one of my servers. He can connect most of the time, but there are instances where he's unable to remote in with...
View Articlesearch requires stitching together two distinct events from a single sourcetype
i require some assistance in my search query where i need to search a mail log to extract the highest recipients by message size based upon a unique common id. as i am able to search events by the...
View ArticleHow to avoid data loss on HF on restart
I have service now add on, db connect in Heavy Forwarder. So i cant use multiple instances of HF to avoid data duplication and licensing. My both apps Service Now and DB connect are in real time sync,...
View ArticleHow to extract multiple fields and values
I have raw information as follows: Two times Kaspersky output within one 'section' ------------------------------------------------------------ snip of one section...
View Article"transaction" command returns different results by search...
My environment : splunk stand-alone ver7.1.4 *I found same phenomenon in ver7.1.3 I executed search below by using two `lookup tables`.(*I attached them to this page.) | inputlookup test_lookup_2.csv |...
View ArticleERROR ExecProcessor
Hi there, I can see this issue in Splunk that looks like this: ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/SA-Utils/bin/app_imports_update.py" No handlers could be found for logger...
View ArticleDate Values as Column Names
Hello , I am writing one query in Splunk to retrieve the events from json log file. I am getting one value of table as mentioned in image capture.png. But I want to take date values as column name....
View ArticleHow to implement future proof customization for Splunk elements using CSS and...
Hello. I am developing an app for Splunk and I am facing an issue that possibly many of you are facing too, the changes in the classes and DOM of Splunk elements such as dropdown boxes, for example,...
View Articlenot able to modify the alert. Getting "server Error" while updating
I am not able to modify the error whenever I click on save to save changes it shows server error. Please suggest
View ArticleAdding a row to a table containing text and eval value
I am creating a table that tallies each type of request per day. Table is as follows. Day | Assigned | Resolved | Open Jan 1 | 13 | 2 | 12 Jan 2 | 6 | 2 | 12 My code: bin _time span=day | stats...
View ArticleHow do i configure splunk cold data path for separate indexers(peers) in a...
I currently have 4 indexers. I have a new mount drive i am trying to send splunk cold data to. [volume:cold] coldpath = /mnt/splunk_cold Please can anyone explain how i can set this stanza in the...
View Articlesearch for all fields which have some some string in field
Hello How can I get only results for specific fields where field name is like something ? fx. get all fields which have "status" in their field name. I tried this but It doesnt work: sta* I want also...
View ArticleDifferent searches based on the inputfield value
Hello everybody In my dashboard i have two input fields **Primary_field =\* Secondary field=\*** my current search looks like *index=* ip=$primary_filed_value$* I want extend it wirth the secondary...
View ArticleHow to prevent indexing duplicatd events
How to prevent indexing duplicate events forwarded from different forwarders, the monitored log files is are recording the same events but in different servers. The requirement is due to maintain the...
View Articlesort command seems to change statistics count
My problem is that I cannot understand why I get different statistics number depending of where do I place dedup command, before or after sort command. 1. query: host="web_application" status=200...
View Article
