[Inquiry]: Retrieving search results with schedule timings
Hi everyone, Good day! I would like to ask about my search query below. index="myIndex" source IN(*MyLogs*) host=server* | append [search "Missing process" | eval myTime = _time | eval...
View ArticleIndexer Capacity Planning - linking indexing and search performance: how does...
I'm attempting to plan an upgrade of our Splunk instance from an ancient 6.4.1 to a brand new 7.2 instance and as part of that I'm trying to work out what sort of capacity I need... So this seems like...
View Articleeval static values of an input
i have a input where i choose some values, based on which i want another input value to be calculated. can i do an eval on an input ( static/dynamic)
View Articleregex to extract part of the variable
Hello, I need help with regex. I have the following string under the Tracefile variable in my search:...
View Articlecan you help me on regex please
hi I want to add a rex field in my search index=windows sourcetype="wineventlog:system" SourceName="Disk" count="$process$" | dedup _time | table _time host Type EventCode There is 2 conditions for my...
View Articlepopulating search unable to select summary index
In the [documentation about using summary indexes][1] it says at step 8:> Select a summary index. The default> summary index is named summary. The> list only displays indexes to which> you...
View ArticleSSL Certificate verify failed on Splunk Add-on for Microsoft Office 365
Hi all, I have a problem with add-on for Microsoft Office 365 about "Add Tenant". Every steps inside the documentation is done but when I want add a Tenant, Splunk give me the following error: [SSL:...
View ArticleHow to get latest time entry from datetime field value.
I have One field value as datetime field and I want the data of only latest time. how can I write Query. My current search is index="ad_dns_new" sourcetype="resolve_json"|eval...
View ArticleDefault Values to a column for update this value in a popup
Guys i have a table with 3 columns, events name, events count, and the last column is a comments column, that i need to that be populated with "No comments" by default, and when i click on it i can set...
View ArticleHow do i display siteminder process splunk dashboard as up and down.
The siteminder process is not logged in log. I need something similar to CA APM. With graph has up and down based on timestamp and hosts.
View ArticleHow can I fill different values according to different conditions ?
Hi ,It's my spl: index="last_f" | stats count by level,sys_name _time | eval rate=case( level== "critical", 0.5, level== "high", 0.3, level== "medium", 0.2, level== "low", 0) | eval score=count*rate |...
View Articlemongod kvstore error
Hi All I have recently taken over the admin of our splunk server, I upgraded to 7.2.0 and its been running fine for a while, yesterday we started getting errors: Failed to start KV Store process. See...
View Articleregex for the multiple format events
1. 2018-09-28 14:33:23,**Virus** found,IP Address: 127.0.0.1,csk name: abcd01 2. 2018-09-25T09:07:02.240377+00:00 0.0.0.0 Sep 25 16:57:46 host01 Server: **Virus** found,IP Address: 127.0.0.1,csk name:...
View ArticleField extraction - Header and multiple rows
I've got wmic logfiles which look like this: Name Vendor Version Java 8 Update 172 (64-bit) Oracle Corporation 8.0.1720.11 Java 8 Update 181 Oracle Corporation 8.0.1810.15 Java Auto Updater Oracle...
View ArticleI want to add ICONS to the table in splunk dashboard.
I refered the example of Table Icon Set (Inline). But I do not have count function in my Query.I am attaching my query below. index="ad_dns_new" sourcetype="resolve_json"|eval...
View ArticleIs there a way to set the trellis chart color?
Hello, I have a dashboard with the trellis displaying the numbers in the column chart (KPIs by host). The question is quite easy I guess but I found no way to configure it from the GUI: - how would I...
View ArticleHome Monitor no longer available on splunk app search?
Why is the Home Monitor not an available app when doing a search on the Splunk server for Apps? It doesn't show up?
View ArticleConvert Total Values as Percentage
I have a query which shows table as below ![alt text][1] [1]: /storage/temp/256613-capture.png I want to get the percentage in the Total column instead of decimal numbers. How can i do that ? and for...
View Articlewhich Splunk add-on can help me to pull differente applications logs that...
HI, I'm currently have 2 applications I would like to collect logs and metrics from, to do that I'm using Azure application insight, so all logs and metrics about my applications are streamed to there....
View ArticleValue Extraction
I want to say there's a "simple" way to sets of data from XML. For example: in the XML below, i would want two records/events.. such as. identity_id transaction_code sname 3017669 SEL BARC 1037669 SEL...
View Article