Can you help me with my Splunk Universal Forwarder starting problem?
Hello. I am troubleshooting a universal forwarder installed on a Windows system. I noticed that the SplunkForwarder service only starts if the "Log On As" user for the service has administrator rights...
View Articletime range picker broken in French Version of Splunk?!
Hi, I was contacted by one of our customers who said that our dashboards have translations errors... Since that happens all the time. But with this one I got quite confused, because it concerns a...
View ArticleUse CSV file as an exemption to the main search
I have a main query which shows the destination IP of the computer and there are some destination IPs that I need to exempt, and there are many IP address that I need to exempt, How can I put the CSV...
View ArticleField extraction weirdness
Hi, I have a field extraction situaton that I've never come across before, and hoping someone can help me. We have a number of fields setup to do search-time extractions and transformations. One of the...
View ArticleDB Connect Temporal Lookup - does it exist?
Hi. I am trying to figure out how to put together a time based lookup based using the DBX conduit, connected to a radius session table. Radius table has start/stop times and IP. Original event table...
View ArticleJoin time from a CSV file, and an index summary
How do I join the time field with a different field name from a CSV lookup file, with the time field specified in an index summary?
View ArticleDo we need to install this add-on on indexers?
Please let me know if we need to install this add-on on our indexers? I have already installed same on Heavy forwarders and search head
View ArticleCan you help me with my field extraction weirdness?
Hi, I have a field extraction situaton that I've never come across before, and hoping someone can help me. We have a number of fields setup to do search-time extractions and transformations. One of the...
View ArticleCan you help me configure my props.conf to parse out incoming XML files?
I have the following coming in via an XML file. Most of the attributes parse just fine using the default parser, but I cannot figure out what i need to put into a props.conf file to parse out all of...
View ArticleData Storage on Laptop
Hello - earlier I asked if I would be sharing data with Splunk, which would take me out of compliance with my company's data storage & use policy. My question was answered with the response that if...
View ArticleSplunk table with nested JSON - print parent item with each child item
I'm a newbie and I know this should be super easy, but I can't create a table with separate rows (events) for each combination of project name + task. Given the JSON below, I'm trying to create a table...
View ArticleHow do I combine multiple rex commands into a single one?
Hello, I am working with some unstructured data so I'm using the `rex` command to get some fields out of it. I need three fields in total, and I have managed to extract them with three distinct `rex`...
View ArticleReturn message based on what is NOT showing in Subsearch
I have a subsearch returning all files imported per client as the value "Client_File". It's value will look like ABC_File1. Based on what is returned in this first search, I have second part of the...
View ArticleCan I return the host IP address in WinEventLog metadata search?
I'm trying to use a metadata search to quickly return the hosts that are currently sending logs to Splunk to determine if we are missing any logs. Here is the current search: | metadata type=hosts...
View ArticleHow do I change the panel title font size in XML instead of CSS?
Hello, I would like to change the dashboard panel title font size using XML, not CSS. I found the following in one of the posts: .dashboard-row .dashboard-panel h2.panel-title { font-size: 20px...
View ArticleCan you help me with my issue involving embedding a dashboard?
Hi, I have multiple dashboards, A, B and C. Is it possible to have a summary dashboard that has a drop down or three radio buttons, so that whenever a user clicks/selects dashboard A, dashboard A...
View Articlemaintenance mode while decommissioning a peer
Hi, I want to decommission a peer and remove it from the cluster. Should keep the cluster in maintenance mode and run the following command `splunk offline --enforce-counts` Or, Just run the above...
View ArticleSplunk Enterprise pricing clarification
The calculator for Splunk Enterprise is worded in a confusing way. The price is only shown as GB/day and there is talk of paying at the time of ingestion. This implies that the exact usage determines...
View ArticleMicrosoft Office 365 Reporting Add-on for Splunk - HTTP Request Error Not...
Hi all, I'm trying to setup this Add-on but appear to be having issues, I've configured an Office 365 with the following permissions (View-Only Recipients) but I'm receiving the following error:...
View ArticleSorting the data values in a stacked timechart
How do I order the horizontal slices in a stacked timechart by value? The working search string looks like this: timechart count by author.name limit=0 The data is coming from git commit records. Each...
View Article