How do I change the panel title font size using XML instead of CSS?
Hello, I would like to change the dashboard panel title font size using XML, not CSS. I found the following in one of the posts: .dashboard-row .dashboard-panel h2.panel-title { font-size: 20px...
View ArticleHow do you update the checksum for a changed system file in the...
http://docs.splunk.com/Documentation/Splunk/7.2.1/SearchReference/Iplocation describes how to obtain updated IP location data. I have set a up a process to update /opt/splunk/share/GeoLite2-City.mmdb...
View Articlewill this app work with HyperV 2016 and with Splunk 7.2?
I am trying to use this app for data collection for Hyper-V 2016 Deployments. i have following queries. 1.) will this work with Hyper-V? 2.) will this work with Splunk Enterprise 7.2? 3.) is there any...
View ArticleUnable to get logs from Azure Storage blob in Splunk?
I have install the Splunk add on for Azure and also configure the storage account. After that I have Configured the input as blob by specify the interval for pulling data from Blob storage. But still...
View ArticleHow to remove characters in a field value?.
I have below entries from my logs and I want to remove ' from the beginning and end of the field value. valid_from='May 25 13:46:01 2017 GMT ',valid_to='May 25 13:46:01 2019 GMT' Also how to get the...
View ArticleCreate data table conditinally
My logs are below content : Export of US successfully transferred to FR Import successfully ended on US from export of FR with exit code 0 Export successfully ended on SP with exit code 0 means that *...
View ArticleHow do I set choice value if I need fields where value is greater than zero?
I tried below:Call DurationNon-ZeroZeroAllAll sourcetype=callrecords duration="$duration.input$" | table field1, field2, field3 I cannot get this working when I choose "Non-Zero." Thanks a lot.
View ArticleTurn on Monitoring Console Distributed Mode via CLI or REST
I'm trying to automate the build of my Monitoring Console instance. In the documentation http://docs.splunk.com/Documentation/Splunk/7.2.1/DMC/Deploymentsetupsteps it says that I should: 1. first add...
View Articlesplunkd is crashing and I am getting the error message in the crash file
Starting splunk server daemon (splunkd)... Done [ OK ] Waiting for web server at https://127.0.0.1:8000 to be available.splunkd 8595 was not running. Stopping splunk helpers... [ OK ] Done. Stopped...
View ArticleCount of zero and non zero values in a table?
I have a search which generates a table as below. The column value is epoch time. IP 1542682800 1542684600 1542686400 1542688200 1542690000 1542691800 1542693600 10.7.13.1 0 0 0 59 84 51 0 10.7.13.2 0...
View ArticleHow is colorPalette 'sharedList' defined?
I'm using a dashboard which includes a table, where certain fields are being highlighted. The color format is defined with this SimpleXML: Is there someplace this is defined, so I could clone &...
View Articlewhy does sendalert command takes longer time to execute script but takes less...
the python script takes less time to execute in add-on builder but takes longer time from splunk search. could someone tell me why ?
View ArticleSplit new line in logs to multivalue during ingestion
I have a custom log with the following preview: `Message="An account was successfully logged on." Security_ID="NT AUTHORITY\SYSTEM\nNT AUTHORITY\SYSTEM" Account_Domain="xxxxx\nNT AUTHORITY"...
View ArticleWhy is Splunk sending logs splitted?
I am trying to send logs from Splunk Enterprise Instance to external server(Syslog, ELK vb.) But Splunk is sending logs splitted. For example computer name in one log and eventcode in another. What is...
View ArticleShould splunk admin role limited to internal indexes?
Hello, due to GDPR, should splunk administrator user / role be limited to access all indexes? How to check if data is therefore correctly indexed using internal indexes (Splunk 7.1.4)? Thanks in advance.
View ArticleCompare last two recent events
Hey, i have different devices, which are sending temperature data to my splunk instance. For alarming I want to compare the temperature data of last two measurements that were send. Ideally I want to...
View ArticleFilter consumed event types and/or collect start date?
Hi, Is it possible to configure this app to only collect logs from a particular start date as opposed to all historical logs? Additionally, is there any way to specify which event types I want to...
View ArticleConditional execution of query in panel based on value in DropDown Box
Hi could anyone please help. I have two drop down boxes that executes two queries based on the two values chosen in two drop down boxes. $service_family_tok$ and $enter_feature_tok These values are...
View Articleparallel reduce search processing - How do i know it is working? Do i have to...
Hi I have configured the below http://docs.splunk.com/Documentation/Splunk/7.2.1/DistSearch/Parallelreduceoverview Am i right to say i have to use the command Redistribute in my search to use this or...
View ArticleHealth Status : The percentage of small of buckets created (75) over the last...
I have been getting the following type message for the _internal and other indexes: The percentage of small of buckets created (75) over the last hour is very high and exceeded the red thresholds (50)...
View Article