How do you search by specific alert type?
Hey, I was looking run a historical search for a specific alert over a period of time. What search can I run in order to search by alert type?
View ArticleHow to hide the dropdown input panel ?
Hi , I've an input panel with the drop down. A token is set in the input panel. How to hide the drop down input panel (I just need to hide the input panel always)? Thanks.
View ArticleDashboards - - Common subsearch query
Question on common subsearch query on dashboard - I have 6 panels on my dashboard and all the panels use same subsearch query to get list of hosts. Is there a way to execute this query only once and...
View ArticleDB Connect V2 Execution Frequency
Splunk DB Connect V2 Execution frequency In the splunk DB connect V2, there is an option during DB Input called Execution Frequency. I always had 120 seconds as the Execution frequency. I didnt have...
View Articledata model produces different counts than original query?
If I run this query for last week, I get some counts: sourcetype="WinEventLog:Security" (EventCode=4728 OR EventCode=632) host="*dcp*" | stats count I get 926. if I use that as the constraint for a...
View ArticleUnable to make a dashboard from "Search" App global
New to Splunk. Created a custom dashboard using Search App, but it is private. When I am trying to make it Global, I am getting the following error: In handler 'views': Could not find writer for:...
View ArticleHow to incrementally subtract values to calculate duration
Hi all, I'm running a search which outputs something like this, ( where time_diff is the date the code was loaded, subtracted from the date the search is ran in days)- Machine_Serial Bundle time_diff...
View ArticleHow to exclude certain fields from search results?
I would like to exclude certain fields from search results and keep the rest of the information (not discarding the event), so Splunk can send it to an email later on. For example. Let's say I have the...
View ArticleSplunk Data ingestion duplication
Seems Splunk is ingesting same data after few minutes and creating duplicate events. No problem with the log files ingestions, however data coming in from DB connect V2 is being ingested again and...
View ArticleHow to check if all apps listed in server class exists in deployment apps...
I want to perform a check on the deployment server before reloading any apps: - integrate through all stanzas and identify if it contains app: - take the app name and then dedupe for any reoccurrence -...
View Articletimeline custom visualization - Increase the width of labels in left...
I am generating a timeline custom visualization. The panel left does not fit all the characters present in resource field. How can i increase the width of the panel?
View ArticleCloudTrail S3 Bucket Data Not Loading For Multiple Accounts
I'm having trouble pulling in my CloudTrail log files in an S3 bucket that's being populated by multiple accounts. I've got the AWS account and IAM user set up and working which I know because I can at...
View ArticleHow do I force a universal forwarder to reindex
All, Is there a way to make a UF reindex all it's inputs? thanks -Daniel
View ArticleAdding Multiple Orgs to the Splunk Okta Add-On
According to the documentation it's possible to add multiple orgs to the Splunk Add-On. However, there is no supporting documentation as to how this is actually implemented: **Q: Can I associate...
View ArticleWhy will running rex against the _raw field impact performance?
While reading the rex article in Splunk docs, I came to know that "_raw" will somehow impact the performance, but there is no precise explanation on why "_raw" will affect the performance and in what...
View ArticleHow do I group Kepware Torque tool data by VIN'job' number?
Not sure how to accomplish this and need some advice from the experts here. I am working with data from a torque tool being fed into a kepware system and then into Splunk. What happens first is I...
View ArticleHow do i set a retention period for any index...?
I am bit confused on setting up a retention period for an Index in splunk....If i need a retention period of 60 days setting a frozenTimePeriodInSecs = 5184000 will work, if i go with the settings...
View ArticleWhat is the best way to recreate and deploy an app with a custom navigation...
We currently have a standalone search head (5.0.7) with customization to the nav bar ( etc/apps/search/local/data/ui/nav/default.xml ) to help users quickly access searches and dashboards. We are...
View ArticleWhat do the results look like when calling Intersplunk and reading from a table?
I am trying to grab the results from the different categories on my table and place them in values in my Python program I will be turning into an app. In order to do this, I was wondering what the...
View ArticleHow to execute macro as search using PHP SDK?
I am able to execute regular searches and saved searches just fine, but I cannot seem to figure out how to execute macros as a search with the PHP SDK? I have the macro built in splunk, I am using the...
View Article