Why am I unable to convert my addcoltotals value of MB to TB using eval?
Hello Splunk Ninjas I'm trying to convert my addcoltotals of MB to TB using the eval statement which does not work.... index=myindex sourcetype=mysourcetype | table Cluster, Capacity_MB | addcoltotals...
View ArticleSplunk Add-on for Check Point OPSEC LEA: We ingest 60GB/day of logs, but why...
Hello All, I have a question about Splunk's App for Checkpoint OPSEC LEA from our firewall administrator. We currently ingest about 60GB/day of CP logs, but the admin only sees about 15GB/day of logs...
View ArticleCan we get access to the L.map object to implement our own features?
I was wondering if I as a dashboard user could access the leaflet `map` object which was created by the visualization in my own javascript code somehow. My intention is to add some lines and other...
View ArticleHow do I add a secondary web interface listener?
I want to add a secondary web interface listener, i.e., something outside of port 8000. The ultimate goal is to then add SSL to this secondary listener and update various internal documentation to...
View ArticleWhy am I getting "⚠ cannot concatenate 'str' and 'NoneType' objects" for...
Every sample log file that I attempt to import as my data source returns the exception: ⚠ cannot concatenate 'str' and 'NoneType' objects Even the sample log files from Buttercup Games.
View ArticleHow do I add an API as a data source?
I would like to add an API as a new data source in Splunk. I did a search in Documentation, but all I was able to find was information on the Splunk API. What am I missing?
View ArticleWhy is my automatic lookup not populating a field?
Hi, Usually lookups aren't an issue, but today seems it is. I'm hoping this is just a pebcak ;) This is the first time I'm attempting to run a lookup on eval fields rather than search-time extractions....
View ArticleHow to pass all selected choices from one multiselect to a drilldown...
I have two dashboards that are linked by a drilldown and that have the same multiselect input. I'm trying to find a way to pass a token with all the selected choices from the first multiselect to the...
View ArticleHow to index email values without special characters?
Hello to the community! I have an email field with values following this pattern: `` Is there any way to remove the special characters `<` and `>` and index the value as example@example.com? Thanks!
View ArticleDoes the Splunk App for Salesforce work for Splunk Enterprise on prem?
We do not have Splunk Cloud. We are on Prem only. Does this app work for that? Is there any documentation?
View ArticleAMQP Messaging Modular Input: How do we configure a RabbitMQ server with a...
We are testing out an implementation of Splunk. We are trying to have our logs flow from an internally hosted server to a RabbitMQ server to Splunk. i.e. Universal Forwarder > RabbitMQ > Splunk...
View ArticleHow to change values in a column based on a value in a different column in...
Hi, I have a requirement: My table data shows like this: ACCNO STATUS TYPE CODE 123 A GOL TECH 456 A SIL TECH 199 A GRR TECH 789 A GOL TECH 143 A 0 TECH 543 A 0 TECH Expected output: ACCNO STATUS TYPE...
View ArticleWhy am I getting "Error in 'disabler' command: The external search command...
I have an app for a custom command called disabler and I am trying to call the command by: ... | disabler | ... But I keep getting the error message: Error in 'disabler' command: The external search...
View Articlewhy is predict command adding text "prediction" in front of lower95 and...
Hi, We are using Linux Auditd App to monitor and track all Audit events. One of the panels for "Anomalous Event Volume" works correctly on the Indexer(Currently on older version of 6.3.2) but shows...
View ArticleSwitching from CXP to JSON logging format, how do we change our Splunk...
Would like to switch CXP to JSON format logging and want to make sure our Splunk servers support that. If yes, how to change the format?
View ArticleIs event sampling possible using the REST API?
The documentation describes how to set the sampling ratio in the Search app and dashboards, but not when using the REST API. Is sampling possible using the REST API?
View ArticleHow to send different inputs to different indexers?
We are doing some integration with a outside service provider that already has a Splunk Universal Forwarder deployed on a server that they have dedicated to us. It is collecting some information, and...
View ArticleHow to troubleshoot error "Search process did not exit cleanly, exit_code=-1,...
I'm getting the following error. How do I troubleshoot? Search process did not exit cleanly, exit_code=-1, description="exited with code -1". Please look in search.log for this peer in the Job...
View ArticleHas anyone successfully called a method in F5 that requires more than one...
I need to get all pool member monitor status into splunk. The F5 API has the `LocalLB::Pool::get_member_monitor_status` method which looks perfect, but it doesn't appear that the templating language...
View ArticleIs there a way I can see what data is being indexed on a specific port?
Hello, In the last year, I became the manager of a Splunk system with 0 documentation. All logs were being thrown into index=main, and the only information I can find is in inputs.conf, which is not...
View Article