setup.xml password field requires confirmation even when the password is not...
I have a password field in setup.xml which provides a second confirmation field. However, the confirmation is requested also if the password field has not been touched. This means I always have to...
View ArticleHow guarantee CUCM CDR Timestamps parsing in my timezone ???
Hello, ¿¿How can I guarantee that Splunk parse the CUCM CDR Timestamps in my timezone (UTC -5) ??? (As CUCM CDR raw timestamps come in UTC) Regards.
View ArticleDrill down problem: how to pass the row.content to another view name
Hi , I meet difficulty in handling drilldown link, the content of table from the first simple xml view are as following Count sourcetype *34 bbb 56 ccc* now I want to creat drilldown link to open...
View ArticleIndex native_stdout.log with no dates but only time-stamps
Trying to index a native_stdout.log that has no dates in the first line and only has time-stamps. 07:26:49,602 INFO [ServerImpl] 07:26:49,602 INFO [ServerImpl] 07:26:49,602 INFO [ServerImpl]...
View ArticleCan a lookup be used for renaming a field name?
Trying to figure out if can rename field names using lookup and CSV file. Something like this: index=main d_name="\*" | dedup d_name | table _time d_name plat d_man d_mod user | rename d_name TO...
View ArticleHow to extract a text from a field
Hi All I have a field which has urls in this pattern GET /echo/index?page=content&id=PRO19579&viewlocale=es_ES HTTP/1.1 GET...
View ArticleHow does Splunk reconstruct events when using forceTimebasedAutoLB?
According to this blog post: http://blogs.splunk.com/2014/03/18/time-based-load-balancing/> Using this setting Splunk can break> the data stream and reconstruct the> event properly on the...
View ArticleHow do you average multiple stats values at one time stamp as a timechart?
I have multiple values connected to a timestamp at 5 minute intervals and I want to get the average of these multiple values at each interval and graph them as a timechart. For example:...
View ArticleGeostats returning the same lat lon for all events
Greetings, Prior to getting a stream of this data next week, I am preparing with some CSV lookups. I have two files right now, the sample data from an access point and a lookup of the AP's name and the...
View ArticleHow to filter search results by most recent timestamp by host
I want to create a search that will look over the last 30 days of vulnerability events and only retain those events that are from the most recent scan of a host. I can think of a few ways to do that,...
View ArticleChange displayed value on Single Value chart
Kind of a weird question but I have a Single Value panel that currently displays the (Search Area value "CCS") I still want it to display CCS but I want it to say EMAIL. So visually I want the words...
View Articleprops.conf time format configuration
Hi , We need to add YYYY to my events through configuration files, how can we achieve this. can some please give example of doing this.My sample logs looks like below Here below, as logs doesn't have...
View ArticleMost common and most expensive searches run by users
I need to find out what are the most common searches are run by users on daily basis. Also what are the most expensive searches, I mean which searches are taking the most amount of time to complete....
View ArticleSplunk is not extracting the correct host name from the secure file
We are forwarding the messages and secure file to our Splunk server via rsyslog. The files for each server are placed in a separate directory (/var/log/remote/year/month/day/server_name/messages and...
View ArticleExtracting from log file
I have the following custom log file 2016-07-15_05:58:57.5857-est label="adbcf" lastmodifiedtime="2016-07-15_05:58:57.5857-est" filename="13948.xml" directory="d:\temp" operation="deleted"...
View Articleuft-8 for email subject
i try recover email subject in splunk when receive log from cisco ironport. Ex: =?utf-8?B?Rlc6IEzDoG0gcsO1IGRvYW5oIHRodSBow6BuZyBow7NhIHbDoCBkb2FuaCB0?=\r\n...
View ArticlePerforming an Splunk LDAP search from a field in an existing csv file
Here is what I'm trying to accomplish. I have an csv file that I generated with an existing search that looks like this IP,cn,Region,City,Country "0.0.0.0",johndoe,somestate,"somecity","United States"...
View ArticleExport Dashboards to PDF with Sideview Utils
Hello, I am absolutely loving Sideview! However, and i am shocked i can't find anyone else looking to do this, I can't find a way to even print a page to PDF and have it save? FlashCharts don't even...
View ArticleRetaining Colors in PDF report
Hi, We have a dashboard with couple of charts. The dashboard is developed using simple XML. We have set colors for these charts. The colors are not retained as-is in the rendered PDF reports. I know...
View ArticleReport for number of incidents closed per day
Hi Eveyrone, How can I generate a report showing me number of incidents closed per day.
View Article