Reference Time on Dashboard Load (and adjust to time change)
Hi, I was wondering how I can reference the time picker on load for a dashboard and make sure that it's the right format. I am currently using two separate time pickers to reference two time periods...
View ArticleIssue with monitoring files which has Log rotation after certain size
We noticed that, right after a log rotation, the data is not being indexed untill the next log rotation. That is lets say one file was rotated at 8 AM (untill which the data was already indexed). The...
View ArticleWhy Are My Search Results Truncated?
Hello, I'm running into behavior I don't quite understand and was hoping someone might be able to shed some light on it. 1.) I'm running a search as an admin on a default install of 7.2.0 Splunk (no...
View ArticleHow to install Splunk on a Cisco UCS box ?
I have to setup a Splunk Indexer on a Cisco UCS box. Please advise how this can be achieved. Thanks
View ArticleCan you help me with my email alerts issue?
Hi, I'm trying to configure some alerts by email, but I got the following error: Sending the test email failed: command="sendemail", (550, '5.7.1 Client does not have permissions to send as this...
View ArticleHow do I index only critical events?
I'm trying to use advanced whitefilter, but I'm coming up short. Basically, I want to index all Windows event logs that have a Type of Critical. I see EventType and Type, but both aren't what I'm...
View ArticlePulldown doesn't work the first time (With a trivial Example!)
Hello, I have a really simple dashboard with a single pulldown. I notice that it never seems to take effect the first time I select a value. Only the second time. Here is the code with a base search...
View Articleadd dynamic overlays to chart
Just wondering if there's a way to get a handle to the Highcharts javascript object that might have been created when generating the splunk chart? I was hoping to be able to dynamically show and hide...
View Articlehow to add eventdata in splunk
Hi, By mistake i ran the splunk clean command eventdata is deleted from database. .Command i ran : /splunk clean eventdata -index main -f Cleaning database main. How to add again can someone please...
View ArticleSplunk not picking up the first few lines (3-5 line) of log files
Hi, I have an issue where Splunk is not picking up the first few lines (3-5 line) of log files when doing a search. There is no customization done via the props and transforms. I have also checked and...
View ArticleRetention period need to set for DB connect app data
Hi Team I have 3 queries in DB Connect App 1) Runs once and pull 13 months of data, 2) second also runs once and pull 13 months of data 3) runs from 1st to 7th of every month and freeze for remaining...
View ArticleProps.conf Source stanza on Universal Forwarders
Currently looking at deploying some changes to ease management of input files in our environment. I've confirmed that the only way to bring in multiple whitelisted files and think them with a...
View ArticleCould I know about web service of Splunk?
I just started to use the Splunk and also bought annual license. But, I stuck to confirm to regularly use for security reasons. They are thinking about some suspicious that all the http methods works....
View Articleサーチ時の時刻について
お世話になってます。 サーチ時の時刻がずれているので直したいのですが、どこで直したらいいでしょうか? ユーザー情報のタイムゾーンを変更するという記事を見かけるのですが、 ライセンスの関係上ユーザーは作れないので、初期ユーザー?を使用してサーチをしています。
View ArticleWhy '[indexer] Eventtype 'wineventlog-ds' does not exist or is disabled'...
Splunk Add-on for Microsoft Active Directory installed on the sh and indexer is an updated version. We get to see results on the dashboard, but we are bothered by that yellow warning icon. Is there...
View ArticleFalse alert - delay in log writing?
We are getting a random false alert from Splunk (6.5.2) search that's looking if certain string is not found in a logfile within the last 15m. When we did an investigation and try to search, the string...
View ArticleLine Chart over _time by fieldname
Hi I am trying below query to plot line chart- index=abc |eval Time=round(endtime-starttime)|chart values(Time) as Time over _time by Type Here there can be multiple Type values. my problem is some...
View Articlesave panels after reloading the page
Hi all, i have some checkboxes which display single value panels by click/unclick. It works only untill page is not reloaded. May anybody know how to save it so my checked panels would be displayed...
View Articlecharting.fieldDashStyle error
I have a chart that needs only one field (percentage field) to have a dotted line property. I need to specify the percentage field to have the shortDash property using fieldDashStyles. Here is my...
View ArticleGet the total number of events
Hello ! I'm trying to calculate the percentage that a field cover of the total events number, using a search. This is my search : [some search] | fieldsummary | rename distinct_count as unique_values |...
View Article