Best way to do this in Splunk? Tags? Lookup or perhaps something else?
Hello I have a complex search that I need to do. An example is something like: CONDITION=(ip.dst=lots of different IPs' && port=some interesting ports && ip.src != some more Ip's) What...
View ArticleField value getting " "
Hi All, Need help, here is the scenario index=test subject="hello world" >>> getting the output index=test subject="hello "world" test" >> not getting the output , reason is due to...
View ArticleStreamstats Output Truncation
Hi All, We are using streamstats command in our query ,While i am searching we are not getting all results and it is limited to 10000.My results are truncating. I have updated below stanza in...
View ArticleF5 Version 13.0
Dear All , I need to know how to configure F5 ASM version 13 to send logs to splunk as below format . Below link contains format for version 12 and not support version 13 ....
View Articlecalculating SLA with unstructured date format
hi guys, can you please help me in how can we can try to convert this value **2019-01-28-20-32-49** to **2019-01-28 20:00:00** format . And calculate time difference between the two values with the...
View ArticleWhy Are My Search Results Truncated?
Hello, I'm running into behavior I don't quite understand and was hoping someone might be able to shed some light on it. 1.) I'm running a search as an admin on a default install of 7.2.0 Splunk (no...
View ArticleCreate periodic Dashboards/Reports for selected users and frequency from a...
Hi Experts, I may be getting over ambitious with Splunk! but I still have to ask this! Is it possible to schedule periodic reports/dashboards based on the information from a CSV table. The CSV table...
View ArticleExclude weekends when calculating expected end time
I am doing a support ticket with 4 levels of severity. Level 1 expects the ticket to be resolved in 4 hours Level 2 expects the ticket to be resolved in 8 hours. Level 3 expects the ticket to be...
View Articlepreamble_regex not working on UI
Hello Im having a problem and my mind is already heated looking for the answer, here is a screenshot of what im trying to do PREAMBLE_REGEX is not working here are the examples of my logs. I even tried...
View Articleresize bar in bar graph to be universal size
I have a bar graph with 3 fields labelled Memory, CPU and Disk Space. When there is no Memory value, only CPU and Disk space will show. However, the size of the bar will become fatter as less fields...
View ArticleNo fields are extracted from custom unix app script output
Hello, I'm currently using the Unix App to show the disk space of some nodes. This works fine, however, for some nodes, I'm only interested in one of the mounts. For this, I copied df.sh and modified...
View ArticleRun python Script on Universal Forwarder before taking input.
I want to take input from a forwarder but before that I want to filter the data with the help of a python script. Just like in normal monitoring option, I used script to monitor a folder, like that I...
View ArticleHow to display last 4 months in splunk starting from current month
How to display last 4 months in splunk starting from current month. Required output is: January 2019 December 2018 November 2018 October 2018
View ArticleIdentifying Keywords from a .CSV and reporting them.
Hi all, I'm a bit of Splunk newbie, please bear with me! Our web filtering software is currently forwarding events to Splunk and works well. I'd really like to achieve the title, but I'm not well...
View ArticleDiscarding Events fron cron.log
On my univesal forwarder I have a repeated entry in my cron.log file that I would like to discard however I am not very familiar with regex terms. The entry in cron.log is hostname CROND[27158]: (root)...
View Articleconverting a non time format value to a correct date format
Hi guys , can you please help me with the solution for this use case i have been joining two quries and calculate the time difference. In the main search i have got the time format as **2019-01-28...
View ArticleHow to use a subsearch with 'table' command?
Hello, In order to detect unused workstations in our computer park we are searching for all assets not connected to Active Directory (AD) AND to Ghost Solution Suite (GSS) since >90 days. We can...
View ArticleLoading screen on Splunkd Health Report feature ?
Hi all. After upgrading to 7.2.* we experienced that the health Report feature is not loading properly. I start it from "Settings" -> "Health Report Manager" The website having issues to show...
View ArticleFalse alert - delay in log writing?
We are getting a random false alert from Splunk (6.5.2) search that's looking if certain string is not found in a logfile within the last 15m. When we did an investigation and try to search, the string...
View ArticleHow is Splunk utilizing Map Reduce?
How is Splunk utilizing Map Reduce and also if it uses the same tech for SPL and data compression.
View Article