Relative time search and plotting in a timechart
I currently have a search query to calculate the maximum, average and median CPU usage of a server over the past 2 hours using NMON data models, which is in real-time. | tstats `CPU_ALL(max)` from...
View ArticleAlerts using Splunk Search Queries
Hi everyone. Does anyone have any idea on how to use conditional statements within a search query? My problem statement wants me to create an alert,as soon as the number of events in the past hour...
View ArticleWhat happened to all the Dashboards in the latest version of the App ?
Hi Some of the dashboards are missing from the previous versions Billing, Azure AD & the nice Topology feature ? Can these be re-added ? gratzi
View ArticleWhitespace before closing bracket: An Issue?
My Fowarder App is 1.) Deployed 2.) Reloaded 3.) Phoned-in...but still no logs coming in. Here's the inputs.conf just deployed few minutes ago: [monitor:///Some/Directory/*.logs ] index = some_index...
View ArticleSearch Head Cluster: Lookups definitions not replicated to indexers
I have a search head clusters with an indexer cluster. On a search head, I created a new file-based lookup. On a search head I did a dummy search (which didn't involve the indexer) and made sure that...
View ArticleHow to specify a list in WHERE condition?
Hi All, * I want to display only results which are present in a given list, please see below : `....... | xmlkv | stats count by "ApplicationFunction" | WHERE "ApplicationFunction" IN ("Price",...
View Article7.2.xへのアップグレード時にKVStoreのエラーが表示されます
Splunkを 7.2.1 から 7.2.3 にアップグレードする際、マイグレーションスクリプト実行中に下記のエラーが表示され、 アップグレードに失敗してしまいます。 > ERROR while running mongod-fix-voting-priority migration. 先に進むにはどうすればいいでしょうか?
View ArticleMove duplicate rows in a table
I do my search and use the table keyword to get the results and the fields in a table The table i get is like this field1|field2|field3|field4 1 |2 |3 |4 1 |2 |3 |4 1 |2 |3 |4 1 |2 |3 |4 5 |6 |7 |8 5...
View ArticleReload App Failure
Hi team, Could anyone tell me about query to show which app fail to reload after i run command #splunk reload deploy-server?
View Articlealert search with subsearch
Hello, I have an alert which selects from the database and whenever entries come back, the alert is triggered. Now, I would like to implement the subsearch there and depending if it brings any result...
View ArticleMicrosoft Windows defender Data not coming
Hi I already have Log Analytics add-on installed and it is working fine and able to get oms logs. and now new requirement has came to get Windows defender ATP logs in splunk and I have configured input...
View ArticleAfter log rotation, UF does not forward logs.
My environment: Splunk Ver 7.2.3 UF Ver 7.2.3 UF monitors `var/log/messages`, and forward it to Splunk. But after log rotation at `02-01-2019 00:05:00`, UF no longer forward it. In internal log, there...
View ArticleHow to get all matching and non matching Rows from Splunk Search and Lookup
Hi, I am working on a query where I have to match the responseCode from search to the responseCode in a lookup i created. That lookup contains the responseCode and it's description. Now there are few...
View ArticleRadial Gauge coloring question
Suppose out of 100, 75 is compliant and 25 is not. so i like to dynamically show 75 as yellow and 25 as red if its 100 compliant then show green. how can this be done for radial gauge..
View ArticleAny difference in information levels using REST API input vs the Workday add-on
Hello Team Using the Workday add-on the logs in some cases do not have the level of detail we see in workday UI ( for audit). e.g. We may see that account has been changed/edited but not what privilege...
View Articlegcp splunk error: Unexpected error "" from python handler: "Daily limit...
I am getting the error while using GCP splunk add on to integrate GCP audit logs. 02-08-2019 11:24:44.073 +0530 ERROR AdminManagerExternal - Stack trace from python handler:\nTraceback (most recent...
View ArticleSplunk App for VMware - Licence
Hi, I have installed this app and configured it using the addon. I was able to see the data, however, I am exceeding the trial licence daily limit of 2GB. Currently, I have 5GB data coming in, as a...
View ArticleMigrate from single-site indexer cluster to multi-site
Hi guys. I had a single-site indexer cluster with replication_factor 3. Migrated to multisite cluster with parameters: site_replication_factor = origin:2,total:3 site_search_factor = origin:1,total:2...
View ArticleIssue on savedsearches access using custom role on a custom app
Hi, we have a Splunk Server Instance and we have developed several custom app. To limit access we are creating custom roles to limit access only to the related custom app. All is working fine apart the...
View Articlecreate a dash board from multiple csv files by using lookup file with...
Hi All **I have data in multiple csv files. I would like to create the dashboard from csv files(dynamic values) by using lookup file(static values). The dashboard should contain daily usage of inbound...
View Article