Lookup command returning incorrect (and inconsistent) null values
I encountered a very weird behaviour. I think to have found a way around it, but I want to make sure that I didn't misunderstand anything and I want to isolate/define the issue as well as possible....
View ArticleCleaning up orphaned searches and reports
We migrated search heads and there was content in user directories from users that have since quit, and therefore no username got created. I get a message that there are orphaned searched. Any advice?
View ArticleDouble spaces are suppressed in search results
|makeresults| eval owner_realname="Andrew Gerber" | where match (owner_realname,"\s{2}") Search above generates output, but in the output the double space in the "owner_realname" is missing in the...
View ArticleHow can I check the CPU utilization of the SH / indexer from the search?
Hello, I do not have access to the OS machines of the Splunk but I suspect the CPU bottleneck because my alert jobs are having 3 min lag between scheduling and dispatching. I would like to investigate...
View Articlehow to calculate starttime and Endtime duration
how to calculate starttime and Endtime duration |08-feb-2019 01:30:18|08-feb-2019 01:30:28
View Articlehow to calculate the starttime and endtime between duration ?
actually iam new to splunk in my logs starttime and endtime is there need to calculate duration starttime endtime |01-feb-2019 01:30:18|01-feb-2019 01:30:28 fieldnames are starttime and endtime
View ArticleLookup command returning incorrect null values
I encountered a very weird behaviour. I think to have found a way around it, but I want to make sure that I didn't misunderstand anything and I want to isolate/define the issue as well as possible....
View ArticleHow to get upcoming friday date
I have a date field in my feed as "2/15/2019" , want to compare this with upcoming friday date value in search. please help how to do this
View ArticleDefault indexes in Splunk Enterprise
My Splunk Enterprise is running for a few months. I'm sending all my logs (HEC and UDP) to index "main". However, I see some indexes defined, mainly I'm concerned about the top-consuming ones:...
View Article_thefishbucket empty
Hi. We are migrating our Splunk instance to a new server. We do not want it to re-index a directory that we have as a monitor. It was recommended that I copy over our fishbucket. I'm looking in...
View ArticleNeed help getting number value and averaging it
I am trying to get the value, in this case it the # of seconds to respond, so that I can graph it or set alerts to it. Below is the log entries I am dealing with. STATUS | wrapper | main | 2019/02/10...
View ArticleUsing transaction or stats to filter different parts of a query
Hi Experts! Im looking for a way to show where i get bookingresponses with the SAME (duplicate) platformid but different reactorids. Example: 2019/02/03 12:02:14.458 [server1] event="Received booking...
View ArticleHow to capture Individual loading time of URIs in a URL using Splunk ?
Hi all, I know that in Splunk i can capture the end to end response time of an URL. But, is there any option to capture the metrics like Google developer tools. I want to capture the metrics like DNS...
View ArticleBackground image for any chart!!
Can we have any background image on a line chart in Splunk? Like I will have my line chart which does it job (with plain background image) ; But I want to have a different image (not background color...
View ArticleRestrict access to Savedsearches for specific roles
Hi, I have many savedsearches running in my environment that are regularly writing data to summary indexes and metric store. And some savedsearches that are just meant to perform the basic search...
View ArticleHow to troubleshoot why a Universal Forwarder is not sending data to the...
Hi all, I did read and try numerous if not all the subject similar to mine. I installed a Deployment Server on my Splunk Enterprise Server. I followed the tutorial and made the "sendtoindexer" app...
View ArticleIntegrate Microsoft Cloud app security with splunk
Hi I want to integrate Microsoft Cloud app security with Splunk..for this is there any add-on available ? Which fields are required to integrate with Splunk and how? Thanks,
View ArticleSplunk Enterprise Sofware Installer - deb and tar.gz files
Hi, Just wanted to ask about Splunk software installer files like tar.gz and deb files. We currently have Splunk Enterprise v.6.5.2 and we wanted to upgrade to v.6.6.5 Before, the Splunk Enterprise...
View Articlehow to resolve the below snmp error when i try to convert mib files to py...
build-pysnmp-mib -o IMAP_NORTHBOUND_MIB-V2.py IMAP_NORTHBOUND_MIB-V2.mib Empty input smidump -k -f python IMAP_NORTHBOUND_MIB-V2.mib | /bin/libsmi2pysnmp fails make sure you are using libsmi version...
View ArticleConditional alerts in splunk
I want to generate an alert on a specific condition .if alert is generated from an id for the first time email needs to be send.If next Alert is received within 30 mins for same id, then Email...
View Article