Can we export saved search results to outputs.csv?
Hi, Is there a way we can upload all my saved search results to CSV file for scheduled search? Thanks
View ArticleData extracted from splunk and use it in java form
I have extracted certain feilds using java sdk from splunk with the table command. The data extracted is in the form of job. How can i convert that data into string, so that i can apply conditional...
View ArticleWhat is the purpose of the file conf.conf found in .../etc/system/default ?
I read 12 questions/answers when searching for conf.conf. I still have no idea of the meaning/purpose of that file. Please help.
View ArticleCreating index in another drive windows
How can I create index in another drive, I am running splunk on windows and its in C: drive. So I want to create an index in D: drive as on C drive I have low space.
View Articlemultikv + lsof + python proc bug?
After upgrading to 6.2 from 5 multikv does not work well for me. it just does not extract the fields when the COMMAND is python. search was not changed, just stopped working... host=worker*...
View ArticleHow often users are searching for old data
Is it possible to find out what time range Splunk users are searching for? We're upgrading our multi-site cluster from 6.3.3 to 6.4.2 to take advantage of tsidx reduction feature....
View Articleaddcoltotals : do not sum percentages
Hello, I'd like to do the following (screenshot at http://hpics.li/49c6c08), do not sum percentages but just following a calculation rule. Thanks for your help. [Screenshot][1] [1]:...
View ArticleX-Axis duration in hours, not seconds
I am using the following search to get a total VPN connection time for users: index=pan_logs eventtype=pan_system log_subtype=globalprotect sourcetype=pan:system | transaction pan_gp_user...
View ArticleTranspose CSV column headers to row
Hello, Is Splunk able to, before or after indexing, transpose column and rows in this way: original file: has column headers need format: each column header to be appended into a column such that each...
View ArticleCounting Number of Field Installs ( Counting Latest event only)
Hi all, I am attempting to count the number of Installs of certain code levels for field machines. Essentially I am extracting this information from some logs, and then I am listing all the code levels...
View ArticleHow create a schedule alert just after 17:00, holidays and weekend?
I need to schedule an alert that triggers an email alert just after 17:00, holidays and weekend. It's possible?
View ArticleExtract additional fields using nessus2splunk.py
Is it possible to extract additional fields using the `nessus2splunk.py` script found within Splunk Add-on for Nessus? Some useful fields would include the following: falseNo known exploits are available
View ArticleFollowing the instructions on the "Build a custom visualization" tutorial...
Hi! I'm currently working through the Splunk Custom Visualization tutorial and have run into a problem. I've followed the instructions up through the "Try out the visualization" section. However, after...
View Articlewhat if indexer is unavailable when using DNS list load balancing
a universal forwarder will request to resolve XXXXXX (DNS) and it may get an IP address of the indexer that is no longer available in that case, it doesn’t have another address to try, so what will it do
View ArticleIs there a regex syntax for undefined number of characters?
I need to get commonName for ISSUER NAME but there are multiple issues: there are more than one commonName(one for ISSUER NAME and another for SUBJECT NAME), commonName position below ISSUER NAME is...
View ArticleEnterprise security(ES) upgrade vs new install
Hi I'm.trying to upgrade from ES 4.0.0 to 4.1.1 in staging server. Afterwards when I look into ES_Configuration_Health log it shows lot of unshipped items. A lot more than I expected though we haven't...
View ArticleWho to split up $SPLUNK_DB and colddb
I have many indexes on my three indexers. I have attached NSF shares for the colddb. All the indexes are at $SPLUNK_DB/indexname/colddb. If I stop splunk and copy all the cold buckets to a new share...
View ArticleHow do I submit a radio button search with a submit button without changing...
I am using simple XML and I need to submit a search I have defined in a radio button. I need to do this with a Submit button without changing the Time Picker. Currently, I can make the radio button...
View ArticleWhy does Splunk indicate: "Your Splunk license expired or you have exceeded...
I started with the trial license and have a total uncompressed raw data size of 0.91 GB. How could this exceed the 500 MB per day limit? The licensing alerts show a number of entries like below:...
View ArticleHow to setup a KPI every 30 minutes?
By default the option listed for KPI search schedule is 1,5 and 15 minutes and the calculation windows is 1,5,15 min and 24 hours. How can i calculate for every 30 minutes. I want to results to be...
View Article