When using "stats max ()", the result is truncated.
My environment: Splunk 7.2.3 When I do following search, the result is truncated. search-1 | makeresults count=1 | eval num="123456789123456789123456789" | stats max(num) result-1 max(num)...
View ArticleAnnotation of graph not working when i use the below command.
Hi all. I'm facing some issues in displaying annotations for my graphs. I suspect that something is wrong when I use 2 STREAMSTATS command. My annotation for that particular graph seems to stop...
View Articledynamic token based drilldown in chart using a BY clause
I have a timechart visualization using a by clause to display two different data sets. Think the number of successful logons and failed logons over time displayed on the same chart... For example:...
View Articlehow can i find events having NULL value related to a field
Hi, I am trying to find all the events related to a field where value is NULL . For eg. say Field has multiple values like abc def mno -- This is NULL value xyz -- This is NULL value pqr. I am trying...
View ArticleSSL Versions for tcp-ssl input ignored
I'm trying to get Splunk to accept SSLv3 for a special case of tcp-ssl input and although specifying sslVersions = "ssl3", *nmap --script ssl-enum-ciphers localhost -p 9998* always returns TLSv1.2 as...
View ArticleSearch query for checking latest version of Splunk Enterprise
Hello all, I know that Splunk [regularly checks for Splunk Enterprise and app updates][1]. There is the "New (maintenance) version available. Check here for details" message as well as app update...
View ArticleCSV headers appear as event
I have a csv file that updates every now and then. I'm monitoring it via splunk. However the problem is that the firsl line of the file contains column names for example: TIME;NAME;CAUSE;MONITOR; and...
View ArticleHow to use IN function with VALUE-LIST as a search or lookup
hi, We have a SPL which emits hostname as a single value, but this needs to be checked against a valid list of hostnames on every line. The list is "colon separated" So ideally, we need to check if...
View Articlecan you help me with a token issue
Hi I use the scheduled search below eventtype="AppliService" Name="mfevtp" | fields Name, host | dedup host Name | stats count This search is called from the dashboard with a loadjob command | loadjob...
View ArticleAnalyze where the users "looking for" information in our application
Our log looks like as following after first filter: Date...Time...UserID...Function...Level 1...Level 2...Section... 20190227 03:56:22:788 [ftjmvf0534faqmyhbwp51e0d] - Function => [level...
View Articlecan you help me with regex
Hi, I have a search with regex ERROR * | rex ".*?(?(?:\w+\.)+\w*?Exception).*" | stats sparkline count by exception |sort count desc should I change limits.conf or change regex ? Can you help me. Thank...
View ArticleMonitoring infraestructure
Hello splunkers, could you help me how monitoring infraestructure (machine, cpu, ram, disk usage, etc) from Hp Non Stop Machine? Thank you in advance
View ArticleExtracting JSON/XML from string entry and dispalying in table
Hi I am trying to extract various fields from below entry in splunk. I executed the below splunk query : index=test_index source="testlogs.log" "InteractionId=test_interaction_id1" | search("||url") |...
View ArticleExtracting JSON/XML from string entry and dispalying in table
I am trying to extract various fields from below entry in splunk. I executed the below splunk query : index=test_index source="testlogs.log" "InteractionId=test_interaction_id1" | search("||url") |...
View ArticleMISP42Splunk accessing remote MISP instance with a client certificate
I'm trying to access a MISP instance from the MISP42Splunk App. I've configured the correct API key and MISP Base URL. I do not however, see an option to specify a client certificate to be presented to...
View ArticleHow to run a parameterized map command as a savedsearch report?
Hi everyone, I have the following dummy search saved as a report: `| makeresults count=1 | eval test="Hello" | map search="| makeresults count=1 | eval test=\"$test$\""` Executing this search directly...
View ArticleChart for startup time
Hello, I would like to monitor my TomEE restart occurences and time execution, so I am looking for the expression: "Server startup in" and I am receiving the following events: 27-Feb-2019 14:12:05.781...
View ArticleEvaluate the difference of 2 multivalue fields?
Hi, let's say we have 2 multivalue fields Field1={a,b,c,d} Field2={a,b,c,d,e} Is it possible to evaluate the difference between these fields and display the additional value of Field2? So that...
View Articleneed to create incident in servicenow from splunk
Hello, I have created one instance on trial for servicenow and created one user name servicenow and assigned role like import, itil. I have installed ServiceNow Security Operations add-on on splunk....
View ArticleIs it normal for indexer cluster master to connect to peers on odd ports
I was troubleshooting why peers show as "Pending" often in the cluster master web UI. In troubleshooting I ran 'ss |less' and via tcp I found the master connecting on odd ports and vice versa. Heres a...
View Article