collect command taking up significant memory after upgrading
After upgrading from 6.6->7.2.4, we started receiving an alert daily that a nightly job was taking memory exceeding our set threshold for a single search. The search used a collect command taking a...
View ArticleOldest 50 Tickest that are OPEN
I am having hard times to query the Splunk. The data in splunk is a list of tickets and their updates over time i.e: TIMESTAMP,TICKET_1,STATE(open),ASSIGNED_TO,......
View ArticleHardwware Requirements for Evaluation
We need to request a server from Network Operations in order perform an evaluation. We would need Hard Disk Requirements. The other Requirements are easily found, as far as hard disk space goes, I...
View ArticleRelative Time Value to Timepicker Latest
Hey, I got a dashboard with different panels. They are all controlled by a single timepicker. Usually the timeranges a several weeks. In one of the panels I want an overview for the last 24 hours...
View ArticleWhy is Splunk not displaying the full log entry?
I am only receiving the first two lines of a log entry into Splunk: Date: 2019/03/12 14:00:10 SOFTWARE Module: D:\SOFTWARE_Enterprise\Service6.exe Machine Name: TESTSERVER001T Database Name: ORA-TEST...
View ArticleUsing 'in' in a search doesn't yield correct results.
index="things" AND sourcetype="user_pixel" AND os="*" | search page = "Contact Us" | timechart span=3hr count by os limit=7 Vs index="things" AND sourcetype="user_pixel" AND os="*" | search page in...
View ArticleHow to extract the status values from the following events?
Hi Team, I have following two events from where i need to extract the status )V 2019-03-11 msp raw utility_extract13L hdfs:/datalake/consumer/msp/raw/tmp/MSP_DELTA_PR936_UTILITY_EXTRACT13_190311"...
View ArticleWhy using 'in' in a search doesn't yield correct results?
index="things" AND sourcetype="user_pixel" AND os="*" | search page = "Contact Us" | timechart span=3hr count by os limit=7 Vs index="things" AND sourcetype="user_pixel" AND os="*" | search page in...
View ArticleMerge two searches that use two different sourcetypes?
I have two searches from two different sourcetypes. Search #1 is currently in a dashboard with a dropdown selection. I would like to merge both searches into one and still utilize the dropdown...
View ArticleUser with two roles and one search restriction does not work
I have troubles using Splunks role management in combination with search restrictions. My setup is straightforward: A user with two roles, whereby the 1st role is restricting the user on one index. *...
View Articlemultiselect table rows with checkbox deleted by button click javascript
Hi, I am currently trying to delete a multi-select table rows with checkbox. So basically I want to select multiple rows and on selction ,selected rows fields values get store in KV store and delete as...
View ArticleHow to disable default data models?
Hey guys, Can someone please tell me how to disable default data models in splunk? Any help would be greatly appreciated. Thanks
View ArticleRegex, and extracting the IP + hostname from _internal
One of my ongoing gripes with splunk is that there is no way to see the IP and the hostname -- either my forwarder sends a hostname, or an IP. Not both. I know the information is there, as I can see it...
View ArticleClik here to view.
Embedding Base64 image into dashboard
I have a static image I want to embed on dashboard which is actually a logo. Using Splunk Enterprise, I am only allowed to convert image to base64 and use HTML to embed it. I wrote the below in source...
View ArticleHow can I get field extractions from a dictionary in a log?
All, I've done this before but I am rusty. My log looks like this 1/2/2019 12:34pm priority=info soemthing=12 mydictionary={"iq":"123", "lovescars":"True"} Where mydictionary can as many as 30 elements...
View Articlemultiple joins and subsearch question
I have got 3 queries that I need to join together. First query has a subsearch. I used a subsearch because I need to find the records that has a fractionLost > 128 for eh_event=RTCP_MESSAGE. From...
View ArticleI would like show sparkline from outputlookup table
I would like to improve search performance by preload data into csv or kv-store with sparkline. How do I display sparkline back when I use command inputlookup ? Thank you
View Articletransforms.conf regex only n characters of a line
Hi Experts, I want to filter for a line with a string. But display only first n characters. Regex tried: (?:^.{0,55})(search_me) test line: 2019-02-20_14:51:27.041 [https-openssl-apr-443-exec-51] DEBUG...
View ArticleSplunk Password Policy of admin role
The content of Splunk password Policy. -- authentication.conf -- [splunk_auth] constantLoginTime = 0.000 enablePasswordHistory = 1 expireAlertDays = 15 expirePasswordDays = 90 expireUserAccounts = 1...
View ArticleSSL Certificate on AWS Application Load Balancer - still have SSL port 8089...
Hi Team, We are using Splunk in AWS EC2 Instance. The SSL Certificate is uploaded on the AWS Application Load Balancer. With that, how can we resolve the SSL Self Signed Cert Vulnerability for port...
View Article