How to capture optional digits with regex
I have a field which has values like below. Some values will have digits(6-8) at the end (as shows in the 3rd value- 854623) and some do not have that number. How to capture using regex...
View ArticleDoes the events get deleted after increasing maxTotalDataSizeMB?
The index reached 90% of its data size, does increasing the maxTotalDataSizeMB affects the older ingested events?
View ArticleAdding donut chart for a single value
Hi , I need to have a exact full donut chart for a single value . Below is the image https://imgur.com/a/O5tex30 how to create a donut chart for a single vaue using the js .
View ArticleHow to capture only string and remove optional digits with regex
I have a field which has values like below. there are 100+ values for this field, but i just posted 3 sample values. Some values will have digits(6-8) at the end (as shows in the 3rd value- 854623) and...
View ArticleHow to get list of users removed from LDAP but are still available in Splunk...
Hi Team, In my implementation splunk is integrated with LDAP authentication, users who left the organizations will be removed from the LDAP group as part of exit process form is submitted to LDAP...
View ArticleUse LDAP only for Authentication and Splunk internal roles for role management
Hi Team, Wanted to check if any of you have used LDAP only for Authentication and then handled the roles using splunk internal roles management. Documentation suggests we could do this by doing a...
View Articlecomparing multivalue fields
Good day! I need to compare the results of a search query that contains multivalued fields. My search query looks like this: sourcetype = MySourceType earliest = 0 latest = now() | eval category =...
View ArticleI am looking for replacing all the numbers in a field to *. Can anyone help.
Input field value: "this error occured for member123456. While making a payment of 60" Desired input field value:"this error occured for member*. While making a payment of *"
View ArticleSplunk systemd unit file in versions 7.2.2 and newer - how do I stop this...
As per the various other systemd related answers posts: [Is there a systemd unit file for Splunk?][1] [Is there a systemd unit file for Splunk?][2] [Splunk 7.2.2 - systemd - Root privileges required...
View Articlehow to match a specific field in 2 different csv file and 2 different index
Hi I use the search below in order to display in a table a specific EventCode by host I am matching the host with the host list there is in "host.csv" index="x" sourcetype="y" EventCode=6008 [|...
View ArticleINFO PeriodicHealthReporter - feature="TCPOutAutoLB-0" color=yellow...
Hi Team, I am getting below error in Splunk UI also i am not able to see new events in indexer since last 3 days. 04-08-2019 01:12:20.811 -0500 INFO PeriodicHealthReporter - feature="TCPOutAutoLB-0"...
View ArticleUpdate the admin password for UF globally
We want to change the admin password for all the UF globally. Is it possible to change it through the deployment server ? As we have more than thousand of UF and don't want to change it one by one. Is...
View ArticleHow to send the processed data to 3rd party system instead of raw data
Hi, I need to expose my Splunk Data to a 3rd party tool, It can collect data through REST API. I dont want to send the raw data or the entire data, i just need to send the results after i do the all...
View ArticleSplunk Setup Stream and errors
Hi, My problem ı first installed Splunk stream app and I open splunk stream dashboard and ![alt text][1] but /opt/splunk/etc/apps/Splunk_TA_stream is available. And splunk message is ![alt text][2]...
View ArticleHelp on background color in css
hi I added the code below in my xml tototututatatitidiv I try to add a background color to my div tag like this but it just color the background behind the text instead the plenty background what I...
View ArticleMonitoring Windows Event Logs
Windows Event Log files (.evtx) monitoring stop working after a while and the Splunk universal forwarder has to be restarted to start data collection again. Here is the [monitor] stanza configured to...
View ArticleVisits on IIS (Sharepoint Server)
Hello, I have to create a report, similar to AWStat attribute of "Visits". AWStats defines the visits as: > Number of visits made by all visitors.> Think "session" here, say a unique IP>...
View ArticleAlert Triggering only once even if set to 'Per Result'
I have created a scheduled alert that looks for results over a time period and if there are events, it has to send an email for every result. This email alert creates a ticket in our ticketing portal....
View ArticleSplunk app Windows Infrastructure - kvstore disk saturations
Hi, I use on my Search Head Cluster (with 80GB of disk space for each SH) the application "Splunk App Windows Infrastructure" that's carrying several kvstores and collections configurations. Theses...
View ArticleConfiguring udp with multiple ipaddress
Hi, I would like to configure my inputs.conf with udp on port 514. Like below: udp://[remote_server]:[port_number] My query is can I add multiple ipaddress in the remote_server field as I want to...
View Article