How to join two searches based on two different formatted fields
I have an index which contains field - TXN_ID = "24, 25 " index=index1 TXN_ID ="24,25" I have another event in different index which has field - ID = 25 index=index2 ID=25 How do i combine both these...
View ArticleDelete button for KV store wont work
Hi there, Im trying to make my JS button delete records from the KV store by key id. I can see it grabbing the token in the URL but it doesnt actually delete it. I copied it from the dev tutorial and...
View ArticleInformix DB with Spluk DB connect
Hello, we have Informix DBs. Now i want to index the data (specific tables) for splunk queries and "dashboards". There are 2 input types, batch and rising. Is rising supported for informix? How is...
View ArticleAccess Splunk interface on Heroku website
Hi, I'm running a dockerised Splunk on heroku. How do I access the splunk interface through my heroku website or host a dashboard as the homepage?
View ArticleDo Props.conf create any effect, in customize app at Forwrader?
Hey Splunkers! I have a doubt, when we create any customize app in Splunk, for any purpose, lets say for log monitoring. So the default props.conf will be effective or if i update something in my...
View ArticleField extraction
My actual data is 'ProcessName'>C:\Windows\System32\lsass.exe Wanting to extract the field from C:\Windows\System32\lsass.exe as a field called Process kindly assist get me a query that fetchs the...
View Articlespath error parsing data
Hi , I have this issue when try to parse with json. For example i evaluate a field (for example) a_configuration : index="xxx" a_appl_id=YYY | | eval...
View ArticleHow to set up configuration in SPlunk for Tanium
I installed Splunk Tanium app in my environment, Can you please help me for the configuration in Splunk for tanium In which configuration file i need to edit and get the data in SPlunk for tanium
View Articleis it possible to add a count in title tags
hi is it possible to add a count variable between ? I want to display a variable count in this tag Perimeter : **xxx** machines?? could you help me please??
View Articlelog file size
How to calculate file size size which is indexed in splunk. For example xx1.log xx2.log two files indexed at splunk and i want to calculate the size of the source after index.
View ArticleHow to remove third Thursday from Splunk results
We would like to remove our monthly patching window from our error report that we receive from Splunk on some of our servers we report on. For example, we would like to be able to remove the data/error...
View ArticlePeering into other Splunks
Hi, Our group needs to read data that is managed and stored in another Splunk in our company. The other splunk will have clusters, and a cluster-manager. It appears that there are two different ways to...
View ArticleCollector and universal forwarder on same machine?
Is it possible to run 'Collector' used for Splunk insight for infrastructure and 'Universal Forwarder' for Splunk Enterprise on the same machine?
View ArticleSchedule doesn't work propertly after version upgrade
After upgrading Splunk to 7.x.x version when i schedule a report or scheduled view it doesn't work and the schedule is always the next day. I tried with cron schedule, once a week, etc. but i'm having...
View ArticleRegex in Splunk
Hi, I have the following column: CVSSv2 CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N I want to do something like this: source="scan*" | where C="H" | stats count. How can I parse this query so I can have only "C"...
View ArticleHaving a % to follow number on gauge chart
Current: | search MachineNumber="01" | eval PercentComplete= round(((CountSinceLastTaskCompletion)/MaintenanceFrequencyValue)*100,0) | chart First(PercentComplete) as PercentComplete by...
View ArticleHow to make a search head not run any searches?
We have a search head cluster with 5 individual search heads. 1 of those servers is a simple VM which was deployed as a quorum search head. The main purpose of this search head is to make the captain...
View Articleget AD Computer with PowerShell
Hello, i have a powershell script that give me ad computer objects back. it works perfect. The Script run every 24h. Cron Schedule 0 */1440 * ? * * Im not sure about the time settings. I will get every...
View ArticleSplunk Maintenance Window
Hello Splunkers, In my organization Patching activity has been scheduled and under that all my splunk components will be down i.e Search head,Indexers,Master server etc. I need to bring all the Splunk...
View ArticleWhy does adding a drilldown change the colour of the text in a table?
Hi there, I have an issue where I have a table thats initially has white text(in dark mode) as it should.. but if i enable drilldown on the table - all entries have blue text instead of standard white...
View Article