I do have a splunk enterprise license , I am creating a test environment how...
Hi , I do have a splunk production environment which uses a splunk enterprise license , i am creating a splunk test environment and i want to use some portion of my production environment in my test...
View ArticleSplunk Infrastructure App requires Add-on for Powershell?
According to the Windows Infrastructure App documentation, it states the following: ***"**The Splunk Add-on for PowerShell**** All of the add-ons that come with the Splunk App for Windows...
View ArticleTrying to use collectd to trend process utilization by name
I've got a test set of hosts using collectd to gather process information, and I'm struggling how to get mstats to give me a by clause of the process name. Can someone help me out with this?
View ArticleAbout the settings of identities.conf in the SHC environment
Splunk ver 7.5.2 DB connect 3.1.4 SHC's member 3 (* include captain) When a new identity is created, `identities.conf` is created, but PW is hashed. If I do similar operations in one of the SHC...
View ArticleWhat is the proper way for listening SearchManager results in JavaScript
I tried the following ways: **Way 1**: One method is to run search and wait for its results is as follows: require([ "splunkjs/mvc/searchmanager", "splunkjs/mvc/simplexml/ready!" ], function (...
View ArticleWhy does splunk service fails to start with error : ” Timed out waiting for...
While trying to troubleshooting/fix the issue 1. No conclusive errors in log file as to why Splunkd fails to start. 2. We tried starting Splunk service in debug mode ie splunk start --debug : still we...
View ArticleWhy are counters from Perfmon not being extracted?
Hello, I have the following in my inputs.conf on a Windows server: [perfmon://CPU] counters = % Processor Time; % User Time; % Privileged Time; Interrupts/sec; % DPC Time; % Interrupt Time; DPCs...
View Articlehow i can display only one value using dropdown?
Hello, everyone I am using one CSV file to display the output. I have added the screenshot for CSV file. I want to display the output in such a way so that if I want to select productA it 'll display...
View ArticleDistributing inputs.conf with deployment server
Hello, I would like to distribute and make changes to the inputs.conf files of the universal forwarders using deployment server. So far I have created a new directory in the /etc/deployment-apps:...
View ArticleHow to trim a string to a new field
Hello, I cannot figure out the syntax of the rex function. I have a field called data multiple email addresses: eample@blahblah.com. ODY=7BIT I need to create a new field where just @blabla.com without...
View ArticleWhy do I get HTTP 500 Internal Server Error occurs when logging on Splunkweb...
splunkweb is slow. When we open browser -> enters https://x.x.x.x:8000 It takes time for login page to be visible. Once we enter the user/name password after few minutes we see get error message :...
View ArticleNeed to export Splunk data (our application logs) to CSV using API
Our application has over 3 million records every 24 hours that we need to export using Splunk. When we tried using Reports, we were getting a maximum of 50000 records. We were suggested to use Splunk...
View ArticleHow to fetch already indexed events through Python ?
I have Index "A" with Two fields **"Latitude"** and **"Longitude"** ,now I want my python script fetch these two fields from Index"A" and calculated **distance** (using internal logic) and then indexed...
View ArticlePut search result into a token in INIT tag
Hi all, I'm new of a splunk. I'm wondering if there is a way or if it's possible to put a search result into a token in INIT tag section. I've to calculate the total of the devices in order to pass it...
View ArticleRemove null values from evaluated field in the search results
Hello, I have this query: index=main | table sourcetype, data, context, local_endpoint, remote_endpoint | eval Ergebnis = replace(data,"^[^\@]+","") | search Ergebnis=* I Need to remove the empty rows...
View ArticleIs it possible restrict a user search by data values?
Hey! For example, if I have events contain different countries. Is it possible to restrict users by specific values? So they'll be able to search only specific country or more. I know the is option to...
View ArticleSPLUNK Architecture Deployment Minimal (Recommendations)
We currently use a single SPLUNK Enterprise server that runs on a single virtual machine on ESXi. This instance is both our search and index device. It has been running quite solidly for a while now,...
View Articleazure monitoring by splunk Heavy forwarder
Hello team, Need to know some basic query , need to monitor azure logs for storage and apps . Where we have to install heavy forwarder splunk . can suggest best method to integrate to these logs. Thanks
View ArticleHow to get information in ModularAction
We are developing a ModularAction using the CIM framework, and we want to know how to get the following information: trigger_date trigger_timeHMS trigger_time These are the possible tokens user can...
View ArticleHow to use Accelerated Reports in a Dashboard
I have a report "CheckPoint Blocks" that has a time span of 1 hour. I have accelerated that report for 1 month. I have a Dashboard and have added from Reports "CheckPoint Blocks". The dashboard panel...
View Article