How can I get the content of a latest event's field and use it in aggregation...
I have following events: TicketId SplunkTimeStamp Version 6.1608E+14 8/5/2016 8:32 16 6.1608E+14 8/4/2016 9:40 6.1608E+14 8/4/2016 8:50 6.1608E+14 8/4/2016 23:44 16 6.1608E+14 8/4/2016 8:00 6.1608E+14...
View ArticleUnable to run a search through REST API
I am trying to run a saved search through the REST API. To test, I was trying to pull up a list. https://pbdc-splk-01:8089/services/saved/searches I've used the HttpRequester plugin for FIrefox, as...
View ArticleHow to display the time of one search in the final result when we have...
Below is my search. What I need is to have the time related to that error also saved(Timen) and then shown in the final result which has result of another subsearch. When I run it, I am getting the...
View ArticleCascading contexual drilldown - problems
Hello, I have a form, built like this: 1. A few inputs - time selector and some dropdowns. The tokens set by them affect the searches in the subsequent items. 2. A timechart with selection capability...
View ArticleHttp Event Collector CURL errors with {"text":"Invalid token","code":4} or...
I configured HTTP Event Collector and am trying to test it with: curl -k https://localhost:8088/services/collector/event -H "Authorization: Splunk 8111111111111*" -d '{"event": "hello world"}' error:...
View ArticleGoogle import/export app not accepting the JSON token from Google API
On Splunk Oxygen server, I have installed the Google Import/Export app. On google developmers I have created a project and enabled the API as outlined in the instructions, and downloaded the service...
View Articlecan a sourcetype be linked into a index?
I have need to move a sourcetype to a new index because the retention requirements for the sourcetype changed. The issue is that a number of reports/alerts/dashboards reference the sourcetype with the...
View ArticleAmazon Kinesis Modular Input: How to troubleshoot why Kinesis streams are...
We've recently started using the Kinesis Splunk Add-on for our clustered splunk environment. We have it installed on our heavy forwarder which then forwards the events onto the splunk cluster. We've...
View ArticleWhy is my timezone configuration in the app directory for my search head...
I'm trying to set the timezone via a deployable app to my search head cluster. If I put the configuration in the etc/system/local, it works fine. If it's in the app directory, then it doesn't. I did...
View ArticleHow do you place icons on a map
I would like to plot radio towers on a map. How could I place a jpg instead of a dot on a lat/long on a location on a map?
View ArticleHow do you draw lines on a map
I would like to draw lines on a map where utilities are buried. How could I accomplish this? I would like the layer to be visible or invisible depending on a form input. What would the data look like...
View ArticleHow do use Splunk regex and extract data from a comma separted text into a...
I am trying to write a search/extract on a below sample type of log file: Sample data is as below (it will repeat across the whole log file, with some other log lines in between: EventTime: 2016-01-01...
View ArticleHow to Read a dynamic host name from file and apply it to inputs.conf?
Is there a way to dynamically set the host name to read from a file? For example, instead of using the [default] host =xxxxx from inputs.conf, I'd like to get it from a config file:...
View Articleドリルダウンの設定をおしえてください
ドリルダウンの仕組みでダッシュボードより別(複数ある中から)のダッシュボードへ遷移させることは可能でしょうか。 可能であれば、設定方法を教えてください。 例 ダッシュボードメニューを作りたい。
View ArticleHelp with error
Hi, I noticed this popping up on my dmc the other day: throttled - idx=ngccc_app_logs Throttling indexer, too many tsidx files in bucket='/apps/splunk/db/ngccc_app_logs/db/hot_v1_20299'. Is...
View ArticleSome views disappeared after upgrade
We have upgraded splunk from version 5.0.5 to 6.2.5. After the upgrade we noticed some of the dashboards in an app were missing. We are completely clueless about this. Any ideas ??
View ArticleShortage of Indexer space in one of the indexer instance?
We are currently running out of space in one of the splunk indexer instance, out of 5 indexer instances and ours is a distributed environment. Using Splunk 6.2.1 Version. Total size of the indexer...
View ArticleNot getting all splunk events through oneshot search via Java SDK
I'm using Splunk's Java SDK to get Splunk events, and the problem I'm facing is that Splunk only returns a maximum of 100 events, even if the search originally contains more than 100 events. How can I...
View ArticleHow do I write a regular expression in a Splunk search to extract data from...
I am trying to write a search/extract on a below sample type of log file: Sample data is as below (it will repeat across the whole log file, with some other log lines in between: EventTime: 2016-01-01...
View ArticleHow to troubleshoot error "idx=... Throttling indexer, too many tsidx files...
Hi, I noticed this popping up on my Distributed Management Console the other day: throttled - idx=ngccc_app_logs Throttling indexer, too many tsidx files in...
View Article