sendalert logs not visible in _internal index
Im executing my custom alert action with `sendalert action_name` command and it executes correctly. I can see the output in job logs but it doesnt get indexed in _internal index as standard alerts...
View ArticleIs it possible to modify medata?
Hello, I would like to know if I can use Splunk to access and modify metadata. And if the answer is yes, which plugin or addon should I use? Thank you for answering.
View ArticleStrict Time Retention Policy
Hi, we want to implement a strict 120 day time retention policy for some indexes. So this config should be fine. For my understanding it´s mandatory to set als MaxHotspanSecs for 24h (of course the...
View ArticleTimechart with top values split by host
Hi. Let me provide some backstory. I've been assigned some dashboards. I need to make them interactive, but one has about 250 servers and the other has nearly 5000 servers. I get truncated results for...
View Articlehow do I remove the single quotes from my key value pairs,how to remove...
I have a logs like below and this is not a JSON logs, indexing through HEC. Key1='value1' Key2='value' how do I remove this single quotes from value? Regards, Thippesh
View ArticleSite-by-site Upgrade by skipping some versions
Hello All, We have a clustered environement in multi-site running Splunk 6.6 and we would like to upgrade it to 7.2. I see in the documentations that a site-by-site would be possible only in 3 steps...
View Articleusing DB connect how to enter data in oracle DB for "Date" data type
Q: using DB connect how to enter data in oracle DB for "Date" data type? i am trying output data from "splunk DB Connect " to oracle Database for "DATE" datatype. For other data types (like VARCHAR) i...
View ArticleSplunk DataModel Unknown Fields
Hi Splunkers, Is there a way to extract all unknown fields in a Data Model with a single query ? Have a good day :
View ArticleSet Alert Time Range to snap to yesterday at 21:00
Hello I have an alert that runs on the Cron expression 00 2-19 * * 2-6 Starts at 2 am - runs Tuesday-Saturday and runs every hour until 19:00 My Question is for the Time range how can i set the search...
View ArticleElb unhealthy hosts
i wanted to create an alert when unhealthy host count is greater than 2 for an elb in splunk looking for help to create the query
View ArticleWhy is search command TERM not working in one system but does in another?
We just found out that the search command TERM does NOT work when used on extracted fields in one of our Splunk Enterprise environments. But it does in another. The 2 systems have some different...
View ArticleDashboard not loading with default time
Hello, My dashboard doesn't load with the default time that I've set in my shared time picker. Instead, it always loads with this one fixed time. How do I fix this issue? Please help! Thanks
View ArticleERROR PasswordHandler - Decrypted password from...
When attempting to SendAlert to trigger action from our Malwarebytes Splunk App. I receive the following Error in Splunkd log "ERROR PasswordHandler - Decrypted password from...
View ArticleFailed to checkpoint for channel='security'
We discovered that in early April, around the 7th, we had a HUGE increase in forwarders reporting this error: **ERROR ExecProcessor - message from ""C:\Program...
View Articlehelp for formatting a pie chart
Hi I use the search below in order to display the data in a pie chart | inputlookup host.csv | lookup PanaBatteryStatus.csv "Hostname00" as host OUTPUT BatteryTemp00 | where BatteryTemp00 > 30 |...
View ArticleHow to create Dynamic Date selection to compare report results for the First...
Hi Everyone, I am trying to compare viewers for first day of the month and Last day of month . Here in this below report, I am entering dates manually every time while running a report to compare...
View ArticleForwarding Azure App Service Logs do SPlunk
I have an azure app service with CUSTOM text log files (stored locally in app service filesystem). How can I index them in splunk? I was thinking about the following, but none was working: * using...
View ArticleWhich props go where when indexing json?
I have json log files that I need to pull into my Splunk instance. They have some trash data at the beginning and end that I plan on removing with `SEDCMD`. My end goal is to clean up the file using...
View Articlequery reg directory files monitoring
Hi team, I have some directory paths as below **path** arrival_time home**/vivek/file1.txt** 12:30:00 05-05-2019 home**/pench/file2.txt** 01:00:00 05-05-2019 i just want to read the highlighted values...
View Article