Splunk Add-on for Microsoft Cloud Services - Compatible with Free?
Is anyone running the Splunk Add-on for Microsoft Cloud Services with Splunk Free? We had it installed and working, then about the time our Enterprise trial expired, the add-on stopped collecting data....
View Articlecolor lines in dashboard by timestamp
hello is it possible to color lines in dashboard by timestamp so the new events in the table will be colored ? for example i have table with many columns, one of them is SerialNumber im running the...
View ArticleCheck my work on my indexes.conf file for metrics?
All, Can you check my work here? Provisioning a metrics index where I am hoping to retain the data and keep it active for 3 years. Anything missing? I am only expecting a 30-40 megs a day of metrics...
View ArticleExport button not working
I have a dashboard panel which creates a tabular/statistical table output. I want to be able to Export the results using the tiny Export button on bottom right. When this panel is populated with direct...
View Article"As" command modifier not working
New to Splunk. Trying to use the "as" command modifier to change the name of a column. However, the modifier is not being highlighted or changing the column name. Here is my SPL string:...
View Articlebootstrap script to install the Splunk on ec2
Hi, I am trying to install Splunk on EC2 using bootstrap script. i.e, Splunk should be installed as soon as EC2 instance is being created. Does anyone have a script or a process to install Splunk in...
View ArticleHow can I redirect mcollect to a different set of indexers?
All, I have a |mcollect job that runs every night. I'd like the the results to goto a different indexer rather than the default on my search heads. How do I specify the metric sourcetype in a...
View ArticleWhy am I Getting Duplicated Data Using HEC Ingestion Method
I'm getting duplicated data when using lambda function to send events from cloudwatch to splunk through HTTP Event Collector. I didn't enable the indexer acknowledgement . Does anyone have the same...
View Articlehow to find sum of the latest values of the fields by a certain field ?
I have 2 sourcetypes from Nexpose vulnerability data. One sourcetype is Asset details and other sourcetype is Vulnerability details. Both this sourcetype has common field called "asset_id". Field...
View ArticleCPU Usage Prediction of later 15 days... of a month
Hi, I am trying to create a dashboard that shows % CPU Processor time avg (Value)..but the query i used to only giving me future values for 3 to 4 hrs of predicted values only.. but i need it to show...
View ArticleReplace every 2nd pattern with carriage.
i have a field with dates in single line ( could be many dates ) ex: 2019-04-11 23:15:58.547 2019-05-02 10:11:22.833 2019-05-03 10:21:27.0 need help to replace every 2nd space with carriage, so each...
View Articlesplunk with Docker in windows
Hello is it possible to run splunk in docker container in windows ? if yes, can someone link me to the installation guide ? thanks
View ArticleRestrict Search Terms
We have some external users, whom we want to be able to see some dashboards we have created. However, we do not want them to be able to make search on the search-head. e.g. Dashboard item has a query...
View Articleincremental part count per hour
hi! in my current project, I have to create an area map where it shows the number of parts per hour, I was able to display that. But I also want to display a target part count for the day and for each...
View ArticleAdd a new field to event and collect it after
An index receives events which are reviewed by an internal team. Some events needs a new status - I consider that by adding a new field by using __eval__ command and adding it as a new event entity to...
View Articlenslookup TXT queries with Splunk
I am trying to see if its possible to run nslookup -q=TXT domain 8.8.8.8 so i can compare the results of the output to an existing lookup csv file.
View ArticleFortinet Fortigate log direct ingest into Splunk
Hi Guys, Can i just check is it possible for me to direct ingest the Fortigate Fortinet logs in to my Splunk environment ? Meaning without using Forwarder + syslog server (method), like the following...
View ArticleXML search form - Allow wildcard only for specific dropdown input
Below search form - prevent the user from entering "wildcard " inputs in the text field. - if user entera any wildcard or blank value in text field - it will show error message. Now, in this form I...
View ArticleHow to detected a Deviation of 20% vs weekly average?
Hi team! I need to do that: Eventcode = 4624 and 4634 with Logon Type = 10. An event will be generated if an access volume above normal is detected. Deviation of 20% vs weekly average. This is my...
View ArticleFacing Issues To Run A Report On User Access
Hi Experts, I have admin permission to login into the splunk. So whenever I run a report, it's taking hardly 2 seconds or less than that. So i have shared that report with user only read access mode....
View Article