Compare field between events for change
I've been working on a query for Cisco ISE to compare what authorization devices are getting and to count when their authorization changes. Only the two most recent authentication attempts are of...
View ArticleRestore frozen data
Hi currently i am restoring the data from frozen bucket to thawed bucket , i am copying the data from frozen to thaweddb then i am rebuilding the buckets to thaweddb but the location where my db...
View ArticleSplunk ES - Configuration file settings may be duplicated in multiple apps
Just started getting this warning today. ![alt text][1] Configuration file settings may be duplicated in multiple apps: stanza="Notable - Events Over Time" conf_type="savedsearches"...
View ArticleWeek details to be dispalyed in a filter ex: week1(1st-7th apr) , week2 (8th...
Hi All, I have a reported date time field which i am converting and displaying as a month filter - which contains values as Jan -2019 , Feb -2019 ex : Reported date time field = 05/05/2019 16:29...
View ArticleHow to filter results in timechart statistics table?
EventID = “ok” | timechart span=1h count(EventID) by Login Every hour I need to display only those values, where count(EventID)>5 I have used filter command (where) after timechart command but it...
View ArticleNeed input stanza for a shared drive
Hi Team, I have a following path which is located in a shared drive so how should i need to write the inputs.conf (monitor stanza).. i.e index=xyz sourcetype=abc So the full path for the log file...
View ArticleHow can I increase the speed of parsing on my Heavy Forwarder?
Good day, sirs! What system resource do I need to increase to increase the speed of parsing of my Heavy Forwarder? My instance uses 'batch' monitoring to monitor 21 folders for ingestion but it seems...
View ArticleDo Trellis also have Drilldown capability?
![alt text][1] Hey Folks!, So this is the Status Indicator Visualization of 1 of my search (trellis view). Now as an addition, how shall i move further to configure the click on this separate...
View ArticleHow to link One Dashboard to Another Dashboard
How to link One Dashboard to Another Dashboard, The Stanza Which we used to link the Dashboard
View ArticleIs there setting to always enable auto_pause option?
In 2010, the following Answers refered that there isn't a setting to always enable the `auto_pause` option, and that it is necessary to put this setting value in the URL every time....
View ArticleWhat happens to my posted questions, if I delete my Splunk Answers account?
I have tried going through Terms and Conditions but nowhere I could find. Just want to know what happens to all of my posted questions on Splunk Answers, if I delete my Splunk Answers account. Will the...
View Articlehelp for monitoring a CPU abnormally charge following lasting conditions
hi I use the search below in order to monitore the processes which use more than 80% of CPU index="TUTU" sourcetype="perfmonmk:process" | where process_cpu_used_percent>80 But I want to monitore...
View ArticleLookup Table Comparisons
How can I go through all of the values of one field and compare each to all values from a lookup table? For example, I would like to take each values of "memberOf" from an ldapsearch and compare to all...
View Articlerex - extract 2 single values from set of numbers
hello guyz, new to splunk was to figure out solution for this. I have logs like below need to do " rex" and extract 2 values (1st and 4th) from each log with set like [23,23.000,89.375,35,0],...
View Articledb connect, trying to use value from database in earliest and latest
Hi, I have a dbxquery and search "|dbxquery query="SELECT max(_time) as max_time_in_db FROM MY:TABLE" connection="my_connection"| eval start_time_temp =strptime(max_time_in_db, "%Y-%m-%d...
View ArticleSplunk enterprise default apps in etc apps
Dear Splunk community, I searched for a list of __default apps__ that ships with the enterprise package, but there is not a list of them. such as: - alert_logevent - alert_webhook - appsbrowser -...
View ArticleHow to calculate Percentage of particular events out of total events.
I want to find the percent of events with the key word error out of all the events recorded during a time window I have the following query in place but the result generated is 0.0000% index=XXX "*" |...
View ArticleHow to form a trend table for events
I want to have a search for a particular keyword say "error" being calculated from the events and the output should be in the form of table which shows the count for the particular event for last 7...
View Article"No possible srcs for replication"
Seeing this message for the first time in our bucket status report on the Replication Factor page. "No possible srcs for replication". We are running Splunk Enterprise Version: 7.1.3. Besides upgrade,...
View Articleexternal search command 'ldapsearch' returned error code 1. Script output =...
Hi, I have installed Splunk Supporting Add-on for Active Directory to run ldap search command. After installing the TA and trying to run ldap search command and its not working. Error: "external search...
View Article