Can we display the total count of all fields inside a panel?
Hi, Is there any possibility to display total count of all fields inside a panel? We have pie chart that displays 5 fields with some values for each. Now we need to display something like "total" may...
View ArticleCalculating total duration for periods with events i.e, User activity time
Looking for help coming up with search to calculate the total duration there were events in a given time period - essentially a reflection (for the given use case) for how much time was the user...
View ArticleDBConnect Java Error
I've just installed Splunk on a new Linux Redhat instance, I'm not particularly familiar with Linux but I believe everything to be working fine. The one thing that has become problematic is with...
View ArticleHow to resolve error "clustersearchheadconfig': Searchhead is not enabled on...
Hi, I have a cluster search head configuration and due to HW issues at one of the SH, had to rebuild and added to cluster. Still i can see old search head details from the masternode "Indexer...
View ArticleAny advice on a solution for capturing SNMP traps via syslog to Splunk?
I'm looking for a third party option to capture and send SNMP traps via SYSLOG to Splunk for easier ingestion. I see a lot of free ware that could do this, but looking for recommendation of how others...
View ArticleHow to find the latest value grouped by field
I have multiple Queues and I have created a field X_Queuename, and in the message management logs, I get a number of messages processed at regular intervals and I created field MessageCount. I want to...
View ArticlePython SDK connection error: socket.gaierror: [Errno 11004] getaddrinfo failed
I am trying to connect using the example: import splunklib.client as client # Create a Service instance and log in with client.connect( host="http://myhost", port=0000, username="me", password="my...
View ArticleHas anyone else come across unexpected behavior using the (?J) mode modifier...
Hi, I wanted to see if anyone else had come across some strange behaviour when using the (?J) mode modifier in the 'rex' command. This modifier should allow you to use the same capture group name more...
View ArticleWhy am I getting 0 results when trying to filter my search by including a...
I'm facing an issue which I'm simply unable to understand I ran a search, simply by specifying the index I want to search in like this: index=my_index After this, I selected one of the values which...
View ArticleHow do I translate standard IPv4 addresses into a format with leading zeroes...
I need to do this to perform lookups on a customer database where the IP addresses are stored in the format with leading zeroes. Thank you!
View ArticleHow to configure the Splunk Add-on for Microsoft Windows to monitor Services...
Hi, In Event Viewer, I have a Proof Point needed for Windows 8.1, Window 10, Event Viewer, Application and Services, Microsoft Windows NetworkProfile/Operational Logs. Unfortunately, nothing is...
View ArticleHow to configure all nodes in a clustered environment to forward internal...
I have a Splunk clustered environment built, both indexer and search head clustering. I would like to know how to make all internal Splunk logs go to the clustered indexers. Thanks!
View ArticleHow to use a value created with eval to search my events for a particular...
Hi, I am trying to use a value from an eval as search data. I am searching my events for a particular line of text and not by a field or value. This search will return any events with the text...
View ArticleHow to determine which users and what apps are using summary events created...
1) How to evolve the summary searches and I want to know if anyone uses the summary events created by my searches? 2) How to determine what apps are using summary events created by my searches? 3) How...
View ArticleHow to create a drilldown to display complete ERROR TRACE details on a...
Hi, I have a table with URL and punct fields. I want to drilldown the URL cell and want to retrieve the complete ERROR TRACE Details for the selected URL. I don't want to show timechart (or) any graphs...
View ArticleSplunk App for Web Analytics: http_user_agent missing for browsers in...
Fields such as ua_family and ua_major are showing up as unknown for browsers operating in compatibility mode. I've tried updating the Python code from the TA-user-agents app, which appears to be what's...
View ArticleHow to plot requests per second for each service on a single timechart...
Hi, I'm new to Splunk and I'm looking for some help with plotting a timechart to show requests per sec. Thanks in advance. I currently have a dashboard panel that shows transactions (or...
View ArticleWhy am I unable to group by an xmlkv field?
I am trying to group events and get the delta _time. This search returns the events I want to group. The events are XML. I cannot get the events to group by the **clientid**. Here's what I have so far:...
View ArticleHow to extract from a value from XML and include it in the search?
Hi, I would like to extract the XML field value from an XML string from the log and include it in the search. What is the best way to do that? Currently, whenever a request is posted, I am searching...
View ArticleHow to edit my current props and transforms.conf to eliminate the first 10...
I have a log that I want to throw the first 9 lines to the bit bucket, but I can’t seem to get the transforms.conf to do it. It’s doing the opposite of what I want it to do – it’s eliminating...
View Article