Extract dates in a period
I need to extract the first and the last dates of a period to use to filter the values of a lookup table containing a list of dates. I have to do this because, in addition to the Timestamp, I have to...
View ArticleEval New Field and If statement
Hi, I wonder whether someone may be able to help me please. I'm trying to run a query which looks at a value in column A (detail.overall) and if they contain specific values insert a specific value...
View ArticleIs there a design pattern for join queries with simple data?
Hi, I am trying to write a query that seems a bit more tricky than it first looked like... ;-) We have a scenario where users log on to a service and the performs several transactions. In a day there...
View ArticleFreeBSD support
I have not been able to find any downloadable version of 6.3.x Enterprise for FreeBSD. Is this a temporary situation or has support for FreeBSD been dropped, and if so what was the reason?
View ArticleIs it possible to resolve a IP Adress from a URL in the search app?
I need to get the IP from a URL
View Articlehow to achieve indexer cluster Master Node High availability ?
Dears, i would to know if it's supported to have high availability of master node in indexer cluster or not ? and if yes how to achieve that . thanks in advance
View ArticleConverting epoch to HH:MM:SS
**Background** So I have two date fields - Date_Created & Acknowledge_Date both in the format "YYYY-MM-DD HH:MM:SS". I wish to work out the difference of these two times and then create an average...
View ArticleMultiplication of Two Fields
Hi, I wonder whether someone may be able to help me please. I'm trying to put together a piece of query which multiplies two numerical fields. I've looked through splunk answers and tried both of the...
View ArticleReducer doesn't get all events from mapper function in custom reporting command
I am trying to write a custom reporting command that finds the top words. It seems to work but I see some data isn't transfered to reducer from mapper. For example, I process 10 events and produced 100...
View Articleusing multiple tokens when calling another dashboard
I am currently calling a dashboard from another dashboard<html><style>.btn-primary { margin: 5px 10px 5px 0; }</style><a...
View ArticleHeartbeat alert for a forwarder that hasn't checked in? Vesion 6.3.0
I was under the impression that forwarders send a heart beat back to the indexers. How can I create an alert for if a forwarder that hasn't checked in within the last 5 minutes per example?
View ArticleFortigate App , unable to see data in dashboard
Hello ! I am using Fortigate App for Splunk and I am unable to see any data in Fortigate dashboards. When I perform search in Forgtigate app i can see the events. What do i have to check in order to...
View ArticleUnable to Start Django in webserver
Hi Splunkers, Suddenly Django apps are not working in the Search head and we get the below error root:644 - DJANGO: There was an error starting: root:645 - The SECRET_KEY setting must not be empty....
View ArticleHow do I extract this using regex?
I got a log containing "Step"-values in order: Step=11001 , Step=11018 , Step=12302 , Step=12319 , Step=12800 , Step=12805 , Step=12806 , Step=12801 , Step=12802 , Step=12305 , Step=11006 , Step=11001...
View ArticleOlder Scan Data with Splunk for Nessus
Recently installed the Splunk Add-on for Nessus and have it successfully pulling data from my scanner. It is only showing scan data for the current month though. Is there a way to have it pull data...
View ArticleHow to add a field to an event to verify when it has been output to a csv.
Is it possible to add a field to an event to verify when it has been output to a csv? Once I have completed a search, and outputted the results to a CSV file. This is to verify that it has been sent,...
View ArticleSizing for getting NetFlow to Splunk
Hello Splunker, We plan to get NetFlow data from cisco routers and switches by "Splunk Add-on for NetFlow". https://splunkbase.splunk.com/app/1658/ We are now sizing splunk architecture and cannot find...
View ArticleHow do I write a search to get 3 events for each eventcode form windows events?
I am running the following query to get events from windows event logs for the past month. I want to restrict the search to extract only first 3 events for each event code. Any pointers please?...
View ArticleHow can I run repeat then search?
splunk enterprise version : 6.3.1 earliest_time : "-5m", latest_time:"now" exec_mode:"blocking", search : "index= xxxxx------------------------- very complex." current my method like this javascript...
View ArticleCalculations Using Totals Row Only
Hi, I wonder whether someone may be able to help me please I'm using the query below to produce the screenshot as shown in the attachment: index=main auditSource=frontend auditType=Survey...
View Article