set span in timechart based on value from time picker
We have a dashboard panel showing network traffic. I want to override the default values used by Splunk. e.g. last 60min: span=1m last 24h: span=15m last 7 days: span=1h last 30days: span=4h all time:...
View ArticlePush analysed data from splunk to external Database
Hi Experts. I have Splunk dashbaord in table format, want to push this data to some external Database. Is there any option to do this??.
View ArticleCan we get Bamboo build stats into Splunk?
We have [Jira Add-On][1] which allow us run Jira API to get Jira stats on Splunk. Similarly is there any Add-on or custom solution available on Splunk for Bamboo to track stats like - How many...
View ArticleAutomate backfill script
Hi, I need to automate the backfill script for about 60 searches.. Is there a way to put all 60 searches in a single script and then make them run one by one(wait until previous one is done before...
View ArticleI have a column in a table which shows time in UTC. How can i import this...
My SQL server is in CET All datetime columns are imported in CET. Now I have one table in which the datetime is stored in UTC. How can I import this UTC time column in DB Connect 2 so DB connect knows...
View Articleget rex expression
my regex expression works properly but I since I'am newbie in splunk I didn't know how to get the rex expression. I would like to extract users that do not begin with PC, PRT and SRV. My regex...
View ArticleWhere is splunk_for_vmware_forwarder_appliance
I feel dumb even asking this. But, I am trying to get the Splunk app for vmware up and running. I am told to create the virtual machine splunk_for_vmware_forwarder_appliance, but I can not find this...
View ArticleHow to edit my search to return all events from the previous day?
HI , I'm trying to create a Splunk alert to generate an email based on job failures. My SPL still retrieves records beyond 24 hours even after filtering them, I see redundant records in my alert. My...
View ArticleCIS Critical Security Controls: How to troubleshoot these parsing errors in...
/opt/splunk/etc/apps/cis-controls-app-for-splunk/metadata/default.meta, line 11: Error parsing setting: = ====== /opt/splunk/etc/apps/cis-controls-app-for-splunk/metadata/default.meta, line 154: Cannot...
View ArticleHow to search VPN logins during certain hours for a specified date range?
I have a search that tracks VPN logins for known/unknown users that works fine. I am trying to filter for only logins during a specific time which for me is 11pm to 5am for whatever specified date...
View ArticleHow to create a consolidated report?
I have 5 input CSV files received everyday. How can they be appended and stored everyday as one report when received? On any particular day, I want to have the details extracted from the 5 CSV input...
View ArticleAccessing apps in 6.4.x results in "Error connecting: error:14090086:SSL...
After moving to Splunk 6.4.x, the following error can occur in the UI when navigating to: Apps —> Browse more apps Error connecting: error:14090086:SSL...
View ArticleSplunk IT Service Intelligence: Why am I not getting any data in the...
I'm using Splunk IT Service Intelligence and this search: (index=mtparam mtparam=Fabwide:NON-DELETABLE sourcetype=Realtime30MinPaceByArea) OR sourcetype=*RUN_count* | stats max(RUN_COUNT) as RUNCOUNT,...
View ArticleSplunk Java SDK: How to get results from a base search to use in 2 post...
Here is our situation: Given that we have a base search, using the Splunk Java SDK, we would like to do the below two steps 1) execute the base search and get the results with 'post process search 1',...
View ArticleIs it possible to create an event type field within a source type?
Hi, I was wondering if it was possible to create a field within the source type that would show the event type. Here is a record from my log: 2016-06-05T19:55:10,144 INFO LoadProperties:225 -...
View ArticleWhy is my transaction search with earliest=-2d not returning all grouped events?
When I run the below command, it returns some of the grouped events, but not all of them. It will not return the most recent events. If I change to `earliest=-1d`, it returns events (more recent) than...
View ArticleSplunk 5.x App for Microsoft Windows: What is this "app=win:unknown" being...
Hi Splunkers I am getting this value of field app=win:unknown being captured in 63% of Windows security logs in Splunk. What does it mean? Other values for app fields are : win:remote win:local Thanks,...
View ArticleWhere is the local version of an appserver directory?
I see that appserver folder resides in the app's home dir. How does it manage the local changes, for example, a .js file? Aren't there default and local versions of it? If I create an appserver...
View ArticleHow to edit our inputlookup search to only return data for the last 3 months?
Hi, We are looking for a search which would give availability for the last 3 months. We came come up with the search below that would give availability for the last 12 months. This search is built from...
View ArticleIs there a Technology Add-on for Sophos UTM/Firewall SG 430 that is CIM...
I have a some problem with “Sophos UTM/Firewall SG 430” because I searched in splunkbase.splunk.com to find the TA for that, but Splunk does not provide Technology Add-ons for this that are...
View Article