Dashboard auto-populate returning no values, yet search does.
Attempting to populate a dropdown for a dashboard. The source is a lookup file. CSV. It does have null values in the table for this field, and also the returned data contains spaces and / in some...
View ArticleWhat is the difference in total and Total? I get two different results.
index="YOURINDEX" |stats count by domain, id.orig_h | sort -count |stats list(domain) as Domain, list(count) as count sum(count) as Total by id.orig_h |sort -total | head 10 So if I change Total to...
View ArticleHow to monitor the HTTP Alert Action
Hi, I am trying to send data from Splunk to a Lotus Notes bases Incident Management. This system can recieve events as SOAP messages. So I bulid the required XML structure within the search as an eval...
View ArticleDuration between first occurence of one event and occurence of another event
I want to get the duration between two different events. In a simplified structure my events have a timestamp and a state (Online, Offline). Every minute a new event is added to the index that contains...
View Articleinactive receiver
So, I got the classic problem of not being able to push data from my forwarder to my receiver. Things that I've already tried: - check that the port is available and useable by chatting with myself via...
View ArticleHow to fetch the values from log using regular expression?
Hi Team, Need your help on below query. I'm spitting something like this in log: My Test Data|My Test ID|My Case Status|My verification code|My Comments on case The log has the data similar to above...
View ArticleSplunk Join query help
Im trying to compare Field X from Index A with Field Y from Index B. Though the field names are different , they store same value. IF value matches i need result from field Z from index B Below is my...
View ArticleSplunk ForecastViz Color scheme
we prefer the color scheme and layout of ForecastViz provided in version 4.0.0 and would like it to be a permanent visualization in our own app. Can we do this by copying files? we did give it a try...
View ArticleHow to set dashboard as public?
Hi everybody, I'm new in Splunk and I want to know, how can I create an app and how can I create a public dashboard. I have noticed here in my job that I don't have some options and always have to...
View ArticleIs it possible to create Slack alert attached to details in a thread?
Hello everyone. I have slack alerts with details that aren't relevant to every team member, and I would like to obfuscate those details by attaching them to the alert in a thread message. I haven't...
View ArticleWhat is the difference in total and Total?
index="YOURINDEX" |stats count by domain, id.orig_h | sort -count |stats list(domain) as Domain, list(count) as count sum(count) as Total by id.orig_h |sort -total | head 10 So if I change Total to...
View ArticleHow to monitor the HTTP Alert Action?
Hi, I am trying to send data from Splunk to a Lotus Notes bases Incident Management. This system can recieve events as SOAP messages. So I bulid the required XML structure within the search as an eval...
View ArticleSplunk Join query
Im trying to compare Field X from Index A with Field Y from Index B. Though the field names are different , they store same value. IF value matches i need result from field Z from index B Below is my...
View ArticleHow to get the time difference after converting unix time using strftime?
I'm currently trying to get the duration of some events, but when i use this search nothing is coming back: `| tstats count earliest(_time) AS first latest(_time) as last FROM datamodel=Vulnerabilities...
View ArticleTimechart not populating the result
I have a checkbox named host in which user enters the hostname manually, and then as per the name entered it should display the timechart.But it still shows waiting for input even after I enter. Can...
View ArticleTimechart not coming up instead a table is coming up for it
Timechart not coming up instead a table is coming up for it.Can anyone tell me what's wrong with the query.I want a timechart to be displayed instead of the table .Filter Entity (once results loaded...
View ArticleCancel Alert with Different Alert
I am looking to create a dashboard panel that is synced with our AV tool. The tool that we use is sending events to splunk when the AV protection is disabled and re-enabled. I dont know how to display...
View ArticleCIM, Data Model, and Tagging Help
Hey All, Running CIM in our ES instance and I had some questions around tagging or NOT tagging data. Whats the best way to go about excluding certain events from being tagged by a data model. Example:...
View ArticleIs the result of "strptime" in seconds?
Hi I would like to know if the results of "strptime" are in seconds? index=main sourcetype=access_combined host=vsalinux06 |eval kb=bytes/1024 | eval desired_time=strptime(req_time, "%d/%B/%Y:%I:%M:%S...
View Articlelookup with multiple values in one field will work?
hi all, I am wondering if there is a way in lookup tables for "key=value" should be "group=value1,value2,value3,value4" for ex., if I have below query and try to search for group using multiple values...
View Article