Is there is retention policy for summary index?
Hello , What is the retention policy of the default summary index "summary" .If there is where can I increase its size , is it on the cluster master ? or any other instance Thanks in Advance
View ArticleSplunk Add-On for Salesforce
I configured the Splunk Add-On for Salesforce, I am able to see the login history logs. But it lists only the login history of the Splunk User which was used to register the Add-On. I cannot see the...
View ArticleSplunk Web access via F5 Proxy
Hello all, I was trying to get our splunk instance from an address defined on F5. Simply, we'd love to have access from a url like https://splunk.example.com to https://internal-splunk.example.com:8000...
View ArticleHow to use eval within stats for data from tstats
I'm trying to use eval within stats to work with data from tstats, but it doesn't seem to work the way I expected it to work. I'm hoping there's something that I can do to make this work. Here's a...
View ArticleSearching two different records with one common field
Hi, I have two different records: [2019-07-22 10:32:03.819930 -0500] rprt s=2tuw17mc0b cmd=env_rcpt value=ken@gmail.com [2019-07-22 10:32:03.816879 -0500] rprt s=2tuw17mc0b m=1 cmd=env_from...
View Articlesplunk extract string after character
Hello everyone, I have a simple question about rex, but I am not successed this. I have a string like that "bllablla_toni" "bloobloo_jony" And I am want to extract the string after character "_". The...
View ArticleHow do I find the "Event" that directly proceeds the selected "Event"?
Let's say I preform this search. > index=mysecretindex host=mysecrethost* source="/my.log" error-3005 Then say I select an "event". How do I find the "event" that directly precedes (ordered by time)...
View ArticleDisplay transaction_id, Amount and Grand total of amount.
[2019-07-19 10:13:49,210] package=com.ABCDpay,class=PostingServices,service=ProcessAccountingInstruction,component=CBIS,category=business,code="11001",message="Accounting entry posted to core system -...
View ArticleHelp creating JOIN search
I'm trying to compare Field X from Index A with Field Y from Index B. Though the field names are different, they store the same value. IF value matches I need result from field Z from index B Below is...
View ArticleSplunk Machine Learning Toolkit: Maintaining older ForecastViz Color scheme
We prefer the color scheme and layout of ForecastViz provided in version 4.0.0 and would like it to be a permanent visualization in our own app. Can we do this by copying files? We did give it a try...
View ArticleHow to extract string after special character
Hello everyone, I have a simple question about rex, I have not been successful. I have a string: "bllablla_toni" "bloobloo_jony" And I am want to extract the string after character "_". The result will...
View ArticleHow to calculate the AVG of bytes_in per clientip?
Hi With this SPL, I have the average session time of each clientip in a web page. But I do not know how to put the average bytes_in for each clientip index=bigip host="F5-BOU-4K-A.entourage.intra"...
View ArticleWant to get data from Connexall Server to Splunk
Hi All, I am new to splunk and I want to pull data from Connexall to Splunk, is it achievable using DB Connect or is there any other App I have to use. I am a bit confused because there's no info...
View ArticleHow to use conditional comparison of two field values from the same event to...
Hi all I am trying to use the eval **case** function to populate a new field based on the values of 2 existing fields that meet certain string value matching. For example: | eval ValueY=case(Status ==...
View Articlehelp on issue with a savedsearch and a token from a dropdown list
Hello I use the code below in all my dashboard searches in order to filter results by SITE from a dropdown list and it works perfectly | lookup lookup_cmdb_fo_all.csv HOSTNAME as host output SITE |...
View ArticleSAP ETD integration with Splunk with hTTP event collector
we receive error 400 when we try to send the logs from SAP ETD over HTTP event collector to splunk. Does any one have experience to integrate SAP ETD with SPlunk over HEC.
View ArticleWhy only one condition works for where clause in a tstats search
Hi Splunkers, looks like something's changed with the new version, but my search with 2 conditions for the same field is not working`where NOT (Web.url=$cond1$ OR Web.url=$cond2$)` . Only if I leave 1...
View ArticleI already have a source of gauged metrics accessible by http. How can Splunk...
I already have a source of gauged metrics accessible by http. How can Splunk PULL those? I cannot PUSH those metrics. They look like this when the endpoint is invoked: metric_a 10.0 metric_b 0.02...
View ArticleDivide field value using "line break" as a delimiter
I have a lookup that I try to divide using a "line break" as a delimiter. It's kind of hard to explain so I attached a screenshot of what I would like to do. ![alt text][1] In the screenshot you can...
View ArticleI want to display the results as zero when there is no events in a timerange...
I have put few IP's in the filter and have created filed for those IP's but when they die in the statistics not returning as zero rather its showing nothing, its showing only the IP's that has count....
View Article