How do I add fields from a lookup table to my search event?
I have a lookup table geo-lookup.csv which has data in the format: IP, Coordinates, Location. My search has the field ipAddress which is used as the filter to match the IP field in the table. I want...
View ArticleHow to determine form is in submitted state or not?
I have a need where user is allowed to perform certain action (onclick of button) only when current form/dashboard is in submitted state through Splunk Web Framework / JavaScript. Current approach I am...
View Articlemakemv not working
I have the following single-value field (that really should be a multi-value field): puppy_name="Spot Dexter Jake" It really should be a multivalue field, like ... puppy_name="Spot" "Dexter" "Jack"...
View ArticleWhen does start_from=newest catch up ?
We've been experiencing latency and are trying to figure out ways to solve it. We forward events to a Windows Event Collector (Forwarder). Our inputs.conf looks something like this....
View Articleeval if(X,Y,Z) always returns Z whether X matches or not
https://docs.splunk.com/Documentation/Splunk/7.3.0/SearchReference/ConditionalFunctions#if.28X.2CY.2CZ.29 I'm trying to do this exact same thing but my search doesn't seem to recognize when...
View ArticleBasic Query using Dates
We have indexed fields like the following: fname (a-z*) lname (a-z*) pdate (name_month day year) policy ( strong or weak) I'm able to do a query and returned all of the usernames with a strong policy...
View ArticleCluster master in the cloud?
Consider a two data centre environment with good connectivity between (sub 5ms latency and multiple 40mbps links) and I want to implement search or index clusters to achieve cross site HA However,...
View Articlehelp on cascading table panel
Hi I am searching an XML example where when we click on a table panel another piece of the panel is opening could you help me please?? RGDS
View Articleextract multi valued field
HI everyone, the filed containst two values. one in each line. fieldname = value1 value2 How can we exlude the results with the fieldname contains value2.
View ArticleImport data without duplicates
I have a missing set of data. I've been given a new set of data to fill the gaps but there are some duplicates in the raw file to what is already in splunk and I need a way to import the non duplicate...
View ArticleHow TO EXCLUDE DUPLICATE EVENT FROM SEARCH QUERY WHICH IS PRESENT IN LOOKUP...
Hi All, I have drafted a splunk query (splunk versin 6.6.2 ) which gives certain fields and i tabulated those fields . I have field name (CommonName) , i want to exclude a particular event based on...
View Articlewhats preventing me to get the desired output
Hi Team, I am not able to get the values for **SLA Time** and **time_diff_epoch**. when i am running two queirs indvidually i am receivng the results. **index=XXX sourcetype="XXX" | rex...
View Articlehow to use Python App for scientific computing
Hi, I am going to install "Python App for scientific computing" but i do not know how to make use of that . Means how to import libraries and write code? can some point to documentation or tutorials...
View ArticleEmail results is failing
while emailing results i'm observing the below error: command="sendemail", 'rootCAPath' while sending email to:blah@blah.com I tried adding email server as well in query.
View ArticleJoin 2 search results where common field has multivalues in one search to...
Trying to Join 2 search results (where the common field has multivalues in one of the searches) to display in single table **Splunk Query:** index="XYXY" sourcetype="XXX_product_details_csv" | join...
View Articleerror in timechart graph
Hi all, We are having trouble regarding a query in which we need to display multiple metric_labels of a host in a single timechart. the query is as follows: index="xyz" source_host="host1" OR "host2"...
View ArticleWant to display count as zero in statistics when there is no events for a IP.
index=bc cs_host="collector" NOT 10.xx,xxx.121 c_ip=10.xx.xxx.233 OR c_ip=10.xx.xxx.234 OR c_ip=10.xx.xxx.248 OR c_ip=10.xx.xxx.250 OR c_ip=10.xx.xxx.42 OR c_ip=10.xx.xxx.43 |stats count by c_ip It...
View ArticleUniversal Forwarder is slow to manage large files
Hello, I use an Universal Forwarder to monitor syslog-ng logs. The logs are splited in 24 logs for one day (so 1 log per hour). Each size of the log is between 300 and 600 MB, the log are sent with 5...
View ArticleForward data to third-party systems from splunk
Hi, Splunk Version: 7.1.1 we are planning to send splunk existing data to third-party system called Champ. though i have gone through the below splunk Documentation, still i have many questions to...
View Articlebin/bucket: Where does the window start? I need this to start as the first...
Hi, the **bin** command conveniently provides time slots. But where do they start? It seems always on the next fitting clock time like 10:00, 10:05, 10:10 for a bin of 5min. But, if I want to identify...
View Article