Multiple tstats with prestats append=t not working in ES app
Hi, I'm querying a datamodel X and I need to append results with same fields names from datamodel xx using. I'm trying with tstats command but it's not working in ES app. example search: | tstats...
View ArticleNeed to setup web ui to listen http on 8000 and https on 8443
I need to be able to have port 8000 listen for just http and 8443 for HTTPS. How do I accomplish this?
View ArticleNeed Help with sum over two columns without subsearch
Hi Guys, I need some help with a stats command. Given is Data like this csv Round,Player1,Player2,ScorePlayer1,ScorePlayer2 1,Harry,Tom,5,1 2,Eva,Mike,1,0 3,Harry,Eva,3,4 4,Mike,Tom,4,6 5,Tom,Harry,3,2...
View ArticleSyntax Error on various screens when data is good
By simply opening a valid Extraction/Transform and pressing the Save button, we receive the error "Your entry was not saved. The following error was reported: SyntaxError: invalid character." What's...
View ArticleMy dashboard modifies the search command "sor"t and "fields"
Hello, I have a search rule that is perfectly working: .... | sort - 0 _time | fields - _* | fields data1 data 2 data3 I have created a dashboard and integrated the rule. The result of the rule is...
View ArticleHow to handle parentheses with REGEX in transforms.config as part of a...
hello All - I have been struggling with a regex mystery that I cannot figure out, and am hoping for another perspective to help me solve this riddle! I have a stacktrace that is being treated as a...
View Article,How to configure Webhook Plus alert action to support multiple URLs?
,It seems like the Webhook Plus custom alert action can only be configured globally and not on an alert by alert basis, therefor only supporting one URL. Is there a way to configure this action for...
View ArticleJobs "Dispatched at 12/31/69" only appear from certain (low level) users....
I feel that his may be an obscure question, but I have nothing to lose by asking. There have been one or two previous questions about the jobs listed as being dispatched on 12/31/69:...
View Articlemetadata used in subsearch
I'm trying to join hosts from a .csv file to the results of this metadata search: |metadata type=hosts | eval time_diff = now() - lastTime The .csv file will have some hosts that don't exist in the...
View ArticleIs there a lmit on the amount of blacklist entries under...
Is there a limit on the amount of blacklist entries that can be placed under " [WinEventLog://Security]" stanza. It looks like I can only add 9 entries (blacklist1= to blacklist9=) If I add...
View ArticleHTTP Event Collector and curl: How to pass the hostname variable in Chef?...
Hi, (Not Splunk questions per say...) I'm setting up the HTTP Event Collector, so that our chef recipes can log to Splunk and we can have stats on it's usefulness and such... I was able to communicate...
View ArticleHow to filter out the first 2 lines of an event?
I have a VB script to get Local users from Admin group. The event data from this script by default adds the below 2 lines to the event. Microsoft (R) Windows Script Host Version 5.8 Copyright (C)...
View ArticleHow to size and grow a Splunk deployment in a small shop?
Hello, I've been using Splunk for less than a year and I'm looking for real-world insight on how to size and grow a Splunk deployment. I've read the Splunk Capacity Planning manual and the admin guides...
View ArticleCluster Map mouseover details display off the screen. Is there a way to...
Hey, I have a search which displays piecharts over locations in the map for values based on states in America. When I hover over some of them, they often leave the screen and can't be read. What/if...
View ArticleHow to install an ssl key from a trusted certificate authority?
The docs clearly show how to install a self-generated ssl key, but we have a cert from a TCA. I can't seem to find docs on how to install this. Thanks in advance
View ArticleSSL Forwarding: Why does a Splunk forwarder need its own certificate?
outputs.conf on forwarder gets its own cert. E.g. something like [tcpout-server://192.168.1.100:9997] sslRootCAPath = $SPLUNK_HOME/etc/certs/cacert.pem sslCertPath =...
View ArticleService discovery and monitoring with Splunk
Hi, I would like to have a way to register web services and see the relationship between them, have basic information like a health check on the service. The thing is,the services I want to monitor...
View ArticleWhy does Splunk got stopped frequently on all indexer in Cluster environment...
Hi, We are using Splunk 6.4.2 and created cluster environment with three indexer on windows servers 2012 R2.However Splunk got stopped frequently on all indexer. Please assist us to sort out this...
View Articlehow to add custom visualization in dashboard and where we need to add the js...
I need to create the dashboard as below: I am giving the reference link: **http://bl.ocks.org/NPashaP/96447623ef4d342ee09b** I have added js and css files in splunk **C:\Program...
View ArticleWe have two indexers in our cluster. Search factor is 2, and the Replication...
I have contacted splunk support and they suggested to delete buckets in colddb directory whose names starts with numbers. I have checked splunk/var/lib/splunk/defaultdb/colddb in that indexer and found...
View Article