how to get a time chart for the queuedepth for a given queue name
I need to get a timechart for the data define by the search query sourcetype=bsgmc tranStatus="'ENTER'" | stats count as incomingcount by queueName | table queueName incomingcount | appendcols [search...
View ArticleHow to display different colors for different values at certain predefined times
I need to display different colors of the rows based on the returned value .Also the color should be dictated by time define in a lookup definition . Ex Monday 12:00AM to 11:PM 100 should be shown as...
View ArticleHow to Export Splunk ICON Dashboard to PDF?
I created one splunk dashboard with icons but when I export dashboard to PDF, those icons are not visible.
View ArticleSplunk with Menlo Integration
Hi All, Currently we are working on Integration of SPlunk with Browser Isolation Security tool called Menlo. Currently, I can't find any TA-'s in Splunk base for integration. As per Menlo...
View Articleexclude events based on field
Hi, Using filemonitor. we are collecting data from a file which sends data of all nix servers. Now we want to only exclude the linux servers. One of the field in teh events have the Ip address of the...
View ArticleCreate dashboard and relatorio
Hello, I would like to create 03 reports, but I have difficulties. What happens, I need to create: - Calls that are not answered by extension; - Calls that are answered by extension successfully; -...
View ArticleHow to get field value and post it in link (Dashboard)?
Hi, from search ```...| timechart count by status``` maked spikes diagram in dashboard. Example output search: ``` _time 200 300 400``` ```08/09/19 5 8 4``` ```08/07/19 1 3 7``` How to get status name...
View Articlehelp with custom search command (wait) needed
Hello, I need to apply 60 sec delay between two SPL commands, which start and collect the DB trace per dbxquery. In between there should be 60 sec time. As I did not find anything corresponding, I...
View ArticleHow to list of search results with a value > X in a specific search field
Hello, I have the following field:= message.msg: > msg: before send to xxx, payload = {"id":"abc123","userId":1,"currency":1,"amount":"-54"} I would like to find all search results where amount is...
View ArticleLocked out accounts not replicating accross SHC
When a user locks out their account on SH1, it never replicates to the other members of the SHC. Creating accounts and editing accounts and all other associated edit type actions do replicate however.
View ArticleSplunk FSCK exitCodes
Hi, does anybody have a list of Human readable reasons to the splunk fsck exitCodes? Specifically 17 and 3. Or where can i find a list? Kind, F.
View ArticleREGEX field extraction help - Line in log starts with...
Trying to extract the value of the 1st WORD in line 3 of each log (i.e. FAILURE or SUCCESS) and put that into a field extraction called "Status". The 3rd line will start with that word, then be...
View ArticleInvalid term on the left hand side
Hello, I have the results from a dashboard dropdown feeding another dropdown; and I receive this error. There is also a Timepicker input. **Error in 'search' command: Unable to parse the search:...
View ArticleWhy is sub-search getting auto-finalized after 60 seconds and triggering...
Hi, I have the below search query to monitor the process/instances running on our servers and the sub-search within the search is getting auto-finalized and the false alerts are triggered. Below is the...
View ArticleGuru Needed: I need to find a way to compare files and then create triggers...
Sorry in advance this is such a long post so I'll try describing this in a sentence or two in case this is so easy you don't need to read the short novel I wrote below it to figure this out. Q. I need...
View ArticlePossible to substitute numeric data value in a cell to a non-numeric value
I'm not a dashboard expert however, from a search I have the following setup: | rex field=msg.Properties..FileName "(?[\w-]+\.apm)" | eval EventName='msg.Properties..EventType' | search Filename |...
View ArticleNeed assist with regex for extractions
I am trying to get some name space information from the clients inputs. the value I want is namespaceName. I am unfamiliar with regex and would like an assist if possible. This is the field I want: ,...
View Articleprops.conf not effective
Hi, this issue has been mentioned here before but still my properties is props.conf are not effective. Here is the configuration I'm using : Inputs.conf : [default] host = bb1322454b5f...
View ArticleHow to set a single sourcetype Max Events
I have a single sourcetype that has large log files. I don't want to change the global MAX_EVENT limit, but instead, change the single sourcetype MAX_EVENT limit to a larger number. Is this possible...
View ArticleDoes the "Show Source" Event Actions link not work in results after using a...
Leave it to the DEV guys to find the weirdest errors...but here's the deal. I've got a developer who needs to see his events in context, hence the use of the Show Source button. Except that he's using...
View Article