hellp with charting search results
hello, i'm hoping to get help on this. been working on it for several days, so i thought to reach out to the experts. i am trying to chart the percentage of a process (up/down). here's my code: search...
View ArticleSimple Splunk Lab Sizing
I have setup Splunk free on a Ubuntu server VM in my home lab. The VM is setup with a 100gb disc. I would like to configure splunk to make use of 50gb of that storage and just delete oldest data as the...
View ArticleCan I use the same search but divide the results of one time frame with another?
How can I use the same search to divide the results of a specific time frame with the total daily sum to get a percentage? My base query would be this: (index=epackage OR index=dxprd01-epackage)...
View ArticleSplunk Windows App not showing all hosts
I have inherited a very old version of splunk - started with 6.2.5. I upgraded it to 7.0, which broke the Windows Infrasture app. I then upgraded to 7.3.1, and added the new verions of the Windows...
View ArticleMissing logs - Splunk Connect for Kubernetes
I have Splunk Connect for Kubernetes deployed in my GCP Kubernetes clusters. I see an issue where some of my container logs are not being indexed in my Splunk deployment. Looking at the GCP Stackdriver...
View Articlehow to map according to count using geostats
I'm trying to get the count using geostat and visualize that in a map index="history" source=Zanzibar | lookup host_geo.csv host| stats count by geo The above query works and it gives output as geo...
View ArticleSplunk integration with OneDrive
Hi All, I know the current o365 Add-on available supports audit logs from sharepoint, and exchange but is there any wy to get one drive logs as well?
View ArticleSupport on testing Splunk Enterprise as a SIEM
I have just installed Splunk Enterprise 60 day trial version and I want to test it for Cybersecurity purposes, I would like some support on do this as fast as possible, for that I would appreciate your...
View ArticleS2 Search error
My customers are getting error below for their searches; *[splunk-idx-1] Streamed search execute failed because: Error in 'S2BucketCache': _openImpl(): received HTTP status code=503...
View ArticleHow do I trigger mysplunk:8000/en-US/debug/refresh API without having to...
Hello, When I go to **mysplunkhost:8000/en-US/debug/refresh** I see a "refresh" button that I can click on to reload my recently modified configuration files. As you can see in the picture. My question...
View ArticleEmail Line Break
Hello, We have an alert that sends out a notification to a user via email when they have a vulnerability. The email contains the CVE and the action to resolve it. The issue is that its putting that all...
View ArticleWhat is this where clause by time doing?
Is this requesting all the records, from 3 minutes ago? index="my_index" source="bandstats" recordType="core" | dedup coreName | where _time < (now() - 180) _time = 1565372570 (minus 3600) now =...
View ArticleWARN - TailReader - Could not send data to output queue (parsingQueue),...
Hello All, "WARN - TailReader - Could not send data to output queue (parsingQueue), retrying" ^ I'm seeing this message in my _internal splunkd logs from my indexer in my UF metrics log I see...
View ArticleHow to create email line break for an alert
Hello, We have an alert that sends out a notification to a user via email when they have a vulnerability. The email contains the CVE and the action to resolve it. The issue is that it is putting that...
View ArticleWhat are some examples of saved search via python API with dispatch params
I am looking for an example of dispatching a saved search job with custom **latest** and **earliest** boundaries. A bit of history: my python program finds a Saved Search by its name and instantiates a...
View ArticleDashboard Inpus will not dynamically update with field values to select from
Ok... I have search far and wide and I'm unable to get any Input to populate with the Department field value. I'm pretty sure it is probaly something simple, but I just can't see the darn thing! Any...
View ArticleS2: Receiving search error message
My customers are getting error below for their searches; [splunk-idx-1] Streamed search execute failed because: Error in 'S2BucketCache': _openImpl(): received HTTP status code=503 description="Service...
View ArticleIs there a way of determining your IOPS speed from Splunk?
Our virtualization team has been less than honest with us in the past and have told us we have "fast" storage. We've requested 3,000 iops Is there a Splunk query or monitoring console tile that can...
View Articlehow to search events within few minutes of given date time
I have been looking all over and still not able to get this working. I saw few links here and still none helps. Lets say I have a date time of "07/17/2019:15:01:45". so i want to search all events few...
View Articlereports are failing in search head cluster
I see below error message in one of my search head cluster,can you please assst me 08-10-2019 12:01:16.072 +0100 WARN SearchOperator:kv - Could not find a transform named REPORT-apache_access...
View Article