Display Only the Total Row
Hi, I wonder whether someone may be able to help me please. With some help along the way I've written the query below: index=main auditSource=frontend auditType=Survey detail.overall!="None" | replace...
View ArticleHow to use iframe to include splunk dashboard in third party software
Hi all, i would like to know if it's possible to use iframe to show splunk dashboard in third party app or not , and please if yes how can i do that thanks in advance
View ArticleFilter events before indexing doesn't work with nullQueue
Hi, I only want to index files containing the string #! in the first 5 characters of the file. Therefore I created the following inputs.conf: > [monitor:pathname]> blacklist =...
View ArticleHow to swap out underlying search in dashboard, using Simple XML
Hi, I want to do this, but I'd prefer to do it in Simple XML. Is it possible? http://docs.splunk.com/Documentation/Splunk/latest/AdvancedDev/TableChartDrilldown#Swap_out_the_underlying_search I have a...
View ArticleHow can i Split a String?
How could i split a string from a field? Example: url="https://www.google.de/images/hpp/ic_wahlberg_product_core_48.png8.png" --> url="https://www.google.de" I have to extract the Website itself...
View ArticleHow to setup _time for .csv datainput?
Hi, I want to upload a csv file and use a the field "Period" (e.g. 2015-08) for the _time field. I've created a sourcetype and defined the timestamp extraction like this: time zone=UTC timestamp...
View ArticlePlease help a REST API noob out: Using the REST modular input to index data...
I'm trying to bring in web monitoring reports (number of runs, uptime, number of errors, etc) as a Json format using a rest call to the monitoring provider (Rigor), who has a rest API. I've still got...
View ArticleQuestion regarding advanced conditional attributes in savedsearches.conf
This is the first time I am using an advanced conditional alert in saved searches.conf. I'd like to get some feedback about current configurations I have around monitoring scheduled jobs. If a job is...
View Articlesplunk search alert not showing "today"
I have set this alert up, which i want to show me the results of "today" index=_internal source="*license_usage.lo*" type=Usage pool="Linux Pool"| stats sum(b) as bytes | eval gb=bytes/1024/1024/1024...
View ArticleHow to correctly parse the sourcetypes when indexing one Symantec log file...
Splunk ver 6.3.1 I am working through the Splunk Add-on for Symantec Endpoint Protection install documentation and I have a question about he inputs.conf file. The documentation shows the Symantec log...
View ArticleHow to configure DB Connect v1 to support TLS encryption?
I am using DBX v1, and would like to take advantage of splunkd using TLS 1.2 (this is in [sslconfig] for server.conf): ## ./etc/system/local/server.conf: [sslconfig] sslVersions = tls1.2 But when I do,...
View ArticleCustom Application
Hi All, I need to create a custom app for reading F-secure Antivirus data ,Could someone please help for the same Currently there is no app for F-secure Antivirus
View ArticleEffects on a distrubuted deplyment diabling ssl on port 8089
To engineer one of my DATA sources using the RESTapi i have to disable HTTPS in server.conf. Could any splunk-ers tell me, what are, if any, are the effects on Splunkd and my deployment process? I...
View ArticleNot retrieving events from files
I had a forwarder on an AIX server sending a number of log files to my Splunk Indexer and all was working well. Then debugging got turned on on the application producing the log files, my Splunk...
View ArticleHow to use eval function in search in CLI
Hi all, I'm currently trying to run a search within cli (which works perfectly on the webgui). The search is the following: sourcetype=wineventlog:security (EventCode=4776 OR EventCode=4648 OR...
View ArticleExtract pipe delimited fields in Splunk
Hi All My search results from Splunk look like below 2015-11-13 06:32:33,949|a.abcd|DAS|callabcd():getTime|0.296|SUCCESS|Data : 254|1447414015145[B@8d7c046b8089602570758821847|null|null I want to...
View ArticleIgnore Dynamic KV Creation
Hi, I'm trying to get to grips with CIM and am getting there slowly, however, I hit a snag that I can't seem to get around and it makes one of my field extraction result 'ugly'!! I've got a load of...
View Articlecharting.data.count not working anymore in Splunbk 6.3.0
Dear community, we have several dashboards where we need to display more than the default 100 results in a visualisation. In 6.2.x we where able to use <option...
View ArticleHTML compatibility issues between 6.1 and 6.2
I've the following code which is working perfectly fine with Splunk 6.1:Panel Title But when I moved this to Splunk 6.2, I'm not able to see the "Panel Title". It just flashes for a moment when the...
View ArticleWhere can I find examples of the SharePoint app reports/dashboards/etc?
Before I go through the arduous process of installing the SharePoint TA and other required apps in our SharePoint environment, I want to make sure it's worth it. I'm trying to find examples or screen...
View Article