Want to access Real time data from searcheventhandler.
Hi, I wanted to access "value": "$result.abc$" inside of SearchEventHandler. It contains real time value. new SearchEventHandler ({ managerid: "myid", event: "preview", conditions: [ { attr: "any",...
View ArticleHow to add values of 1st row to 2nd row and so on and show the sum in a...
I have count of VMs per month and I want to show the count increment in a new column, for ex _time Monthly count 2014-06 49 2014-07 300 2014-08 5 2014-09 97 I want to show the incremental sum in a new...
View ArticleHow to check whether splunk heavy forwarder is used only for forwarding not...
Hi All, currently we are having two heavy forwarder instance which is mainly used to forward the syslog data to the indexer instances. But we could notice that one of the mount point in HF is getting...
View ArticleSplunk DB connect V2 and encrypted data
Hello, We use splunk db connect v2 to connect to encrypted DB. In order to obtain the decrypted data is necessary to open the session with command: OPEN SYMMETRIC KEY DLKey DECRYPTION BY CERTIFICATE...
View ArticleCustom Perfmon Counters
Hi, how do I get my **universal forwarders** reporting custom perfmon counters our developers have wrote? e.g. "XYZ Messaging\Availability status" to my heavy forwarder(s)? I can only get these...
View ArticleSimple Search Turned complicated. Problem with subtracting 2 values from...
Hey people! So I may be a big idiot and be missing something very simple but i cant seem to figure it out. here is my search: index=server1 |stats avg(score) as avgscore1 |append [index=server2 |stats...
View Articleregex to avoid the 2016-MM-DD events in a splunk search?
The following were some of the events html tags 2016-04-21 09:42:38,574 DEBUG lksjfd laskdfj lskfj alsdkfj htmltags2016-05-31T13:50:41.883450Z jhgsd kkjahdf klasjh htmltags2016-06-11T13:50:41.883450Z...
View Articleprevent splunk from processing certain eventName
I am not interested in anything with the eventName of Describe* . How would i prevent this data from being processed into splunk?
View ArticleNeed help resolving why _TCP_ROUTING is not sending specified data to...
I have been trying to figure this out for a few days, and I am not getting anywhere. I have specific data coming in on one server/directory that has a UF installed on it that I want to send to a...
View ArticleConfiguring DMC to monitor universal forwarders
Hello, I have Splunk 6.4 standalone instance. I have 5 universal forwarders sending data to the indexer. When first upgraded my Splunk indexer to 6.4, I got the DMC App, but when I go to the forwarders...
View Articlewhat needs to be added to modify my search to display only the windows hosts?
The following is my search query :- index=* | regex _raw!=".*2016-\d{2}-\d{2}.*" | stats values(host) as hosts Also is there any way that I can see all the sources per host in which my search string...
View ArticleSimple math and string concatenation
Hi I have this dashboard:Prova_selettore_dinamico Clona v1IntervalloLast dayLast 7 daysLast 30 daysLast 12 months30-30d-d CODE$period$now CODE The token $period$ is set, for instance, at -30d (and I...
View ArticleGetting rid of unused time in timechart
Given a search: index="muni" | nbclosest | timechart span=30m dc(vehicle_id) as NumVehicles (where `nbclosest` is a custom search command that filters results and isn't relevant to this question) it...
View ArticleIs it possible to index and forward a specific sourcetype from an indexer?
I have a situation in which I need to get events from our Windows servers to a third-party device for a managed security provider. We have been doing this on the universal forwarder layer with mixed...
View ArticleHow do I edit configuration files through Splunk Web?
I would like to edit configuration files through Splunk Web instead of an editor. How do I do this?
View ArticleHow write the regular expression to extract different formats of the...
I am trying to extract text from a specific attribute that I am querying in LDAP. Our "altSecurityIdenities" attribute is not formatted the same on all users where the data in it either has an...
View ArticleHow to set date & time stamps across two lines in xml where time was already...
Hi Team Trying to ingest an xml file in the following raw format(extracted portion for sample but each event consists of much more values) 2015-08-08T00:00:0023:58:00MCP I have line_breaked based on...
View ArticlePie Chart not disappearing when selecting time picker
![alt text][1] [1]: /storage/temp/157189-issue.jpg It shows both the pie chart and No results found when selecting different time. Any help is appreciated.
View ArticleWhy all indexes are not available to select from "Available search indexes"...
- Splunk License : Enterprise - Splunk version : 6.4.0 - Deployment Model : Search head cluster , indexer cluster We are not able to see all indexes (not even **3%**) in the *Available search indexes*...
View ArticleAgents deployed dashboard
Hi, I am currently populating a dashboard with the following search for agents: index=_internal group=tcpin_connections | join hostname [| rest /services/deployment/server/clients splunk_server=* |...
View Article