How to whitelist multiple IP addresses from datamodel search? (no need to use...
Hi Guys, Can you please tell me how to exclude/whitelist multiple ip adresses from the **datamodel** search here is the example: **All_Traffic.dest_ip!=10.10.10.10 All_Traffic.dest_ip!=10.10.10.10...
View ArticleGreen/Red indicator of health
I have a basic search that returns multiple results. | stats count by activity ....which returns these results. activity counts Open 24 Closed 2 Conflict 5 Empty 100 Is there a way to create a report...
View ArticleEnhancement request to the logs dashboard
Would it be possible in a future version to have choices in one drop down limit the list of the other drop downs. For instance, if I choose a namespace could it limit the Cluster list to the Clusters...
View ArticleHow to search result in data and put it in a table
I need to create a table from the results in the query below. where the utilization is greater than or equal to .7. index=test cluster="*"| bin _time span=1d|eval time=(time)|eventstats...
View ArticleFlow Map Viz Example Query
Hi @chrisyoungerjds Can you please include some query examples for using the new Flow Map Viz ? Possibly the one behind the video on SplunkBase? Keen to see how I can intergrate this viz with my...
View ArticleHow can we round down time to nearest 10th minute
Hi I want to convert my now() time to round down to nearest 10th minute. For e.g. If now returns 10:02 I want it to be converted to 10:00, if its, 10:18 then 10:10. how can we achieve that
View Articlezero'ing counter problem (and associated graph spike explosion)
Hi Splunk gurus. I have a query problem thats been challenging me for a while. When my polling breaks, or when counters reset to zero for whatever reason (i.e. the device i'm polling is rebooted) i get...
View ArticleSearch head and Indexer has different indexes list
I have a question about indexes. In my environment, search head cluster is 5ea, indexer peer node 20ea, indexer cluster master 1ea and heavy forwarder etc When I check indexes list in indexer peer...
View ArticleSave results of saved search back into an index.
Can we save results of a saved search/ search back into splunk. Something similar to a view in SQL database. Splunk query processes the raw data(Scheduled)--> saves it back to an index.
View ArticleGetting a status code 400 (Bad Request) when trying to restore a object of...
We're experimenting with "v1.0.5 VersionControl For Splunk" https://splunkbase.splunk.com/app/4355 and experiencing an error when attempting to restore an object. `ERROR name= with...
View Articlesearch result issue by users
Same SPL result is different by user A and admin SPL-> index=xxx when I do search with userA's userid "interesting fields" when searching with userA's ID and the results when searching with admin...
View ArticleHow to send splunk alerts to Appdynamics console
Hi Team, How do we send splunk alerts to Appdynamics tool, is there any add on app available or any direct integration available? Please guide...
View ArticleJson parsing - event breaks
Below is my event : [ [-] { [-] created_at: 2019-08-28T13:48:48.722Z credibility_score: -5 email: swathi.nandigam@xx.ae id: 625 last_reported_at: 2019-08-28T13:52:48.000Z reports_count: 1 updated_at:...
View ArticleMultivalue input choice box length css
Hello there! I am looking for a way to adjust multivalue choice box length to keep them on one line. I have already adjusted multivalue input box : ![alt text][1] #instance_id { width: 50%; } But I do...
View ArticleTor traffic search feeds
Hi All, I work with Datamodels, and trying to create search which will alert me about TOR communication. Having some issues with enrichment. Can somebody help. **| eval TOR="iblocklist_tor" | lookup...
View ArticleRun script to unlock an AD account
Hello all, I have a dashboard within which I display user accounts that have locked-out (taken from windows events logged on domain controllers). Is it possible to run a batch script from a button on...
View ArticleFiltering data block in Heavy Forwarder
Hello, I have a problem that I don't know how to solve. We are receiving logs in xml via universal forwarders. The logs are OK but we want to filter some of them. We couldn't filter in the original...
View ArticleUse token value to set another token by using replace
Hello, I try to using the token set up in a checkbox who will create a token like that: (" F " OR " E " OR " W ") this token will be used as filter on _raw data but i want to use the token information...
View Articlehow to visualize access_combined in splunk ?
i am new on splunk and i just want to monitor my network to test splunk, but nothing seems to work \ i am getting really frustrated and lost i want to be able to view traffic on my network on splunk on...
View ArticlePie-chart - Display TOTAL in title of the pie-chart but hide/block from...
index=$index$ sourcetype=$sourcetype$ $string1$ . . | fillnull value=FALSE | stats count(email) AS TOTAL count(eval(authenticated="TRUE")) AS auth_count count(eval(cancelled="TRUE")) AS cancelled_count...
View Article