A URL that has the latest Splunk install kit without specifying the version
I am working on automation and would love to find a URL path that will default to the latest version of splunk installs, core enterprise and the uf. I would love to be able to NOT have to hard code the...
View Articleper_sourcetype_thruput logging stopped
For several UF's, I've noticed that the metrics.log 'per_sourcetype_thruput' entries have stopped completely, for days now. I have verified that the UF is sending events and that metrics.log is being...
View ArticleAlarm Type Percentages
I have uploaded alarm logs into splunk. I would like to be able to show results for how often each alarm type occurs in percentage. For example: the percentage of total alarms that Alarm 1 makes up and...
View ArticleIs there a query or CLI command I can use to determine if any apps have used...
We are attempting to determine if any of the apps/add-ons in our environment have used Sideview Utils. Any easy way to determine this?
View ArticleHow to get a trendline or show change when a value of a field is changed?
How can I show change in a value of a field .For instance , I have a field called volume_id =vol-0h8383hjk and has iops=3990 at 9AM and and the same volume_id has value 1000 at at 11:30 as I changed...
View ArticleHorizontal scroll bar
Hello All, I have 10 selections in my dashboard, few radio buttons, multi select, text box etc etc.., these are fitting into two rows, i would like to keep all of them in a single row and use a...
View Articleloop to create new dashboard panels
I have a list of 51 locations, and I want to create dashboard that displays the results of the query below in a separate panel for each site. index= index cluster="*"site="*"| bin _time span=1d|eval...
View ArticleDashboard manage timepicker token on click.value, earliest not working
Hi Splunkers, I'm trying to get a dashboard timepicker to change on click to essentially zoom into the click value of a timechart + and - 60 mins. The below seems to be working just fine for the latest...
View ArticleAlias changes field result to multivalue
I created a simple alias in props.conf (FIELDALIAS-category = cat as category) which is working as expected. I have two fields cat and category and the fields have the same values. However cat is...
View ArticleCreate field from one to many fields of a certain format
Here is my data (linux_audit): type=EXECVE msg=audit(1567181894.530:909): argc=2 a0="cat" a1="audit.log" type=EXECVE msg=audit(1567181796.532:830): argc=4 a0="sudo" a1="chmod" a2="+x"...
View ArticleLinux input for process monitoring (similar to Windows Sysmon)
We're looking for a tool that does the same thing as Windows Sysmon (Sysinternals), but for Linux. The problem with ps and other process monitoring inputs in the Linux TA is the interval. If a process...
View ArticleEvent break on multiple dashes
With multi-line logs, I am trying to linebreak on an obvious linebreaker of dashes (----------------------------------------------------------). (Note in the below examples it appears to be coming...
View ArticleSplunk Machine Leanring Toolkit: Why is outlier chart option disabled?
I am trying to configure a drill down in an Outlier Chart but the option is disabled. Can anybody explains why?
View ArticleChanging index size of _audit index on a cluster
I have a cluster set up with 1 index master, and 2 index peers. I would like to change the size of the _audit index from 500G to 400G. How can I go about changing these? On my index master, in the...
View ArticleDeployment Server throwing name resolution errors?
all, Out of no where my deployment server won't send data to my indexers nor will it read it's search peers. Everything points to network, but no other Splunk instances are impacted and they are all...
View ArticleDuplicated logs with Request Workflow for Splunk CoE App?
All, I have a simple env 10 idexers and a search head no cluster and installed Request Workflow for Splunk CoE App? https://splunkbase.splunk.com/app/3285/#/details. I am create a user request and...
View ArticleHow to create field from one to many fields of a certain format?
Here is my data (linux_audit): type=EXECVE msg=audit(1567181894.530:909): argc=2 a0="cat" a1="audit.log" type=EXECVE msg=audit(1567181796.532:830): argc=4 a0="sudo" a1="chmod" a2="+x"...
View ArticleHow to event break on multiple dashes?
With multi-line logs, I am trying to linebreak on an obvious linebreaker of dashes (----------------------------------------------------------). (Note in the below examples it appears to be coming...
View ArticleHow to change the index size of _audit index on a cluster?
I have a cluster set up with 1 index master, and 2 index peers. I would like to change the size of the _audit index from 500G to 400G. How can I go about changing these? On my index master, in the...
View ArticleRegex error, exceeded configured match_limit
Hi Splunkers, I'm running Splunk 7.0.1 and having some problems to parse variables using regex in a search. This is my data, in one line only: 1. Aug 30 19:40:41 10.181.132.181 1...
View Article