How can i do round in stats statement
Here is what i have index="docker" (env = region1 OR env = region2) "job-time" |eval time_in_mins = ('time')/(1000*60) | stats avg(time_in_mins) as Time by env How can I round the average to 2 decimals...
View ArticleFirst Time Seen Running Windows Service Alert On Splunk Enterprise Security
Hi Splunkers, We have realized our "First Time Seen Running Windows Service " Correlation search seen below has been giving alot of false positives. This correlation search came with Splunk ES Content...
View Articlesearch head captain clsoing the connection cluster mamber
we are having 3 search head and they are in cluster. splunkd process went down in two search head. when i checked the master search head i see below mentioned error. i restarted splunkd issue got...
View ArticleInvalid key in stanza .. in props.conf
to make the configuration more readable I use "\" to break long lines, which works fine: EVAL-user = case ( FOO="Action" && BAR="test1" , var1 , \ FOO="Command" && BAR="test2" , var1 ,...
View ArticleVisualization Request , Bar chart over time?
All, Does Splunk have a visualization or a CustomVIz that does bar charts over time? This visualization seems really popular these days I'd like to be able to offer that to my customers. here is an...
View ArticleNeed to modify dashboard
Hi Dashboard, I need to make Y-axis as hostname name and x-axis as value in number and more over if value is crossing 400 GB then it should should in red colour, XML file is attached[alt text][1] [1]:...
View ArticleIndexers Disk Space
all of our indexers server disk space is almost 90% full and one of the indexer server disk is full(100%) so he get stopped. So the first thing is to determine that why only specific server disk space...
View ArticleHow to parse a log file with multiple types of records?
I have a log file with multiple line patterns. Something like this: [name] [surname] [address] [phone] [birthdate] [lastlogin] [key] [value] [timestamp] [username] [url] [errcode] [srcip] [dstip]...
View ArticleDisk Space issue on Indexers Cluster
We have multisite Indexer cluster setup. one of the indexer server disk space get full and become offline whereas otehr servers disk space is almost 90 percent. how can we fix this issue.
View ArticleSplunk Windows universal forwarder zip file
Hi Team, I am facing issues with Splunk universal forwarder installation-* in windows environment. when I went through the Splunk.docs I came to know that Splunk universal forwarder on windows...
View ArticleDuplicate logs.
Hi Splunker; Splunk monitoring logs from URL by reset API, but we noticed that there duplicate logs, I mean Splunk read more than one for one event, you can see the below inputs.conf which I used?...
View ArticleAdding new threat list feed into splunk
Hello all, I am having issues with adding AlienVault OTX as a intelligence feed into splunk. At first, when i didn't configured the threat list as a taxii, it managed to download the threat list as a...
View ArticleHow do I set a source type for this data
I have a script that pulls the data at the bottom into a file and then splunk pull the files from the corresponding directory However one of the 3 hosts works properly and 2 hosts split into 2 events,...
View ArticleHow can I do a search for all URLs that have not had a hit in the last two...
Hi; I want to run a search that reveals all the URL that have not had a hit in the last two months. The feed here are access logs coming from a Symantec Proxy SG device. The purpose of doing this is...
View Articleuser!=xxx user!=yyy VS. NOT user IN (xxx yyy)
Hi, when building queries I'm all for their clean look and readability - of course performance always matters more. But I have this case in which I want to exclude lots of usernames from my search:...
View ArticleTime/count mapping in visualization chart different from statistics/table below
I indexed data from a csv file and then tried to plot data for count of events every 2 minutes. I get correct results in the statistics table, but when I see the chart in visualization, the count of...
View Articlesplunk API from browser
Hi all , I am using below url to get data from splunk `https://hostname:8089/v7/services/search/jobs/export?output_mode=json&search=search * | stats max(_time) AS _time BY "pctIdle" | sort 0 -...
View ArticleDrilldown feature - Flow Map
Hi, The flow map viz does not seem to support drilldown out of the box. Does anybody know if there is a way around it?
View Articleunable to get pdf of a splunk dashboard after hitting curl command via splunk...
Hi All, I am trying to get dashboard screenshot/pdf via hitting curl to splunk rest api as below:- curl -u usr:pwd -sk...
View ArticleHow to remove the duplicate values from json events
![alt text][1] [1]: /storage/temp/274551-digital.jpg Below is sample data . How to remove the duplicate values
View Article