Optimal dashboard UI for selecting two events to compare?
I've seen various questions about comparing two events in Splunk. This question is specifically about *designing a Splunk Web dashboard user interface* to enable users to *select* two events to...
View ArticleDetermine which Active servers with Universal Forwarder areNOT sending logs...
We have a bunch of servers with UFs installed. These servers may have different operational states. For example, "Active", "Build in Progress", "Decommissioned", and "Decom in Progress". We use...
View ArticleHow do I use my third-party signed SSL Certificate in my SHC residing behind...
Good day! I've read about these articles: 1.) https://answers.splunk.com/answers/103674/using-aws-https-elb-with-ec2-splunk-web-on-http-port-8000.html 2.)...
View ArticleHow to get the on time and off time over a category with place
Hi Splukers, @niketnilay I have table with 4 fields. I created the status with eval command with index=XXX sourcetype=XXX | search (PLSO=false AND PLSA=true) OR (PLSO=true AND PLSA=false) | eval Status...
View Articlehelp on a dropdown list static option for empty field
Hi In a dashboard I use a doropdown list the dropdown list is updated like this : | inputlookup toto.csv | fields SITE | dedup SITE | table SITE | sort +SITE Then, I use the search below in order to be...
View ArticleSave SPL commands into one SPL new command
Hi, Is it possible to save SPL command into one new command and use it when running a query? For example: | dedup 1 id | stats count by hostname ----> my_command When running a query, I want to use...
View ArticleSending out email notifications for different users
how do i send dynamic emails to different users using the rest-api command. I have a built a dashboard where it shows points for the usage of apps per user . I need to send out a notification as in...
View ArticleSplunk DB Connect to MySQL with SSL and cert
Does anyone has idea how to setup MySQL connection using SSL and certs? I've read the answer below and imported my ca.pem into the keystore, but still not working? Connect Splunk DB Connect to MariaDB...
View ArticleExtract multiple values from a single field into multiple unique fields
Hello, Is there a way to split out the unique values of a field into separate fields that are returned after a search? For example, my search returns the following syslog messages Login Success from...
View ArticleCustom audit path with rlog.sh
Hi, I have audit data coming from a port (UDP) to Heavy Forwarder[via syslog] and have to apply rlog.sh on the same. Just to start, I tried to monitor a custom path rather than the...
View ArticleHow do I restrict which apps are visible to a specific AD group?
Hi I have set up an app that is only accessible to a certain AD group. There are a lot of apps on my Splunk instance which are not necessary for this user group. I don't want that group to be able to...
View ArticleHow to use the stored results in variables after stats command using by...
Hi, I'm using the below query in order retrieve average and standard deviation for the respective days (mon,tue,wed, etc. ) for each warehouse for the last 90 days and i want to use the output values...
View Articlesplunk security onion
i intalled the security onion app on splunk (splunk is running on windows).When i enter the security onion app inside splunk i have no results/ events (its empty). i have tried to do an intrusion...
View ArticlePalo Alto App cannot see data but logs are seen as PAN:*
I have installed the Palo Alto App and add-on and i have also pointed a firewall to Splunk. I can see traffic, threat logs ETC under search but cannot see anything in the App. sourcetype is being seen...
View ArticleBetter search query way in terms of performance
I have below search criteria so let me know best way for this. base search (which have output in table format) [table sourcetype def ghi] sourcetype= 1 check with static lookup and store respective...
View ArticleUnable to reset answers.splunk.com password
I tried to reset my password for this forum by using the link and providing my email address. It then tells me it is sending a reset link to my email but I never get it. I have tried this multiple...
View Articlestandard deviation to alert us when we see source types and/or indexes grow...
is there a easy way to create a alert that uses standard deviation to alert us when we see sourcetypes and/or indexes grow more than a certain percentage within the license data in the _internal index....
View ArticleCan Splunk send a file as attachment without reading the content or data in...
Can Splunk send a file as attachment without reading the content or data in the file
View ArticleCan Splunk send a file as attachment without reading the content or data in...
Can Splunk send a file as attachment without reading the content or data in the file
View Articlerex capture not working
Hi All, I am trying to capture line starting with a number, I have created a regex and tested it in regex101 site and it is working as expected but when I used the same in Splunk using rex it is...
View Article