How do i Monitor Garbage Collector using Splunk?
Hi, I am trying to understand the slow responsiveness of my application and for that I am indexing the JMX logging to my Splunk. I see it's getting ingested every 15 minutes and two types of Collectors...
View ArticleMalwareBytes Cloud cannot see any endpoints
I need help with the splunk side of the dashboard, I have setup the syslog server in the cloud and added a machine as the communication endpoint. the machine onsite has the universal forwarder...
View ArticleHow to include double quotes in Switch Case
Hi All, How can I do switch case for below values {"XXX":["ABC"]} == ABC {"XXX":[]} == NULL . | eval Name=case(Name == "{"XXX":[]}", "NULL", Name == "{"XXX":["ABC"]}", "ABC" ) - This is not working....
View ArticleHow to sort apps in UI by the ui label field in app.conf?
From what I can tell, the apps dropdown in Splunk is ordered alphabetically by the app FOLDER names. Is there a way to have this ordered by the "label" value in app.conf?
View ArticleWhy is the rex capture not working?
Hi All, I am trying to capture line starting with a number, I have created a regex and tested it in regex101 site and it is working as expected but when I used the same in Splunk using rex it is...
View ArticleHow to monitor Garbage Collector using Splunk?
Hi, I am trying to understand the slow responsiveness of my application and for that I am indexing the JMX logging to my Splunk. I see it's getting ingested every 15 minutes and two types of Collectors...
View ArticleHow to sort apps in UI by the "label" value in app.conf?
From what I can tell, the apps dropdown in Splunk is ordered alphabetically by the app FOLDER names. Is there a way to have this ordered by the "label" value in app.conf? I.E. I would like to sort my...
View ArticleMultiStage Sankey Diagram Count Issue
I am using this as a reference: https://answers.splunk.com/answers/470198/how-to-create-a-multistage-sankey-diagram-with-a-s.html I am trying to build a sankey diagram to map requests from source to a...
View ArticleHow to fix "Could not load lookup=LOOKUP-app_proto"?
Hello Splunkers, I keep getting the error message "Could not load lookup=LOOKUP-app_proto" in multiple apps on multiple dashboards. I have checked settings and neither the lookup file or definition...
View ArticleDrop off count in website.
I am working on website sales data where n number of different services are called like CartService, OrderBuildService, CheckoutOfferService,ShippingService and WEB_ORDER_RELEASE. I would like to know...
View ArticleRun the equivalent of an `extract` command on a structured JSON event's subfield
We're ingesting structured JSON logs from a source and would like to run the equivalent of the `extract` command on one of the event's sub fields. The events look something like this: {...
View ArticleHow to change the displayed time filter when a different dropdown value is...
I have two filters on my dashboard. One for time (using the Time filter) and one for environment (using the Dropdown filter). When I select a value from environment, it updates the time token and the...
View ArticleChart command.
index=aos_transaction | chart count by payments, geo | addtotals col=t | sort -Total | head 10 I want to display only top 10 payments with geo breakdown. when I use the above command my total is also...
View ArticleExplain how tokens work and define types of token filters?
Hi, I'm preparing for the certification exam and i would appreciate the answer with examples. Thank you
View ArticleHow to modify search text with Javascript
I'm using Splunk Enterprise Version: 7.3.0 I'm trying to make a chrome extension that will allow me to toggle line-comments in the search window. It's tedious to prepend `comment(" and append ")` to...
View ArticleWhat is the correct syntax of applying NOT operator in transforms.conf?
The following is the regex I am working on and what I'm trying to do is exclude any username events that ends with "ZLX" but I doubt that If I am following the right syntax. especially I am not sure if...
View ArticleHow can Splunk running as local user impact DNS?
All, I have a deployment server on centOS7 for a few months now. Out of nowhere it could not send data via it's outputs.conf to the indexers. I am getting name resolution errors in the logs. Running...
View ArticleCan Active Directory be monitored by Splunk Enterprise which is running on...
Help me out with this question... Can AD be monitored by the Splunk enterprise which is running on linux..? I refered to the splunk documentation of...
View ArticleDashboard with dropdown menu to another dashboard
I have 3 dashboards. I dont want my team to remember the links of all the 3 dashboards so creating a master dashboard. So I got this code working but when I choose one of the values, i want to display...
View Articlehow to make a simple table with raw data fields and non fields data in Splunk...
Hello Everyone. im trying to make a simple table for the log file which i have uploded in Splunk. i can able to get the fields in column but not the remaining event data ???? for Ex: this is one sample...
View Article