How do i get a % of page hits off the total users who accessed a set of pages.
index=app sourcetype=accesslog uri="some uri" user!="-" (context="display" OR context="pages") earliest=-7d | rex field=page...
View ArticleTally field by value and source and divide by total source count
Hello, all. I'm looking for the best method to tally a particular field by value and source and then run division with that tally. index=abc sourcetype=csv | eval failpass=if(a!=b,0,1) | stats count by...
View ArticleHow to search events generated by TA.
Hello, I am using Splunk enterprise and splunk enterprise security. I have windows IIS TA configured as well.How to find the IIS events in splunk search in order to create alert.Kindly help
View ArticleIndex time extracted field unable to search
I am extracting one field at index time from source field using regex and while searching field value sometime I am unable to search field value though In events it is being extracted and currently in...
View ArticleConfiguração Splunk App for Windows Infraestructure - Dados para Dominio não...
![alt text][1] Foi realizado a instalação do Splunk Infraestructure, com os pré-requisitos todos validados e realizado os deploy para os servidores de active Directory ![alt text][2] Porém ao realizar...
View ArticleLinux Addon
Whenever I a select any app on splunk instance it open the Linux/Unix app setup page. ![alt text][1] [1]: /storage/temp/274636-app-error.jpg
View ArticleIDS alerts on windows via splunk Enterprise ?
how can i setup Splunk enterprise to view IDS alerts on windows ?
View ArticlePDF generation removes X-axis labels if there are too many units. Can I fix...
I don't want to modify the pdfgen_chart.py, is there any other way? and when I use...
View ArticleI have a inputlookup which have fields like index and count need to create an...
I have a inputlookup which have fields like index and count need to create an alert which should trigger when count of indexes given will be exceed given count in lookup, use of sub search will also...
View ArticleSearch two lookup tables for matching field values
Hi trying to search two lookup tables for matching fields values, both tables have the same fields. Just looking to compare my output UserFromTest1 and UserFromTest2 for a match. | inputlookup...
View ArticleUnable to initialize modular input "cloudgateway_modular_input" defined in...
I am getting "Unable to initialize modular input "cloudgateway_modular_input" defined in the app "splunk_app_cloudgateway": Introspecting scheme=cloudgateway_modular_input: script running failed...
View ArticleHow to write query for creating alert using lookup
Hi Splunkers, I have the events getting ingested as below: timestamp patch_version hostname Now,I want to create one lookup csv named 'PatchDate' which contains columns with values Host,MaxAge...
View ArticleDrilldown to hidden/show panels not showing based
Hi People, I am trying to create a drill down into a set of hidden/show panels in another page from my Splunk dashboard, however, when I drill down from specific panel on my dashboard, the hidden/show...
View ArticleNested Loop or a Sub-search
Hi guys, I know there has to be a straightforward way to do this in SPL just can't figure out which to use. I have a data set like so (CSV format): Trial Id, Size, Result, Value 1, 64, Passed, 15000 1,...
View ArticleHow to reingest missing Cloudwatch Input Logs
Apologies if already asked but I was unable to find something, So it was noticed this morning that one of our aws:cloudwatch inputs on Splunk Add on for Aws 4.60 had stopped forwarding logs since the...
View Articleuse inputlookup with field index and count as sub search
I have an inputlookup which have 2 fields index and count, I need to create an alert so that alert will trigger when we have greater value of real index values mentioned over count field in lookup. I...
View ArticleGetting an error when trying configure through generic S3 on the aws add on
S3ResponseError: 403 Forbidden AccessDeniedAccess Denied274336FB7AA3D266X1z8Fo0IjBc03K1Qx4Yz4y5rAHHNnwDYRTts4v0Kw5AXImSMNRNkYseR01o5Zg+s+AincSr6e18= Error response while adding an input through generic...
View ArticleSplunk App for AWS: Receiving error trying to configure through generic S3
S3ResponseError: 403 Forbidden AccessDeniedAccess Denied274336FB7AA3D266X1z8Fo0IjBc03K1Qx4Yz4y5rAHHNnwDYRTts4v0Kw5AXImSMNRNkYseR01o5Zg+s+AincSr6e18= Error response while adding an input through generic...
View ArticleError while starting splunk on AIX7.2 "“The splunkd Subsystem could not be...
Dear Splunkers, I am trying to install Splunk 7.0.7 version universal forwarder on an AIX7.2 machine. While doing so I got the below error after giving **splunk start --accept-license** command. After...
View Article