Receiving error message while starting Splunk on AIX7.2
Dear Splunkers, I am trying to install Splunk 7.0.7 version universal forwarder on an AIX7.2 machine. While doing so I got the below error after giving **splunk start --accept-license** command. After...
View ArticleHow to replace the special characters with Space in text field in Dashboard
I am looking for replacing "James:bond;sharma" with "James bond sharma"in text box in dashboard. index=* sourcetype=* $Pattern$ The pattern is the token value for the Text box in Splunk Dashboard. I...
View ArticleWe are on Splunk 7.3.1 , would need to know if there is any to de-duplicate...
We have many instances where duplicate data has been coming due to server instances running in wrong manner. Because of that duplicate has found to be indexed. Is there is config change we can do on...
View ArticleItem count not including quality.
Here is the sample log I want a timechart. {"dtm":"2019-09-04 07:17:39.129 PDT", "logger":".WEB_ORDER_RELEASE",...
View Articlehow to filter the logs when a username field ends with "-TEST"
The following are my transforms.conf and props.conf in my cluster master which are sending all the logs for the below search logtype=SAT (id="ABC-1" OR id="ABC-2") transforms.conf...
View ArticleInvalid FIELDALIAS in default/props.conf
I am getting many of these errors in my internal log:> 09-04-2019 14:04:01.152 -0500 WARN FieldAliaser - Invalid field alias specification in stanza 'OktaIM2:log':...
View ArticleWhat is procedure to upgrade universal and heavy forwarders?
Hello , We have around 13 heavy forwarders.How does the upgrade thing work , should we log into each instance and do the upgrade or is there any way to upgrade through the deployment server.The same...
View ArticleHow to Split multi valued row in to different rows
I have a below query which shows the recent windows patches installed in the servers, So most of the servers got installed with multiple patches. When i sort the result by Server name it is giving the...
View ArticleCreate a multiple value Time Zone Clock as a table
My Server is in GMT (Zulu Time) which is accurate for the log collection, but I'd like to have a table that shows multiple time zones to help our Techs to know when the sun is shining all over the...
View ArticleAlert manager of users alert triggers
How can I route the alert notification to a specific manager based on the user that triggered the alert? The user is listed in the alert, but not the manager. There are several users on the network,...
View Articlegetting sum stats from pair of values
Hi ! I am looking for help for, i think, a simple statistic but I can't figured out how to do this simply. Here's an example of my data : 1. Customer1=A, Customer2=B 2. Customer1=A, Customer2=C 3....
View ArticleDrilldown count
Hello everyone, I am trying to create a simple hiding drill down panel. with below search index=_internal |stats dc(user) as uniqueusers by sourcetype host which gives below table. sourcetype host...
View ArticleHunting for duplicate event data to find suspicious activities
I am trying to determine the right SPL to dig through a financial data set and look for duplicate entries. The data generally is unique but occasionally a vendor may submit a duplicate request...
View ArticleSPL for AWS ELB Logging Enabled
Good Day, I am new to SPL searches for AWS logs and I do not have access to the aws:config:rule logs. Can someone assist with creating a search query to find if "the AWS ELB Logging is enabled/disabled"?
View ArticleHow to get tstats results independent of time range
Hi All, is it possible to get list of sourcetype by host and index irrespective of time range? I just want the list of index, host and sourcetype for which events are available, even if there is only...
View ArticleMultisite Cluster staggered deployment
We are deploying a new instance of Splunk Enterprise and have decided on a multisite cluster architecture for high availability and disaster recovery. Unfortunately, we are getting our hardware...
View ArticleHow to get sum stats from pair of values
Hi! I am looking for help for, I think, a simple statistic but I can't figure out how to do this simply. Here's an example of my data : **1. Customer1=A, Customer2=B 2. Customer1=A, Customer2=C 3....
View ArticleHow to create a drilldown
Hello everyone, I am trying to create a simple hiding drill down panel. With below search: index=_internal |stats dc(user) as uniqueusers by sourcetype host Which gives below table: **sourcetype host...
View ArticleIs there any current documentation on how to add network nodes to Splunk to...
I recently started a new job and used Splunk at my old one. I know the power of Splunk and know it will be useful for my new job. We have downloaded the free version to see how much data we are...
View Articletimechart not respecting exclude searches but stats is
I have some Json data that looks like this { "target":[ { "detailEntry":{ "signOnModeType":"dummy info" }, "alternateId":"AppName1", "displayName":"dummy info", "id":"dummy info", "type":"AppInstance"...
View Article