can we use addtotals command in geostats map?
after using addtotals with geostats command, map is not showing correct location. Please help me to resolve this issue
View ArticleSplunkd Error in certificate validation
Hello Team, We are developing our own web portal where we need few data from splunk to be displayed on that web portal. So we have downloaded Splunk JS Stack from splunk website. We are able to...
View ArticleServerSideInclude Module Error! Invalid template path after splunk upgrade to...
Hi everyone! I installed v7.3.1 recently in my local machine (locahost:8001) and one of the apps I have installed shows the error ServerSideInclude Module Error! Invalid template path: Do you have any...
View ArticleSplunk App for performing click on a webpage and ingest the resulted html page
Hello All, There is a way or an App to perform a website navigation and ingest the generated page? For example i need to navigate on a website that never change its url, perform a login and click on...
View Articlesearch using the Splunk API to get back a single result(not streaming)...
can we run a search using the Splunk API to get back a single result(not streaming) without using a saved search or SID? I tried export like below which is giving streamed output, i want single result...
View ArticleAmerican search head cluster app needs en-US URL
Hello guys, we installed one app deploying our SHC but when we navigate to it then there is error message : ![alt text][1] How do you update the URL? Thanks. ![alt text][2] [1]:...
View ArticleHelp with regex with two different type events
Hello I have the below sample events Thu Sep 5 10:00:02 EDT 2019 XDB EXPIRED & LOCKED 28-SEP-11 CTXAPP Thu Sep 5 10:00:02 EDT 2019 VWEinsnte3345 LOCKED GPW_READ I want to extract XDB ,...
View ArticleLinux Universal Forwarder - Security Recommendations
Hello Splunk-Community, for month we are discussing with our Linux admins, if it is ok to install Splunk Universal Forwarder on Linux (Red Hat) or not. We just want to collect Tomcat / Apache logs from...
View ArticleHow do you configure splunk_ta_jmx 3.3.0 to use ssl?
How do I configure splunk_ta_jmx 3.3.0 to gather jmx data using SSL? error : non-JRMP server at remote endpoint This is the same message you get from jconsole when your certs are not in its trust store...
View ArticleOnTAP collection configuration - omit performance category,Does the current...
We are currently using Splunk App for DataOnTAP v2.1.9. We have configured our data collection to omit certain categories. One of the disabled categories is 'quota'. However, it appears that quota data...
View ArticleHow to display the max value par day
My search calculate the number of events of a field per hour per day. In my chart result I only want to see the max of each day mysearch | timechart count span=1h as nb | eval...
View ArticleHelp extracting user logins from IIS logs to one report
Hello, I'm trying to extract two types of data from IIS logs to sum up the login counts for a list of specific users. The IIS logs contain two entries I'm curious about specifically. If I run this...
View ArticlePrevent query autoformat from deleting empty lines
It can enhance query readability to separate large queries into their logical components using empty lines: index = events `comment("find and filter events")` | ... | ... | ... `comment("derive...
View ArticleHow to parses received multi type syslog logs on indexeurs
Hello I have a problem for which I have not found a solution despite several hours of research. I have an indexer on which I receive logs in syslog format. The logs are all sent by the same computer,...
View ArticleAdding additional sources, but hitting license capacity
We are in the process of combining two Splunk instances. We have data we want to start transitioning from one Splunk to another, but we are hitting license capacity. We are still pending getting a...
View ArticleHow to display the max value per day
My search calculate the number of events of a field per hour per day. In my chart result I only want to see the max of each day mysearch | timechart count span=1h as nb | eval...
View ArticleLookup query not working
All, I am running Splunk 7.2.6 under Debian 9.9. I am searching using index = main and picking the top 5 http status codes. I am attempting to "pipe" those codes to a lookup function; however, I am not...
View ArticlePalo Alto Ntworks App support on 7.3
Hi, I am currently trying to install the Splunk for Palo Alto Networks app on a Splunk 7.3.1 SH cluster, and when I try to find this app on Splunk Base from one of the Search Heads, I am not able to...
View ArticleExport structured csv from splunk
Hi, Using Splunk on a raw log file i get the total templates (clusters) of logs using something like: host="my_host index="my_index" sourcetype="my_log" Content=* | eval rex_template=replace("this",...
View ArticleFormat vizualisation not showing trend settings
I have added timechart and span in my query for dashboard panel (single value visualization). While panel shows trend settings for other panels with similar query, the 2 panels do not get it
View Article