DS not pushing app to DC
Hi All, I am configuring a app in my deploymentserver, for some reason the app is not deploying to the deploymentclient. I have verified all and all looks good. 1. I have checked for Typo in...
View ArticleMonths in graph incorrect
Hi, I have strange issue, that months in graph are following in wrong direction and I check events output date and they all are in 2019 year, so no issue there, please check picture![alt text][1] [1]:...
View ArticleConvert columns to rows
I have a table like below A B C 1 2,3,4 Hello Need a query for which output will be like below A B C 1 2 Hello 1 3 Hello 1 4 Hello Split 1 row into different rows based on values in column B any help ?
View ArticleUse Monitoring Console to monitor a Search Head with Enterprise Security
Hi at all, I have the following architecture: - 2 clustered Indexers, - 2 Search Heads, - 1 Master Node, - 1 Deployment Server. My architecture has been correctly running from last year. I leave this...
View ArticleHow to get the results of a correlation search when we have success after...
Hi All, Below is the correlation search. I want the results for bruteforcesearch query only when we have successful login after failure attempts by user. The alert should trigger only if we have...
View ArticleChange color of data value text in line chart
![alt text][1] [1]: /storage/temp/274663-trend.jpg \ -> hi , with the below style g.highcharts-data-labels text { fill: #FFFFF !important; } the text color not changing to #FFFF . Please, someone...
View ArticleColumn width adjustable table
Morning all, Im sure this may have been answered in the past, but is there away to have a table in splunk that you can adjust your columns width directly from the dashboard. Similar to how excel would...
View Articledb connect error
Hello , Can someone help me to solve this error in the DB connect Application ? `Traceback (most recent call last): File "C:\Program Files\Splunk/bin/rest_handler.py", line 79, in <module> print...
View ArticleCloud Snowflake DB Connect Integration
Hi, Could you please help here I tried to integrate the Snowflake with db connect. I am using following version of JRE: /usr/java/jdk1.8.0_131/jre I have placed snowflake at following location:...
View ArticleIndex log need to maintain only one year
Hi Team, I am seeking help on indexer log retention period set. I am using splunk enterprise version 6.4.2, deployed some 4 years ago so . indexer log contain more than one year and log to be...
View ArticleGet list of servers not sending logs
i want to get list of servers from the csv which are not sending any logs to splunk like for past 48 hours with time when it stopped ingesting. i am trying below query but no success. | metadata...
View ArticleHide Row/Panel depends on two tokens
Hi togehter, i want to hide a panel if one of two tokens is set (it should be an or condition) Is there any opportunity to buld an OR condition with depends? Is there an another solution? Example: row...
View ArticleUse EVAL field in sendemail with DBXQUERY search
I am needing to pass a custom date to the sendemail subject line and I know it is possible using a standard Splunk search and 'eval' but I have been unable to do it using a dbxquery search. I am only...
View Articlerestrict user from seeing panel query in dashboard
I am not sure but is there any way to hide Panel query from dashboard for users of the dashboard. In short, User should not see the query behind the panel after hovering over the search bar on...
View ArticleHow to get the row text from inputlokkup in a variable for email alert
HI! I am using a csv file to catch some alerts, and that part works fine, I catch all my alerts. index="main" [inputlookup linux_alerts.csv | table AlertMsg | rename AlertMsg as search | format ] The...
View ArticleCustom style with MapBox map
Found this article: https://www.splunk.com/blog/2017/06/01/enhancing-splunk-visualizations-with-mapbox.html Trying to use my own style created in MapBox applied to a default MapBox map - I.e....
View ArticleHow to get the row text from inputlookup in a variable for email alert
HI! I am using a CSV file to catch some alerts, and that part works fine, I catch all my alerts. index="main" [inputlookup linux_alerts.csv | table AlertMsg | rename AlertMsg as search | format ] The...
View ArticleHow to extract new fields from a datamodel without deaccelearting it?
Hi All, I have a datamodel "Authentication". This datamodel is already been accelerated.I require two more fields to be extracted from this datamodel. I have used the below query for excessive logins...
View ArticleSplunk App for Jenkins: Audit & Health Panels still pointing to default indexes
We are using splunk 7.0.11 and the jenkins app 2.0.2 and facing the following problem: The performance panels in the health dashboard and the whole audit dashboard still refering to the default...
View ArticleHow to uninstall Universal Forwarder
Trying to update the universal Forwarder from 7.1.1 to 7.3.1. First step it tries to uninstall the old version and needs the .msi to do it. I provide the location and it errors stating that it is not...
View Article