python script For rest api call
Hi All, I have a use case where I need to create an api connection and but the problem is we need to have a access token that we will supply in "HTTP Header Properties". This access token is created...
View ArticleAdding tooltip Message on specific column of a table.
Hello, I am looking to add tooltip message on specific column of a table. I have followed couple post but didn't get success. Requirement: In below table if some one hover the mouse on Issues_Count...
View ArticleHow to have stats with no result found
Hi, I'm looking at logs on a Gateway to see if there is traffic or not for specific files at a specific time. I want to show the status of the flow. The file has to be present only on Monday between...
View ArticleSplit event before apply profiling
Hi all, I have events tagged with *tag1* and others with *tag2*. In the *restricted search terms of the search* in roles, I have `NOT tag=tag1` so users can't see *tag1* events. The problem is when an...
View ArticleAlert with email
Hi, I'm struggling to create email alert. My search query: `| rex "Heap:\s(?[\d\.]+)(?\w+)" | search HeapNum!=" " | eval HeapNum = case(unit="K",HeapNum/1000,unit="M", HeapNum,unit="G", HeapNum*1000) |...
View ArticleWhy Do I see the DMC Paltform alerts as disabled when for others it is enabled?
I have an admin access to Splunk. When I checked the DMC Platform alerts, those were disabled but for my team with the same access are seeing the alerts as enabled. I am not sure how is this even...
View ArticleUsing geom-data to create features for Maps+
Hi there, we're trying to work around the fact that you cannot currently directly **| geom** in Maps + So what we're doing instead is a multi step approach: 1. We geom our original feature IDs from a...
View ArticleFrozen script - deletes older than 12 months data
Hello guys, I've created a shell script, scheduled with cron-like software, which deletes 12+ months data except for one special index (13 months), could someone gives comment on it? Calling method :...
View ArticleFrozen data deletion script - deletes older than 12 months data
Hello guys, I've created a shell script, scheduled with cron-like software, which deletes 12+ months data except for one special index (13 months), could someone gives comment on it? Calling method :...
View ArticleNeed to compare the last hour values of the fields with current one hour
Hi, We are monitoring the transaction count. I need to verify the results of last one hour, if there is any decrease in the count the alert needs to be generated. For example : 7 AM to 8 AM -...
View ArticleSplunk Stream Case Insensitive Extraction
Doing an extraction in Splunk Stream and get an error when trying to use (?i) in my regex: (?i)x-forwarded-for([:\s]+[\d\.:\s,]+) Gives this error: Invalid regex Expression This works fine in a rex...
View ArticleUsing Tokens in a Search - No Dashboard
Hello, I will continue to search Answers for an answer. Here's my issue. I have a dashboard with numerous searches and sub-searches, as well as several tokens. I want to test each of the searches and...
View ArticleRegEx Help Needed
Hi guys, I'm a complete newbie when it comes to RegEx, but I was wondering if someone could please advise on how I could extract the name of the device from the following string? "hostname"="iPhone"...
View ArticleOverflow panel tag in dashboard
Hello, i want to make one panel of the same size and present there pictures of any size. Pictures which fit there are okay but pictures that are bigger are hiding inside of the pannel. I tried to use...
View ArticleCan I include a variable value which depends on a dropdown token to my search?
Hello everyone, I am trying to assign a value to "myVar", which depends on a dropdown token on my dashboard. The value of "myVar" is used to search for a specific sourcetype. This is my current...
View ArticleSPLUNK ODBC DRIVER
When is someone from SPLUNK going to fix the ODBC DRIVER 2.1.1 not working with SPLUNK versions 7.x?? This is been an issue for a year now. A lot of companies do not allow WDC. So that is not a option...
View ArticleNeed another column in chart
Forgive my newbiness. I've been working with Splunk for many years but not developing reports. I have a report that works well. After the search criteria and all are completed, the following shows the...
View ArticleCreate and Send Report With 2 or More Queries
Hello. I'm wondering if I can have an email with 2 queries: * The 1st one would have a timechart, and (query 1) * The 2nd one would have the specific details of the previous chart (query 2) The idea is...
View ArticleHow to replace a standalone search-head
Hi, How can I replace a dead standalone search-head ? With the pre-saved data I should have used in this migration procedure ?...
View ArticleTable of monthly (or weekly) averages using epoch time in field (not _time)
Hello! I'm trying to build a table showing the monthly averages of a calculation for "OEE" by a Machine field. I then want to drill down on the month selected to show worst offending machine and the...
View Article