How can I pass a token value from a drilldown menu to the scale threshold to...
In a dashboard I have a drilldown menu to select wich system ID to use. If no system is selected I use all system if there's a selection I use the system selected. So in a search (makeresults) I passed...
View ArticleCan I have an overview of how Splunk reports and dashboards work?
I have a handful of searches that I want to build into reports and dashboards so I can collaborate with my team. Can you give me a sketch of how Splunk reports and dashboards work?
View ArticleSearching multiple log messages and count their occurrence
index=my_index earliest=-30d "[ERR] Failed to connect with downstream node" OR "[ERR] Failed to authenticate downstream node" OR "[ERR] Downstream node sent invalid response" I want to get the count of...
View ArticleSplunk Crashes on Startup
Everything was running fine and then it started crashing. The crash log references the scheduler. Not sure what I can do about this. [build 088f49762779] 2019-09-09 12:36:00 Received fatal signal 11...
View ArticleCan I get an overview of how Splunk permissions work?
I want to set up an organized system of permissions so we can give the right access to the right data and the right Splunk features to the right analysts in my organization. Can I get a sketch of how...
View Articlevalue of bytes sent for Channel status is negative
I found that the value of bytes sent for Channel status is negative when it is greater than 2^31. It showed a positive number in MQ explorer. It seems that the plugin treats the number as a signed 32...
View ArticlePhantom app for Cisco Threat Response
I searched for the Phantom app for Cisco Threat Response but was unable to find it in Phantom. If such Phantom app exists, can someone provide the info on how to find it like its name?
View ArticleCan we create DB Connect inputs in separate app?
I'm using DB Connect 3.1.4 on Splunk 7.1. My db inputs were created in separate app, one app for each app area. I've installed 3.1.4 version of DB connect, did the migration of database inputs, but...
View ArticleTime column and event date are different
Just installed Splunk Enterprise free edition on a Windows 10 computer. Downloaded a Wordpress error log from a decade old website. Settings - Add Data - Upload File - uploaded the server error log (...
View ArticleHow do I get started monitoring system health on Splunk Cloud?
We just got Splunk Cloud up and running, and I'd like some tips on how to tell if it's healthy. Can you get me started, and point me to some resources?
View ArticleHow do I get started monitoring system health on Splunk Enterprise?
We just got Splunk Enterprise up and running, and I'd like some tips on how to tell if it's healthy. Can you get me started, and point me to some resources?
View ArticleHow to stats by merging multiple events
I have events in same index and source-type as follows: 9/12/19 11:28:46.398 AM [WARNING/ForkPoolWorker-13] project="xyz",begin="stage1",job_id=1 9/12/19 11:30:46.398 AM [WARNING/ForkPoolWorker-13]...
View ArticleCombine specific values from two multivalue fields
I have Splunk pulling in data from a lookup and creating two multivalue fields. I want to combine these two into a third one based on the value index. Example: Field 1: A,B,C,D Field 2: 1,2,3,4 I want...
View ArticleCorrelating fields and printing some fields .
Logger 1: has StartId: 1234, and commitCode as 101. Logger 2: has EndId: 1234(which is same as start ID), WebOrderID: W789, Ccode: 111(which is Commitcode) Logger 3: has EndID: 1234, sectionID: 4567 I...
View ArticleCan not communicate with UF
Can not communicate with UF Hi,all I think it is easy question, but I can not do that. So, please help me. I want to communicate with UF. So, I make inputs.conf and outputs.conf here....
View ArticleSyslog Monitoring when REGEX is not enough
I have been tasked with deploying Splunk for an organization that has an extensive syslog (multiple rsyslog & syslog-ng svrs) environment. The problem is with their naming convention. Of the...
View Articlejoin retrieving wrong results
| inputlookup fnms_copy1.csv | eval MACaddress = replace(MACaddress,":", "") | where MACaddress!=" " | rename MACaddress as "Macaddress" | join Macaddress [search index="eventlog1" OR "Macaddress"] I...
View ArticleSHC - push apps without deployer
Hi, I want datasets addon onto my search heads of my cluster. Port 8089 is not open between the deployer and SHC search heads. Is there any way to push the add-on manually bypassing the deployer? It's...
View ArticleTotal Account lockouts > 2 within 30mins
Hi There, I am trying to find where total account lockouts that are greater than 2 within the time frame of 30 mins. This is to find out potential malicious activity where someone is trying to...
View Articlehow to display a field two times in a table with the original values and...
hi As you can see below, I am doing a stats with the field "process_name" In order to be more comprenhensive, I am doing a rename of this field with a case function But in my table, I would like to...
View Article