Splunk Query Help- Summary index - Compare all data of - solutionType=*
Hi Team, I am using the below command to get the last 4 weeks of data solutionType=EML. ``` index=sample1 "com.URL.connector.filter" "uri=*/sample/execute" "responseStatus=200" earliest=-35d@d...
View ArticleCount the numbers of occurrence for two value
I have the following query: sourcetype="placingOrder" Code=504 host="localhost*" | stats count by Path The output is: Path count /api/fetchReport/v2/report1 2 /api/fetchReport/v2/report2 8...
View ArticleStrange timerange behavior
![I am using splunk 7.2.0 on windows os and I am seeing strange behavior of timerange where I am not seeing full text (see below screen shot) I did checked zoom in/out and tried in incognito mode but...
View Articlejava heap space memory
What app is this? for example appname is java Usually for java you can look for the "java -Xmx256m -Xms512m" line which sets the max (mx) and min (ms) memory used? please let me know.
View ArticleRundeck App Community Edition not working / ERROR Error creating rundeck...
Hi, we are trying to setup the Rundeck app. The access to the Rundeck API via curl is working, but with the same configuration in Splunk the app is not writing any data into the configured index. In...
View ArticleHeavy Forwarder Kept sending logs after splunk was uninstalled from host.
The only explanation I could think was that it was not uninstalled properly or it was over riding data somehow or it is was backlog? If anyone has any idea what it might could be helpful thank you!
View ArticleDisable Kubernetes log itself in Splunk
How to disable logs for kubernetes itself (i.e. logs from kubelet, apiserver, etc.)?
View ArticleDynamic trim of field at both start and end
Hi, i have a field that i need to trim. The field can have a number of different strings, for which i want to trim everything except 1 word. The fields can look like this: Deployment of ABC with...
View ArticleHow to concatenate a variable number of fields?
I had the next events examples: 2019-09-16T13:27:10.169107+02:00 koopa.browser.local node= koopa.browser.local type=EXECVE msg=audit(15687332450.174:771277): argc=2 a0="cat" a1="/proc/cmdline"...
View ArticleHow to get audit plus manager logs into splunk enterprise security?
I am following the below steps for siem integration with audit plus manager using HTTP event collector, but don't see the logs. Anything else that needs to be taken care of? Below link for steps...
View ArticleAdminHandler PersistMessages - Failed to remove message
I'm seeing the following error message in splunkd.log: 09-16-2019 11:24:24.095 +0000 ERROR AdminHandler:PersistMessages - Failed to remove message:...
View ArticleExclude results based on previous results
Hi Splunkers, I'm pretty new to Splunk and trying to exclude events based on previous results. Here is an example of my main search results: 1. 9/16/19 2:05AM **id1**=1111 **id2**=aaaa **error** = -1...
View Articlecheck website up or down?
Hi Splunkers!. Is it possible to get the http responce code from website in splunk query. **example**: I need to get **200** or **503** or **404** or **500**(depends on the responce codes), if I hit...
View ArticleForce users to always use "optional" field with built-in SPL command
I'd like to ensure that all users on my search head are forced to include a specific field (along with a specific value) whenever they are employing a certain command in an SPL query. The particular...
View ArticleQuery issue: Query Not giving correct results(Join,Append,Union)
Hello All, I am working the below query - When i am running these two main which joined using join command are giving me intended results. But, when the queries are joined, the results from second...
View ArticleScroll bar to the fieldset elements
Hi Everyone, I have a use case where, a dashboard should contain 15 selections with a combination of checkbox, dropdown, radi button, text boxes etc etc.., when i use all of them, dashboard looks odd...
View ArticleSnort field extractions not functioning
Having issues with Splunk extracting the fields from Snort events being forwarded to UF’s. UF is configured to receive events on UDP 514 as soucetype=snort. The scenario is as follows: Snort...
View Article"OR OR" Error Message
Hello, My colleague and I noticed an issue in the following SPL. If there is data, the SPL works. If there isn't any events, this error message comes up. How can this situation be handled cleanly?...
View ArticleBest practices for search optimization for Splunk Enterprise?
Does anyone have best practices to help optimize searches for Splunk Enterprise?
View Articlemake column headers multilined
I wish to have a chart where column headers are broken into three lines and row ones into two base search| |eval sepa= Department.".".Name.".".Code |eval sepa2=slice.",".slice_Name |chart...
View Article