UFW: Collect WMI instance referenced in monitored WMI event
I have what is probably a very newbie question: I would like to monitor a WMI event with Splunk. This event returns the key of a class instance which has been modified. So: 1. The event WMI\MyEvent...
View ArticleNeed help in getting total count of events but excluding specific timerange...
Can anyone please help - I want to display total count of event occurred in a week (but excluding specific day/time i.e. exclude 04-06 PM for Monday and 06-08 PM for wednesday) I am running below query...
View ArticleHow to get the plain text of pass4Symmkey
Hi, Please help us to get the plain text of pass4Symmkey. Is there a way to decrypt it?
View ArticleAutomatic Simple XML Dashboard: How to add a scroll bar to the fieldset elements
Hi Everyone, I have a use case where, a dashboard should contain 15 selections with a combination of checkbox, dropdown, radi button, text boxes etc etc... When I use all of them, the dashboard looks...
View ArticleReceiving "OR OR" error message
Hello, My colleague and I noticed an issue in the following SPL. If there is data, the SPL works. If there isn't any events, this error message comes up. How can this situation be handled cleanly?...
View ArticleHow to make column headers multi-lined
I wish to have a chart where column headers are broken into three lines and row ones into two base search| |eval sepa= Department.".".Name.".".Code |eval sepa2=slice.",".slice_Name |chart...
View ArticleHow to get total count of events excluding specific time range for certain days
Can anyone please help? I want to display the total count of events occurred in a week (but excluding specific day/time i.e. exclude 04-06 PM for Monday and 06-08 PM for Wednesday) I am running below...
View ArticleUnable to get auto lookup to work
I have downloaded the ASA app and am unable to get auto lookups to work. They work if I add local=t to the search time command: ```index=1000_proxy sourcetype="bluecoat:proxysg:customclient"...
View ArticleSearch head core network, Free Disk, CPU used, memory free %... which index I...
there are index =os and index=_internal . Index=os, where there all info about OS performance data of servers (host), also host =ip* index=_internal, there contain these OS data, but internal hosts....
View ArticleWhat is Splunk Dev, and how do we use it to develop and share our own apps?
We have some use cases that we'd like to develop into Splunk apps. How do we use Splunk Dev to develop our own apps and share them on Splunkbase?
View Articlehow to devide each line each data row
ServiceTitle KPITitle kpis_key SmartCas ServiceHealthScore SHKPI-17c3399b-d559-4e91 CPU Utilization: % 793faace-3431-4d54-a54c-f07fbb520425 IOWait % 9e984025-b4ba-43c1-a165 Storage Operations: Latency...
View ArticleSystemd broken on new install
Hi, I downloaded Splunk version 7.3.0 (build 657388c7a488) and installed it via the deb file onto a clean install of Debian 10.1 I subsequently followed the "Configure systemd on a clean install"...
View ArticleHow to calculate Splunk session for a user ?
Hi Experts, I want to create a report for last 24 hours which provides the information like how many hours users was on splunk in past 24 hours , or in other words how many hours user spent on Splunk ....
View Articlesearch/subsearch using json array
I have logs being stored in json that shows accounts being given access to data. I need to validate that the accts are valid. I am trying to run a subsearch that will get the list of accounts(userId)...
View ArticleWindows Perfmon Issues
I am trying to get Windows Perfmon data in. I have been successful for some servers but not others, despite using the same inputs.conf configuration. For instance, I am getting Memory stats from our...
View ArticleSplunk indexer for sonicwall firewall logs.
Hi all, in our network environment to capture the logs and analyze that logs generated by SonicWall firewall we have implemented Splunk enterprise tool in Linux server. Our Splunk indexer is displaying...
View ArticleZip values from JSON.
I want to get the total units by PartNumber. I tried using spath but it didnt work maybe I am doing something wrong, this is my 1st time work with Json bodies in Splunk, can someone help. Thanks. { [-]...
View ArticleHow to display table header in dashboard even without result?
I have a case when results are few, if any. In dashboard, fewer rows takes up smaller vertical space, but if no result returns, it takes up a taller default. I would rather align the tables with...
View ArticleCompare search result for first 15 min and last 45 min
Following is the result we got Action_ Name Time Count ABC 1:15 AM 100 ABC 1:30 AM 200 ABC 1:45 AM 300 ABC 2:00 50 Now I want to compare the row2 (1:30 AM) Count : 200 with row4(2:00 AM) Count 50 I am...
View ArticleFields not displaying in Fast and Smart modes Splunk enterprise 7.2.4
I've issue on 7.2.4.x where fields are not showing in the fast and smart mode , whereas works in verbose mode.I've explicitly declared the fields that i would like to display in fast and smart mode...
View Article