How can I produce results with a span of 1 day
Hi, I am joining several source files in splunk to degenerate some total count. One thing to note is I am using ctcSalt= to reindex all my source file to day, as only very few files will be chnaged...
View ArticleInternet Explorer Dashboard issues with Splunk
I am facing issues with Internet Explorer, wherein, all the panels in my dashboard are getting cut when I move the dashboard from big screen monitors to Laptop Screen, when the zoom is kept at 100%....
View ArticleMvexpand memory usage
**Hello, everyone!** I was encountered with weird problem. I have the following search: | tstats `summariesonly` count by source, host, index, sourcetype | table source, host, index, sourcetype | stats...
View ArticleBest way to find log patterns in splunk consuming more bandwidth
Hi All, I am looking for the best way to find log patterns in splunk consuming more bandwidth so that we can reduce the noise from splunk and control the license utilization.
View ArticleRegex command causing the search to not work - unknown search command
Hi People, I am trying to run a regex command to cut out a part of the REQ field, On regex 101 it is working fine, however on Splunk it is causing problems and i get an unknown search command error...
View ArticleWhy does Splunk custom endpoint time out automatically after 500 seconds
Hi, We have distributed Splunk deployment running version 7.3.0. We have a custom REST endpoint which runs some searches and returns the search results in JSON format. When we run searches for long...
View ArticleHow to build daily average (response time) with data containing hourly...
Hello Everyone, I construct a csv (output)lookup file containing the hourly average response time, the hourly number of events and the service concerned. This file is updated daily (scheduled append)....
View ArticleQuestion about LINE_BREAKER and SEDCMD
This is a long question. We have a Heavy Forwarder and an Indexer cluster (managed through indexer cluster master.) I have a scripted input that pulls some data which is in "array of json" format. To...
View ArticleSummary index issue - Retaining only approx 3 months of data
I am working for a client and last year we created some report for the purpose of audit and scheduled them to send data into default summary index. since last month we are observing that all the data...
View ArticleRetrive only the key object from the json output
I have the following output and I want to extract only the key value of the JSON and those are addNewOrder,navigateReport etc in a table. Details: { [-] addNewOrder: { [+] } login: { [+] }...
View Articlecom.mysql.cj.jdbc.exceptions.MYSQLTimeoutException: Statement cancelled due...
After executing the SQL query am getting Timeout and some time am getting error "no operations allowed after statement closed"
View ArticleHigh Volume in my Reports
Hi All, I am new to Splunk. I have a problem. In my project, we are extracting csv files from database with the help of hive queries and pushing that csv to Splunk. I have done some data ingestion...
View ArticleAnd condition between two different fields in transforms.conf
Hi, I want to filter out Checkpoint events based on two different conditions: 1. It comes from a specific IP XX.XX.XX.XX, I have this information in host metadata field. 2. The action field after...
View ArticleDefault time period 30 days - Security Essentials
Hey Splunker, Good day...Hope you are all doing great Just curious how to change the default time window for any search which is 30 days default to some 24 hrs or something because it doesn't give you...
View ArticleUC_tor_traffic
Hey guys, Is there any way how splunk get this lookup update itself or do we need to manually feed it? if yes what is the way around. Thanks
View ArticleNeed help with line-breaking
Have a feed coming in from App.logs, which I can't get to line-break properly. Props.conf [mq_error_logs] CHARSET=UTF-8 MAX_TIMESTAMP_LOOKAHEAD=30 SHOULD_LINEMERGE=true TIME_PREFIX=^...
View ArticleProblem with the number of search artifacts in the dispatch directory is...
Hello, I have a problem with this alert, {The number of search artifacts in the dispatch directory, is higher than recommender (count=7815 , warning threshold=5000) and could have an impact on search...
View ArticleTypes of Integration in Splunk
Hi, Can anyone help me with different methods of integration to splunk? 1. Universal forwarder method 2. Through Heavy Forwarder 3. Through DB connect 4. WinScp for windows 5. HTTP event collector
View ArticleUsing tokens from search in a lookup
So this might be overly complicated for what I'm trying to accomplish but perhaps you all might be able to assist me. Currently I am attempting to populate a dashboard panel with different searches...
View ArticleHow to use tokens from search in a lookup
So this might be overly complicated for what I'm trying to accomplish but perhaps you all might be able to assist me. Currently I am attempting to populate a dashboard panel with different searches...
View Article