how to color cells that are not numeric and that are not in a table
Hello I would like to be able to color a cell that is not numeric. I am using a "single value" visualization --> when it's numeric I can color it inside "format visualization" by defining ranges for...
View ArticleSSAS Connector for SCCM - DCM
Hello, Is there a SSAS connector please (olap)? The objective being to connect to the CUBE of SCCM - DCM (System Center Configuration Manager - Desired Configuration Management) who manage data of the...
View ArticleHow do I get Automatic Lookup to handle null value lookups?
My automatic lookup csv file is using say 2 columns; Col1 & Col2. Row entries are 'Success' & 'Failure' in Col1. Col 2 has the value / char '1' & null / no value entry in the opposite...
View ArticleIssue with .RPM package to install splunk enterprise on Linux server
Hi We are trying to deploy and install splunk enterprise edition. We have downloaded .tgz file from the portal. As per the procedure here, we are supposed to create .rpm package of splunk enterprise...
View ArticleFind the date on max value
I have a table below, how can I find the date I have the most income? Thanks. date Income 9/18/2019 20.7651 9/17/2019 20.7656 9/16/2019 20.7539 9/13/2019 20.7661 9/12/2019 20.762 9/11/2019 20.7502...
View ArticleSplunk Standalone indexer adding to SHC
Hi , We have a distributed deployment environment , we have 6 indexers clustered , we have 3 search head clustered , we are adding a standalone new indexer , we are not adding this indexer to the...
View ArticleSearchmanager executes search more than once, resulting in duplicate events
Hi guys, basically the title. I couldn't find a solution here so I created this question. I have a html dashboard with buttons for user input. If a button is pressed one search is started to write data...
View ArticleWhy are alerts not being triggered for all the events when trigger is set to...
I have created a scheduled search of the type: index=_internal | head 100 Now, I have kept the cron schedule, such that this search will execute every 5 minutes. And the trigger mode is "For Each...
View ArticleDisplaying the 'count' data in a column
eCW User Roles|dbxquery connection=eCW_Mobiledoc_Production shortnames=t maxrows=5000000 query="Use mobiledoc_repl select u.region_id, u.uid, u.uname, u.ufname, u.ulname, CASE WHEN u.UserType='1' THEN...
View ArticleTime pulled from log file is sometimes incorrect
Hi, I am new to using Splunk and am currently experimenting on my desktop using a few different add-ons. I have been using the BT HomeHub app, which although doesn't seem to extract the log files from...
View ArticleHelp putting a condition match for a search with three possible results to...
I'm trying to either hide or show two panels depending on a search result from a different panel which will have 3 options. E.g. If the result is "A" I want both panels to show, If "B" then just one...
View ArticleHow to extract latest event for unique account numbers?
Hello, I'm trying to extract some fields for the latest event based on unique account numbers. I've tried using latest(field) but the issue I'm running into is for example: Event date: 9/20/2019...
View Articlejava.sql.SQLException: ORA-00600: internal error code
Splunk Enterprise 7.3.1 What is this error: java.sql.SQLException: ORA-00600: internal error code, arguments: [kks-hash-collision], [131323], [], [], [], [], [], [], [], [], [], [] How to fix it? Thanks
View ArticleOutbound connection Dashboard
Hello, Splunk newbie here. I've been researching this for several days trying several queries and I can't zero in on what I am looking for. I am trying to develop a dashboard that shows the top 20...
View ArticleDBConnect Behavior. Not pulling rows as per fetch size.
All, We are working on setting up a Input for SQL Server. DBX Version is 3.1.4. Table currently contains roughly 2M rows and there is a Auto-increment column(int) that we are using for Rising column....
View Articlehow to know sie in bytes for a multi line log event
We have tons of data coming in a index and we want to see which app is taking more space. Log events are multi line. I tried this but it seems to work for single line event - | eval bytes=len(_raw) |...
View ArticleHow to remove certain values from table column?
I have a extracted a field, which has mutiple values applname = app1, app2 , app3 when i form a table with applname column it lists all the app names. But i need only app2 and app3, Not app1 How do i...
View ArticleUpgarde UF package credential
Hi all, We are trying to upgrade UF package credential in our intermediate forwarders (including HFs). PFB steps which I followed: 1. Login to SH 2. Go to apps --> Universal Forwarder 3....
View ArticleUpgrade UF package credential
Hi all, We are trying to upgrade UF package credential in our intermediate forwarders (including HFs). PFB steps which I followed: 1. Login to SH 2. Go to apps --> Universal Forwarder 3....
View ArticleField extract and zip them.
(product=X Phone , 512 ГБ, золотой,shipMethodCode=E3,qty=1,deliveryType=STH,partNumber=MRU/A,deliveryDate=4 Окт - 11 Окт,commitCode=200,resolvedDate=4 Окт - 11 Окт,product=Phone,...
View Article