Rerun Search Depend upon Alert results
I configured email alerts to trigger if my results are zero. Depend upon alert, I need to run the search once again after few hours to verify if they were any results were written. If so, those results...
View ArticleHow To Run Python On App Install
I want to run some authenticated Python code when an app installs, to kick off an action. What's the best way to do that?
View ArticleTimestamp error: “Failed to parse timestamp. Defaulting to file modtime.
I want to monitor WindowsUpdate.log on windows PC, after selecting the data source, I got a flagged message saying “Failed to parse timestamp. Defaulting to file modtime. How can I resolve this error?...
View ArticleUnable to connect Splunk HEC using https
Hi I'm trying to push logs to Splunk using Splunk HTTP appender in Log4j. If I disable SSL in HTTP event Collector Global Settings, I can push the logs to Splunk successfully whereas if I enable SSL, I...
View ArticleSearch Head Performance verification for high load of users
We have a dashboard with 12 Panels from different sources, and each panel is powered by summary index. As of now, the dashboard takes approx. 17 secs to load all the panels. Actually, we have to roll...
View Article"Search auto-canceled" error during search query , what is solution?
Good day I configured Splunk to receive Cisco ASA firewall log on udp 5141 port and installed ASA add-on for parsing logs with "Cisco.ASA" source type. It's necessary to say you, i received...
View ArticleCalculate state based on values from many searches
I'm using a dashboard to display the state of some services. For this purpose, I must takes single values from many searches to obtain a final value, like value = valu1 * value2 * value3 ... valuen The...
View Articlecustom generating command 'Command xxx appears to be statically configured...
I am attempting to use custom generating command protocol version 2, but my command seems to be detected as version 1 still. commands.conf: > [datascrape] filename = xxx.py> chunked = true...
View ArticleSplunk GUI User Audit needed for LogIn and LogOut
Hi, I have a need for auditing Splunk GUI Users for auditing. Our configuration is with LDAP and SSO. Therefore, _audit and _internal indexes won't work so I am using below REST unless advised...
View ArticleSearch _internal for metrics from non-indexer instances
Hi, I need to perform a search on forwarder data from the `_internal` index, but I need to exclude my indexers from that search. I know I can get the indexers list by many ways, for example:...
View ArticleSparklines very narrow - but not for all time periods
Hi there, Any ideas why sparklines would be so short/narrow? I'm seeing that for shorter time windows - e.g. less than 4 days - the sparkline shows as expected. But once I extend it to a longer window...
View ArticleAlternative for join.
index=core a=BuilderService AND "decision.received" "Overrides" NOT "ItemOverrides=()" NOT commitCode=null | rename Orderid as data.Orderid | join data. Orderid [ search index=transaction...
View ArticleHow to download lookup file from an App or statistics from splunk using JAVA...
How to download lookup file from an App or statistics from splunk using JAVA REST API or Python
View ArticleTime difference by grouping identical events
Suppose I have the following events. ---------- 2019-09-20 01:40:09 INFO Listener processing event with message key A1:B1:C1 2019-09-20 01:40:06 INFO Listener processing event with message key A1:B1:C1...
View ArticleCalculate time difference between two identical events
I have the following events ---------- 2019-09-20 01:39:25 INFO Listener processing event with message metal:AUD:ADJ 2019-09-19 23:58:27 INFO Listener processing event with message metal:USD:ADJ...
View ArticleMonitor the count of columns generated by solutionType=* | splunk reports
I would like to track count of the all the below splunk search query columns. if any "solutionType" is appended or deleted I expect alert. index=index1 | search solutionType=* | timechart count by...
View ArticleTimechart not displaying for some selections despite having results. It's...
I have a timechart dependent on a dropdown at the top of the dashboard that selects the customer to show the results for. One customer makes the timechart go invisible when they are selected but when I...
View ArticleView percentage with count
Hi all, I'm pretty new to Splunk and I'm trying out different things to challange myself. I completed the fundementals 1 course and started testing on some Linux systems. I'm trying to find unhealthy...
View ArticleProblem with Django in 6.6.3
Hello! I'm trying to develop a Django app in a 6.6.3 environment. I had created the app with the splunkdj command, and after that I can access without a problem to the new app. In the view.py file I...
View Articlehow to change confi parameter ie minFreeSpace in container splunk ansible...
Generally for server based configurations changes for server such as minFreeSpace can be done in /opt/splunk/etc/system/local/server.conf. How to do this 1 simple change when it is built by ansible and...
View Article