custom time range to sub search
Hi, I want to run a search for a selected time range, and also want to do a sub search for the same duration in the previous interval. For example if user selects the last 60 mins as time range, then i...
View ArticleCan we make a search id persistent
Dear Team, We want to make a search id persistent in splunk can we do that? by using the search id we want to run the search job and get the results. We can do that via savedseach name but can we do...
View ArticleHow do we override "jenkins_statistics" in Splunk App for Jenkins dashboard's...
Hi Splunk, My Splunk version is Splunk Enterprise 7.1.0, and Splunk App For Jenkins 2.0.2 The dashboards in the Splunk app is using "jenkins_statistics" in the query. How do we customize this to use...
View ArticleSplunk Architect certification discount for partners.
I am working with organisation having 1TB/day license. Will I get discount on Architect certification?
View ArticleHow do I alert when cpu usage is more than 80% since 15 or more minutes
Hi, I want to alert when cpu usage percentage is more than 90% since 15 or more minutes. Or we can say ,alert after 3 iterations of same having usage more than 80% I am trying this, index="idx2"...
View ArticleAdding field from one search to another
Hello All on Splunk Answer. I have following very simple search: ****index=*proxy* domain="somedomain.com" | stats values(url) values(action) values(respcode) count by src_ip**** In events from proxy I...
View ArticleHow do I alert when cpu usage is more than 90% since 15 or more minutes
Hi, I want to alert when cpu usage percentage is more than 90% since 15 or more minutes. Or we can say ,alert after 3 iterations of same having usage more than 80% I am trying this, index="idx2"...
View ArticleTrying to 'join' two data sets, but neither left join or inner join are suitable
Hi everyone, I've tried to answer this myself but no luck. I fear it might be so simple i'm overlooking it. I'm comfortable with left & inner join, however i'm trying to 'join' two data sets that...
View ArticleUnable to search for logs from console
Somehow i have not got logs from universal forwarder servers since Sep 11, How to find out the reason ? ![alt text][1] [1]: /storage/temp/274793-screenshot.jpg
View Articlehow to integrate with splunk and alienvault ?
AlienVault Ossim App by A3SEC i just install the app and follow the document but i didnt get the dashboard same as alien vault to splunk what can i do?
View ArticleGetting Splunk universal forwarder GUID from cmd
Good morning all, Does anyone know how to get the splunk universal forwarder GUID from cmd on a windows 10 machine? Many thanks Rob
View ArticleSelect only some fields from csv to index
Hi all, I'm in enviroment so configured: 1 uf, 1 hf, 4 indexers, 1 search head, 1 master cluster. I've to index a large CSV, read from the universal forwarder, which forwards data to the HF which pass...
View Articlepdf export truncating table columns
hi smart pdf exporter is truncating the table columns i have two tables one with 6 columns and 7 columns any suggestions i have tried including the below options in the source code but still not...
View ArticleDateParserVerbose - Accepted time format has changed ,possibly indicating a...
ARN DateParserVerbose - Accepted time format has changed ((?i)(?
View ArticleImpossible to define fields in transforms.conf.
Hi, I have simple tab delimited text file. 1 05:45:12 first message 97 1 05:52:15 second message 110 1 05:52:46 third message 97 1 05:53:09 fourth message 110 I want to index it with header definined...
View ArticleExtract from multiline events using regular expressions with variables.
Hi, I have a rather large multiline event which I am trying to extract data from. The problem is that the format is along the lines of: key0 = "bob" key1 = "foo" key2 = "bar" bob = blah $value0 blah...
View ArticleScripted input not working
[script://$SPLUNK_HOME/etc/apps/serial_numbers/bin/test.sh] disabled = false host = PoC_test index = snmp interval = 60.0 sourcetype = serial_custom source = PoC_test when my script contains folowing,...
View ArticleReusing a field regex in multiple alerts
We have a large number of alerts which extract data from nginx logs and ping under certain conditions. In each of these alerts we do an identical field regular expression extraction to break the log...
View ArticleWhich Role allows for REST API KV Store Updates?
I have a dashboard linked to a JavaScript file which allows users to click a button that will pass updates to the KV Store. Therefore, I need to know the minimum amount of access I need to give to...
View ArticleWhich role allows for REST API KV Store Updates?
I have a dashboard linked to a JavaScript file which allows users to click a button that will pass updates to the KV Store. Therefore, I need to know the minimum amount of access I need to give to...
View Article