Tailreader -0: No data being ingested
Tailreader -0 in test lab no data is being ingested by the system this has occurred without warning. **09-25-2019 21:27:35.262 +1000 WARN TailReader - Could not send data to output queue...
View ArticleSearch for latest case output
My search looks something like this: index=name | eval request=case(X, Y, X, Y, X, Y) | stats latest(request) as Request | table Request Whenever I run this I am getting blank output. I really need to...
View ArticleCannot open the Edit Schedule dialog
I'm using Splunk enterprise and when I go to the Reports tab and click on the report I want to schedule, I don't see the 'edit' option to open the schedule dialog. My settings menu is also empty...
View ArticleIs it possible for timeline visualization to put two fields in the same row?
Hi Y'all, I'm using the timeline visualization to show "start time" and "avg start time" values of the entities inside the JOB_NAME, this search is only showing circle marks that belong to the "start...
View ArticleAbandon Rate
Hi, I am trying to find the abandonment rate for users who started the registration process but didnt complete it within say the 4 hours. I have the following query (part of an overall dashboard with...
View ArticleAverage Duration over time overlay on timechart
I have a time chart that displays the average duration of calls for each day in the time range, the time range is set with a time picker. The call duration is parsed out using the rex command. rex...
View ArticleHow to create average duration over time overlay in timechart
I have a time chart that displays the average duration of calls for each day in the time range, the time range is set with a time picker. The call duration is parsed out using the rex command. rex...
View ArticleBlacklisting is not working
Hi , I am monitoring a file path , i am ingesting the logs also i am blacklisting some folders in the directory which is working and i am trying to add one more blacklisting path but its not working ,...
View ArticleHow to combine mv field values into string
I have a string field that I split into a variable-length multi-value, removed the last value and need to combine it back to a string value. The search below doesn't seem to work e.g.: **url...
View ArticleEfficiently Restricting Time Range For Main Search Only
Hi, I have a couple searches where the main search can be limited a fair amount, lets say the last 2 weeks, but I have a subsearch that requires searching across all time, albeit on a small dataset....
View ArticleSplunk App for AppDynamics,Does the data used by the Splunk app for...
The Splunk Add-on for AppDynamics uses REST API calls to fetch data. Does that data count towards the Splunk license when used within the Splunk App for AppDynamics?,We have Splunk and are standing up...
View ArticleHow to subtract values from same field in subsequent event and with the...
Hi All, I am new to Splunk. please help me here on this requirement. i would like to check if there is any possibility to subtract the values from a same field in subsequent event. For Example i have...
View ArticleProcess AWS VPC Flow Logs before indexing.
Hello, I am sending AWS VPC Flow logs to Splunk using the Splunk App for AWS and and I'm using the SQS based inputs. Since VPC Flow logs are generating a huge amount of data, I'd like to do some...
View ArticleHow to efficiently restrict time range for main search only
Hi, I have a couple searches where the main search can be limited a fair amount, lets say the last 2 weeks, but I have a subsearch that requires searching across all time, albeit on a small dataset....
View ArticleIs it possible to exclude search results with two lookup files?
Hi,all I'm sorry but I use lookup for the first time. Is it possible to exclude search results with two lookup files? Create a host name lookup file. (HOST.csv) Create a lookup file for the service...
View ArticleWARN UserManagerPro - Can't find [distributedSearch] stanza in...
I am getting this message in Splunkd.log on a universal forwarder version 6.5.2. There is no such file called distsearch.conf on the forwarder. Can someone please advise why am I getting this message...
View ArticleSplunk App for Jenkins : Build Analysis and Test Analysis data not showing up...
We are using Splunk Enterprise v 7.2.5.1, installed the Splunk App for Jenkins v.2.0.0. After configuring everything as per following wikis:...
View Articleresults are being truncated in join query
Problem: i have 200000 splunk events from which i only want 15000 events ( like vlookup in excel) Splunk events contain(200000 hosts ) : host version kernel lookuptable contain (15000 hosts): host...
View Articlednslookup limit
HELLO, I install dnslookup app, and with dnslookup command to search, but search result less than without dnslookup, if the dnslookup command has limit?
View ArticleBlockage of Queue
Hello All, Some of the queues are getting blocked in Splunk. Need help to solve it. ![alt text][1] [1]: /storage/temp/274813-test.png
View Article