map of Mexico useding Choropleth Maps
Hi !! It's possible create a map of Mexico whit division politic (divisions of the states) useding Choropleth Maps? Regards.
View ArticleNot getting service now incident data to splunk
I am unable to see the incident logs in service now which are under sourcetype=snow:incident . I am able to see all other sourcetypes like snow:cmdb , snow:em_event , snow:sys_user_list ,snow:problem...
View ArticleHow to add two rows to one?
I have 2 rows with same field name, how do I add the count of 2 rows and display the result in one row. please find the example: **Fruit | A | count** **apple |3 | 3 apple |2 | 2 mango|1 | 1 mango|2...
View ArticleMicrofocus operations orchestration
Hi All, Need to call microfocus operations orchestration rest API as alert action to perform few steps and flow result needs to update on same event in Splunk ITSI. Is there a way to acheive this?
View ArticleSplunk Alert action for ServiceNow back dates incident
We are seeing incidents in service now showing up in the past on the incident view, it appears they get opened in 12 hour time so they are all appearing as AM incident times 12 hours in the past when...
View ArticleData extraction and create new field.
Hey guys, I have a log that contains lot of data but from that I want to extract 'program.exe -switch' from the log and create new field that I can display with table command. I have regex ready and...
View ArticleWhat would intermittently cause less events to return the raw data versus the...
This has been happening every now and then on our instance where we will have users run a search, it says it will return some number of events, let's say 20, but only 2 will actually show below where...
View ArticleMissing events after network disruption
We have a index cluster with 10+ indexers running on Splunk version 6.6.1. Some of the indexed events suddenly went missing after a network disruption (dns outage) for few minutes. There are no error...
View ArticleBetter way to provide counts
Dear All, There are 3 source types and we are pushing data into same index we need to give the count based on each source type. I replied Index= earliest ="-1y" latest ="now" | stats count by...
View ArticleHow to extract 'program.exe -switch' from the log and create new field to...
Hey guys, I have a log that contains a lot of data but from that, I want to extract 'program.exe -switch' from the log and create a new field that I can display with table command. I have regex ready...
View ArticleWhat are better ways to provide counts?
Dear All, There are 3 source types and we are pushing data into same index we need to give the count based on each source type. I replied: Index= earliest ="-1y" latest ="now" | stats count by...
View ArticleDifference bewteen two variable date reports, considering the direction
Hello, I'm trying to create a search that shows what results are missing today - a, compared to yesterday - b. a and b are inputs on a dashbaord so I could also compare 2 weeks ago with today. I can't...
View ArticleNot hashing password in passwords.conf for TA-QualysCloudPlatform
Guys, I just found out the password configured in passwords.conf file has not been hashed. Any resolution to that. I'm using old version - 1.3.4 and i can see the latest version as from now is 1.6.2...
View ArticleWould Splunk stream work in docker container?
Would Splunk stream work in docker container? I see this: ERROR ModularInputs - Unable to initialize modular input "streamfwd" defined in the app "Splunk_TA_stream": Unable to locate suitable script...
View ArticleUpdate indexed data after a monitored file has been changed
Dear friends, with my company besides investigating log-data we are getting ready to roll-out splunk for the Business Team in order to monitor the business. We got some tables which we would like to...
View Articlehow to display a line in a table panel even if there is no results
hi I need that the stats command below display a line with 0 if there is no results How can I do please?? index="xx" sourcetype="yy" key_path="HKLM\\software\\microsoft\\windows nt\\" OR...
View ArticleCount the number of api occurrence in 10 second
I have the following API's, for which I need to count the occurrence of each in every 10 seconds for 1 hour time interval. /api/login/v1/session /api/data/v1/graphql /api/order/v1/orders...
View ArticleInterpreting execution costs on the Job Inspector page: Query update
Could see an old question in 2010 , but just getting confused on the timings/duration vs execution cost I've a search which finishes in `This search has completed in 87.776 seconds` Below is snapshot...
View ArticleDo splunk upgrades ever remove any files?
The upgrade process on linux is basically to unpack the tgz file over the existing splunk home directory. I understand that will add any new file where they need to be, update any file that needs...
View ArticleHow To Group Similar Events into One event
Hi, We have pulled logs from our Anti Virus software into splunk and are in process of trying to filter through what we actually want to track. We want to track all events that relate to sites blocked...
View Article