How to get monthly list of fired alerts and associated logs that triggered...
My management likes the reports I have created for them, one includes a list of fired/triggered alerts. Now I am asked if I can build a report that lists these same alerts, but also lists the logs...
View ArticleHow to take the perc of each action and display it in a single value panel on...
If I wanted to take the perc of each action and display it in a single value panel on a dashboard, how would I go about doing so? base search | stats count by action | eventstats sum(count) as perc |...
View ArticleHow to search unique values in 2 different indexes, compare them, and...
I've been racking my brain over multi-searches, subsearches, and a few other methods I harvested from Google and Splunk Answers, but so far, I've not been able to find a solution for this. Scenario: I...
View Articlesubsearch results are also in same row
Hi, Please see the image below and i want to get shipcond=NEXTDAY in first column also. How can i get that?.Here SAP_salesorder is common field in both. Please![alt text][1] [1]:...
View ArticleHow to use action.email.reportFileName to remove the automatic timestamp from...
I'm looking for an option to remove the automatic timestamp from the csv output filename attached to emails. According to both the doco...
View ArticleHow to use timechart average of a field from a simple Hostmon URL Check log...
I have recently started indexing a private log generated from a Hostmon URL check. The Hostmon check runs during M-F business hours and returns the following basic log information : [9/8/2016 10:48:55...
View ArticleHow can I get the subsearch results in the same row as the main search?
Hi, Please see the image below. I want to get shipcond=NEXTDAY in the first column also. How can I get that? Here, SAP_salesorder is a common field in both. ![alt text][1] [1]:...
View ArticleHow to modify the Cisco ACI Add-on for Splunk Enterprise to show the number...
I have been using the Cisco ACE Add-on for Splunk Enterprise for some time and I really like it. Now that we are implementing OpenStack, I was hoping to modify it so that it could show the number of...
View ArticleHow to get a single value display to show a value of zero instead of no results?
Hello, How do I get a single value display to show a value of zero instead of no results? I've tried `fillnull` in various spots in my search but I can't seem to get it to work. Thanks
View ArticleHow to fix when Okta SAML authorization succeeds but returns to a Splunk 404...
We configured Splunk Enterprise 6.4.2 for SAML authentication following the [latest documentation][1], and while the basic authentication & authorization succeeds, the SSO process then drops the...
View ArticleITSI Threshold based on trend
I'd like to set a threshold in ITSI based on how a KPI is trending. In this case, count of events trending towards 75,000 events per hour. So let's say it's 15 minutes past the hour and we're at 20,000...
View ArticleHow to run rex commands from CLI mode
I want to run Splunk query from the cmd prompt. It works just fine with basic error search, but when I tried with rex extraction it doesn't recognize the pipe | and rex commands. splunk search...
View ArticleSplunk Forwarder No Longer passing file to enterprise system
Hi All, I'm muddling through Splunk as I go. I'm part of a team working with it but we're all having to feel our way through a little bit blind, but we have made some progress none the less as after a...
View ArticleSplunk index congestion is happening
Hi, I suddenly got this message "skipped indexing of internal audit event will keep dropping events until indexer congestion is remedied. Check disk space and other issues that may cause indexer to...
View ArticleDeploying splunk universal forwarder through tivoli
Hi Guys, We are at a phase where we need to deploy universal forwarder setup through tivoli (TEM) over multiple server. For deploying through tivoli need to create fixlets. Is there any way to get the...
View ArticleSpeed test is not showing download and upload speed and latency
Speed test tab is getting results but not extracting speeds and latency from them
View ArticleWhy my CLI query returns empty field values
My query works from Splunk Web UI and returns field values of `Source` in a `table` form, but it doesn't work from the CLI. Splunk web returns Source ========== stock funds Splunk CLI returns output...
View ArticleDynamic Drill Down on timechart sending full span values, not local to the "bar"
Hi, I'm trying to create a dynamic drilldown, more of a side-drill really. I have a "timechart" bar chart showing a count of "Transcodes" that have started across a 15min span. Each transcode has a...
View Articlewhy does loadjob fail producing the message: Error in...
loadjob returning statusCode=403, description=Forbidden when a user without admin role calls a search artifact created by a user with admin role. This works with 6.3.4. but in 6.3.5 produces the...
View ArticleLogin issue
I am able to login into Splunk web of Deployment server in test environment but unable to login into splunk web of Search head and indexer in the same environment. login credential is same for every...
View Article