Merge rows in one
I have data of the kind Name Parameter1 Parameter2 Parameter3 A 1 A 2 3 B 3 B 2 I want to get the result as shown below Name Parameter1 Parameter2 Parameter3 A 1 2 3 B 2 3 Thanks
View ArticleSplunk showing 2 different times
Hello! in the process of checking time on our Splunk server, I came up with some puzzling results. If I do a search query on my search head, I get this result: 2019-10-01T08:16:00-0400 Query is: * |...
View ArticleMonitoring Cisco devices
Using kiwi syslog to send data to Splunk, how do I monitor/create alert for admins logon/off from networking/GNIE Cisco equipment (router, switches, etc)? How to monitor Cisco equipment software...
View ArticleDew Point Calculation
I am trying to produce or calculate the Dew Point in Celsius of data in two separate indexes. I believe the offcial Dew point formula is Td = T - ((100 - RH)/5.) I want to basically use this formula to...
View ArticleDashboards - Event Highlighting/Acknowledging
Greetings, I am currently trying to implement a certain solution by sending logs from an analytics system over to Splunk for visualisation purposes. I have, however, currently hit a roadblock of sorts...
View Articlereplace number with letter grade in dashboard
I have created a dashboard that shows a single number based on the vulnerabilities in a group of devices. I'm wondering if there is a way to use something like an if/else statement in Splunk based on...
View ArticleReplicate Bash Script Generated Lookup Across Search Head Cluster
Hi folks, I am using a bash script to download data to populate a CSV that I'd like to use as a lookup in Splunk. So far I have created the empty lookup on our deployer, which has successfully pushed...
View ArticleIs there a way to use drilldowns to show one dashboard and hide the other?
We have a simple diagram setup search head, indexer heavy forwarder. When I click on indexer I would like to unset a token that the current dashboards depends on. And then set another dashboard so it...
View ArticlePerfmon: Unable to get data from index search
Hi, I want to get the CPU Usage of windows host - CPU Usage, so trying to get the CPU Usage using counters = % Processor Time; from below inputs.conf Inputs.conf: [perfmon://Host Process] _TCP_ROUTING...
View ArticleIs it possible to replace a number with letter grade in dashboard?
I have created a dashboard that shows a single number based on the vulnerabilities in a group of devices. I'm wondering if there is a way to use something like an if/else statement in Splunk based on...
View ArticleIs it possible to replicate bash script generated lookup across search head...
Hi folks, I am using a bash script to download data to populate a CSV that I'd like to use as a lookup in Splunk. So far I have created the empty lookup on our deployer, which has successfully pushed...
View ArticleSkylight app for Splunk - Rename syntax error?
Hello Splunkers, I am getting an error on the built in dashboards for the Skylight app. The error is "Error in 'rename' command: Usage: rename [old_name AS/TO/-> new_name]+." But the syntax is...
View ArticleHow do I see all logs in a 1 minute time frame?
I need to see all the logs at 9:12AM. Splunk is only showing me 1000 results. I need to see all the logs at 9:12AM there's nothing further I can filter. How do I do this? Why can't I see all my results...
View ArticlePagnation not working properly and showing on wrong part of screen.
I don't see the scroll bar at the bottom of the page. I have to move my cursor from the bottom of the page to the top each time I want to change the page. Additionally the "dots" in the pagination,...
View ArticleMariaDB splunk db connect configuration
good morning Sorry if this topic has been discussed in previous posts, but I have looked for a solution to create this connection and it has not worked for me. I have done the following: 1-...
View ArticleHow to pass earliest parameters to a macro in a map section ?
Hello everyone, I'm stuck since many days trying to understand what is preventing Splunk from passing arguments to the macro within the map section. I have tried many combinations unsuccessfully and...
View ArticleHow to pass earliest parameters to a macro from a map section ?
Hello everyone, I'm stuck since many days trying to understand what is preventing Splunk from passing arguments to the macro within the map section. I have tried many combinations unsuccessfully and...
View ArticleIs the "configuration bundle" only for clusters.?
Hi Is the configuration bundle only for clusters? If so what do you do for non-clustered to give all your indexers APP updates ? I have one SH and 4 indexers, I want to log into the SH and update the...
View ArticleHow to create different tokens from three different result fields depending...
I would like to create a token from result fields for meeting dates in different seasons (Autumn, Winter, and Summer). I've created an if function where if the date is more than 30 days from the today,...
View ArticleDefault Credentials on Splunk Trial License
First time signing into my trial license and it says "If you installed this instance, use the username and password you created at installation". I did not create any credentials upon installation. I...
View Article