Different color for panel title
Hi there, I would like to create a dashboard having different color titles for its panels, using css.(don't ask why :) Can anyone tell me if this is even possible, as I am getting the following when...
View Articlehow to filter logs using negative look back in splunk?
I have filter applied in transforms.conf as follows [send_to_heavy_forwarder] CAN_OPTIMIZE = True CLEAN_KEYS = True DEFAULT_VALUE = DEST_KEY = _TCP_ROUTING FORMAT = heavy_forwarder KEEP_EMPTY_VALS =...
View ArticleMatching a timestamp from two index events.
Hi guys, I have two indexes with two different types of syslogs. Both logs contain a common field (username) and I would like to be able to pair them up to form a single event/result. Could someone...
View ArticleDownloaded an old snapshot created 485320 seconds ago
As part of the destructive resync that I performed on the 2 members that were out of sync, I saw the below messages on the SH’s after process completion. They have downloaded a snapshot from the...
View ArticleUpdate splunk
Hello, I currently have 7.3.1 installed on my server. However 7.3.1.1 has released and I would like to update so I stop receiving messages. Is this as simple as just running the 7.3.1.1 installer on my...
View ArticleHow to get panel with "Search"?
How to get this dashboard (red border selected) with visualization data and use him in custom dashboard? Thanks ![alt text][1] [1]: /storage/temp/274829-screenshot-1.png
View ArticleTimechart Max
I am new to splunk and I do not understand why this is giving me the same result. There are 3 different site_names I am looking to to get the max latency out of all three. Then when a user chooses a...
View ArticleTracking average completion time of a process in splunk
Below I have sample data from a process that Blue Prism outputs during each event in a process. I am trying to create a time chart that tracks how long it takes each process to run. What I need is some...
View ArticleHow to get time with dashboard?
Hello, I am interested in one question. There is a dashboard over time and it is created according to the example *| timechart*. How can I edit XML or write JS to get the time of the selected event...
View ArticleNeed help with regex to parse the snmp inputs?
hi All, Can someone help me to parse the fields either at indexing or through searches. Splunk detects the default fields as enterprises.48099.1.1.1/enterprises.48099.1.1.2 etc., . but we only need the...
View ArticleHelp with regex to parse the snmp inputs?
Hi All, Can someone help me to parse the fields either at indexing or through searches? Splunk detects the default fields as enterprises.48099.1.1.1/enterprises.48099.1.1.2 etc., . but we only need the...
View Articlefilter logs containing a specific string in username field so that they won't...
I have filter applied in transforms.conf as follows [send_to_heavy_forwarder] CAN_OPTIMIZE = True CLEAN_KEYS = True DEFAULT_VALUE = DEST_KEY = _TCP_ROUTING FORMAT = heavy_forwarder KEEP_EMPTY_VALS =...
View ArticleKafka Connect Log ERROR
I have Kafka Connect and it works perfect. However, there is a log that keeps showing up. The log error below: ERROR event does not follow correct HEC pre-formatted format...
View ArticleDeployment Clients can't check in to Deployment Server
All, I have gone through all the related threads here but I can't find a possible solution to my version of this issue. I have a UF -> Intermediate forwarders -> Splunk Cloud setup. I have about...
View ArticleVMware esxilogs sourcetype vmw-syslog hyphen problem
I'm working on getting VMware logs into Splunk and ran into a problem with the hyphen in the vmw-syslog sourcetype in Splunk_TA_esxilogs. When I remove the hyphen or just use syslog as the sourcetype...
View ArticleSort and list "Interesting Fields"
Is there a way to list the "Interesting Fields" sidebar in query and have it drilldown when clicked on?
View ArticleSeparating Splunk app by permission
Hi Splunk, I have an app in Splunk (Splunk app for Jenkins), however it is used by another team already, all the indexes needed by the app is also used. We dont want to share the data with other teams....
View ArticleSymantec WSS Add-on For Splunk on UF?
this add-on has UI panel for a configuration. Other than that, it seems there are no other reasons why this add-on cannot run on UF with a prepared configuration. Can somebody confirm this? here is a...
View Articlecalculate request count and duration in a single summary index
I'm like to collect two pieces of information from wildfly access logs in a single summary index: the number of average requests per minute by URI **and** avg/mode/max request duration also by URI....
View ArticleDo we need to have RF for all the indexers in cluster
Dear All, We have a cluster environment where we have 7 search heads and 5 indexers and just i was reading and got a doubt that in my 5 indexers do i need to have: 1)RF (replication factor) =5....
View Article