Result of two different search
Hello , i have a csv file that contains the list of all existing services, and i have a search already created that gives the active services now, so i need a search that gives me the name of service...
View ArticleHow can I use the rest api to add a webhook action,How can I add a webhook...
I want to use API to configure the webhook action for an alert. It looks like the API docs only cover email configuration.
View Articlehow to install snort app and configuration on the splunk server?
I want to NIDS in splunk server using snort app for splunk but i didnt know about the configuration
View ArticleDiscarding Specific type of traffic either on forwarder or indexer fails
Discarding Specific type of traffic either on forwarder or indexer fails, I tried to discard it using blacklist on forwarder and nullqueue transform on indexer and both failed. here is a log sample Oct...
View ArticleHow to make index-time field extraction work for REST API receiver input?
I have `INDEXED_EXTRACTIONS = json` and `TIMESTAMP_FIELDS = my_timestamp_field` in [my_json_type] stanza. This works when I upload a file and select my_json_type as source type. But when I post the...
View ArticleAdd additional columns in search results based on the field
I've a search query like this: (api=*/getUser) OR (api=/api/v1/addUser component=Comp1) OR (api=/api/v1/addUser component=Comp2) | table api, component But I wanted to add two more columns some thing...
View ArticleHow to calculate the "adjusted mean" or "least square mean" in splunk?
What I currently have, name=EVENT_1 | stats count(metrics.time), median(metrics.time, mean(metrics.time) by name It doesnt look like there is a stats function for "adjusted mean" or "least square...
View ArticleHow to monitor only new data from logfiles
We are trying to monitor a logfile which behaves like a rolling logfile (?). Except, it doesn't create new file but it keeps updating the existing file. A new line will be added above the "-----". And...
View ArticleHow to subtract values from two different fields but successive fields as...
group count SubTotal Desired_Field WEEK1 9 36 36 WEEK2 1 36 27 WEEK3 3 36 26 WEEK4 7 36 23 WEEK5 2 36 16 WEEK6 1 36 14 WEEK7 2 36 13 WEEK8 3 36 11 WEEK9 2 36 8 WEEK10 1 36 6 WEEK11 1 36 5 WEEK12 4 36 1...
View ArticleReturn the default home dashboard - Explore Splunk Enterprise
Hi guys, Yesterday I changed the home dashboard to one I had created. But, I'd like to come back with the standard "Explore Splunk Enterprise" dashboard. Can you help me? Tks! César
View ArticleHow to create a servicenow Event & Incident without installing the plugins ??
I need to integrate the splunk and servicenow without installing the plugin. My Servicenow Admin requesting me to send the below detail to REST API of servicenow event table. And the below detail need...
View ArticleDeployment Server Automatically updating APP from splunk/etc/apps/
Hi We are using the Deployment server installed on the search head to push an APP (Lets say TEST) to the Nodes - this works. [serverClass:Indexer] whitelist.0 = * [serverClass:Indexer:app:TEST]...
View Articlehow to disable particular column to drilldown and other should be enabled to...
I have a 10 column where 7 of the columns pass tokens to the other dashboard but i need to disable other 3 columns which should not refresh/pass the value in the token
View ArticlePeak hour count of most Visited Pages
Hi, I am working on a query to get the peak hour count of of the top 100 visited pages on my website and i want this together in a single table. In simple terms what i want is a table with three...
View ArticleUnable to fetch spirion data
I am trying to integrate Spirion with Splunk but getting below errors: 10-02-2019 15:55:53.539 -0500 ERROR ExecProcessor - message from "python...
View ArticleWhat is the proper way to make user-prefs settings take effect?
I am trying to to default particular roles to particular apps by including default_namespace in a user-prefs file inside the target app. This doesn't work. How do you customize user-prefs and have it...
View ArticleHow to exclude part of JSON before indexing
I want to exclude part of JSON message before indexing. How can I achieve that> Below is a sample JSON. I used SED command in props.conf to exclude the first line and make it only JSON Indexed...
View ArticleIdenitfying Common Value between Two Indexes and Exporting Results with a Mix...
Hi guys, Apologies for the long winded title! I'm struggling to extract a common value from two indexes and get out any meaningful data. I have two products on our network that both include the IP...
View ArticleCSV: Timestamp incorrect, how do I fix?
Hi guys, I have a very simple csv file, with three columns, two of which are 'date' and 'time'. I can not (for love nor money) get the timestamp to be correct. Here is a row from my csv file: *0W4K...
View ArticleWill add-on tested on Splunk Enterprise, work fine on Splunk Cloud as well
We have an add-on which has a modular input. We have tested this addon on a distributed Splunk Enterprise setup. Is it required to test it again on Splunk Cloud to check whether it will work fine or...
View Article