Lookup values not shown on result table
Hello all, I am searching in Splunk for the last login date of a User and export it into a table: ... | eval date=strftime(_time,"%F") | stats latest(date) by U | table U, latest(date) Now I have a...
View ArticleSplunk 7.x Fundamentals Part 2 (IOD) vs. Splunk 7.3 Fundamentals Part 2
What is the difference between **Splunk 7.x Fundamentals Part 2 (IOD)** and **Splunk 7.3 Fundamentals Part 2**? I want to pursue the Splunk Enterprise Certified Admin Certification . . . but not sure...
View ArticleInputlookup csv file contains multiple occurences of a field, but query...
My inputlookup csv is in this format: YEAR, SiteID, earliest_date, latest_date, EVENT_ID 2019, AB111, 1560988800, 1562112000, ABSE00350 2019, AB111, 1562198400, 1563321600, ABSE00351 2019, AB111,...
View Articlealert in datamodel
Hi Splunk Team I see this message on my entire datamodel, how can I fix it? "This object has no explicit index constraint. Consider adding one for better performance." How can fix it Thanks
View ArticleEvents in Index are Getting Duplicated Even Though They're Exactly The Same
I've been reading around the docs and other questions, and from what I can tell, Splunk is supposed to be taking an MD5 hash of every event going on, and if an incoming event matches an already...
View Articleaccess issues for Microsoft Graph Security API Add-On for Splunk
Hi Guys, I have installed Microsoft Graph Security API Add-On for Splunk in Splunk Enterprise and as an admin i have all the access to the app. I tried to give the write access for one of the...
View ArticleHow to combine multiple field values to create single field name in eval...
Hi, I'm trying to combine the values of multiple fields to together form a single field name in an eval if statement. Something like the example below. Is that in any way possible? Thanks for your...
View Articlelookup csv file contains multiple occurrences of items in some fields. Need...
lookup csv format where EVENT_ID can have multiple SiteID fields and SiteID can have multiple EVENT_IDs. Only SiteID is a field in the splunk index. YEAR, SiteID, earliest_date, latest_date, EVENT_ID...
View ArticleHow to compare multiple values of a field with the corresponding values of...
I want to check for list of applications installed and its versions from all the PCs in my environment. If all the list of applications and the expected versions are present in the PC, I want to tag it...
View Articlemigrating from single server to indexer cluster with replicated data
i know this has been asked before, such as https://answers.splunk.com/answers/432048/is-there-a-way-to-migrate-indexed-data-from-a-lega.html - but looking for clarification on replication and search...
View ArticleCompare two sources with multiple value
Hi folks, Hi have a case needing to compare 2 sources with CSV type Source 1 has fields as below: start_time_s1, end_time_s1, source_ip_s1, account Source 2 has fileds as below: start_time_s2,...
View Articlei18n_register error
Hi, I try to drilldown from table cell to specific html page which saved in my Splunk server. When the page is loaded, I can see there are errors for each one of my JS files: Uncaught ReferenceError:...
View ArticleDeployment Server Performance Reference
Hi, Splunkers: About a week ago, a customer asked me that is there a reference for deployment server which has 1200+ client? They have the high speed LAN but not sure about CPU and Memory should...
View Articledbconnect JTDS timezone changes
Hi, I am ingesting data into Splunk using Dbconnect 3.X version JTDS driver. My database field format is : Date with UTC timezone. I wanted to have data ingested into Splunk using Local timezone....
View ArticleCSV empty quoted field extraction problem
Hi there, I have the next CSV file: "CLM_TIMESTAMP","CLM_DATE","CLM_NUMBER" "1569301200","24/09/2019 00:00:00","389721519283162" "1569301400","24/09/2019 00:00:00","" "1569301600","24/09/2019...
View Articleissue with VMSTAT data coming from OS logs
Hi All, Can you please help me to extract the fields and related data from vmstat logs which are coming into splunk,Below the logs lines: memTotalMB memFreeMB memUsedMB memFreePct memUsedPct pgPageOut...
View ArticleVMware performance collection without Splunk for VMware App
I am interested in collecting performance metrics from my VCSA but cannot pay for the Splunk App for VMware. Is there a way tom simply collect using Splunk Add ON/ Splunk OVA etc and send to my indexer...
View Articlesplunk 6.5 windows dashboard best practises
Hi Guys , is there a best practise guide for general CPU , Network and Memory reports for windows servers that be viewed as a readable dashboard for management have splunk enterprise 6.5 , am gathering...
View ArticleIs it possible to split lines and re-use certain fields?
I have thise event: ID=FAKE_ID_NAME,TS=1570441680,F1=1380,F2=60,F3=60,F4=1500 For my analysis it would be very usefull to get every field to a new line except ID and TS, so the desired output is:...
View Articlecombining two searches in one timechart
Hi All, I have two searches which shows usage of queues over time on time-chart. When i run each of then separately it works fine. I would like to combine them to show on 1 visualization time-chart for...
View Article