How to calculate a value from 2 different source
I am pretty new to splunk. It would be great if someone can help me with a search command. I have productId as one of fields in my index data. I added lookup from products.csv which has productId,...
View ArticleCharts over X-days
Good Day Team, I started reading on Splunk today and I have began my exercises. I am stuck on how to generate charts (i.e bar chart, pie chart) over a particular period of time say 30days. e.g Count...
View Articleinputs.conf - blacklist regex performance assistance
Thank you in advance. Looking for some assistance with inputs.conf on Windows Systems. First, we modified inputs.conf located: /opt/apps/splunk/etc/deployment-apps/Splunk_TA_windows/local/inputs.conf...
View Articlesorting names and couting
Hi, new to Splunk I'm trying to sort out names from my logs files as such so far I have added a new filed "names" but it just gives me all the names of the logs mixed up as such: cat_01 mouse10 cat_03...
View ArticleDashboard dropdown only showing 5 values from dynamic query
The below input field only showing 5 values in dropdown and no auto complete box. I can see it try to show all fields initially and at the end of the search it just showing 5 values + default value and...
View ArticleHow do I get the parameter from XML or PDf or CSV file by using Splunk?
How do add xml or pdf or csv file into Splunk and get the value from these file by using Splunk?
View ArticleCustom Email Alert Based On 15 Minutes Search
Hello, I am trying to send custom email alert if there is any SQL Injection has been done on our Websites. `fidelis_get_xps_event` | search tag=initial_compromise | eval Severity=lower(Severity) |...
View Articlesplunk fundamentals 1 learning module 5 lab not counting time spent or...
Currently my Module 5 lab is launching, but not recording the time spent or checking off that I have completed the lab. I had some issues with my Power user login and also somehow managed not to upload...
View ArticleOnly one value from subsearch being used by parent
I would like all the results from a field extraction in search "A" to be used as search criteria in search "B". I am using a subsearch for this, however for some reason only the top result for the...
View ArticleSchedule Search
Hi Splunk Team When I enter a dasborad, the search will start running. So why is there a schedule search. What is the effect of schedule search when I disable it? How do I disable all schedule searches...
View ArticleMatch partial value of 2 fields
Hi All, I have a dashboard that accepts user input for a username to search emails. Im trying to display Recipients address that contain the username as a partial match. EG- the value of SenderAddress...
View ArticleAlert Manager "MongoModificationsTracker Could not load configuration for ....."
Installed Alert Manager on stand-alone Splunk server for testing without any problems. Great app. Replicated the installation process to a single SH and clustered indexers. Created the alerts index on...
View ArticleTimechart values using an eval field
Hello all, I have a search that goes like this: index="_internal" (ticket_type="Incident") (classification="level-1" OR classification="level-2") (ticket_status="Closed" OR ticket_status="Resolved") |...
View ArticleBest practice for distributing sample data for app?
I'm developing a Splunk app that I plan to make available on Splunkbase. The app contains dashboards that visualize data from various proprietary source types. In a test or production environment,...
View ArticleCould not construct lookup
Hi, I'm having an issue with a splunk lookup and I can't work out what the issue is. I have a lookup file, that among other things contains a mac address field and a hostname field mac, nt_host...
View ArticleStand out values in Splunk
Hi, I have an out of the box query in Splunk. I am trying to find out a way using which we can stand out or highlight a value in a table. For example if i use this command | top useragent and suppose...
View Articlepushing data to new csv
I have a csv where there are 5 columns and the number of rows is 1000. I have indexed that csv as continuous monitoring. If a new row is added into the same csv it should be automatically pushed to new...
View ArticleCustom iplocation
We are currently the implication command to external IP addresses and it works great. Is it possible to create a custom iplocation type lookup for sets of internal/corp IP ranges that we define too...
View ArticleProxying issues
Hi, I've installed Splunk Trial on my Windows 10 machine. I require to add a proxy server to access the internet on this machine. Having said this, the Splunk apps section won't load for me with the...
View ArticleMonitor hosts
I would like to monitor 10 hosts on a Splunk server. is that possible? What are the steps to monitor clients or hosts on Splunk server? should i install Universal forwader on all clients? I am confused...
View Article