Convert #B/KB/MB/GB into bytes without a unit?
Hey everyone. Searching around, I see tons of answers related to converting numerical bytes into KB/MB/GB/TB. However, I can't seem to find any answers going in the other direction. We have fields that...
View ArticleHow to create a dashboard from a lookup file that references a Time input field?
I am trying to create a dashboard from a lookup file that has fields: Ticket_ID Open_Date Close_Date Description I am having the hardest time trying to get the Time input field to reference the...
View ArticleHow do I modify my search so that it will show either a Marker Gauge or...
Howdy. So I have two searches, which I have been asked to turn into "easy visualizations" so non-techies can look at it and go "This is bad, open a ticket." Simple index=location |search...
View ArticleWhy does my search peer come up as an error on my search head?
I've added a search head as a search peer and it's come up as "sick" with the following error. Can't seem to find any reference to it here. Error [00800000] Failed 11 out of 11 times. Servername used...
View ArticleHow to parse a XML log file?
Hi I reviewed different questions related to XML, but I haven't found a solution to this. I already know how parse this type of xml where you have a repeated pattern:...
View ArticleHow to write an eval if/then statement to produce a result for a single value...
Hi Everyone, Longtime user of Splunk and come here often to find my answers, but I can't exactly solve the issue I have here. Background of what I'm trying to do: My Dashboard has options for PROD,...
View ArticleWhy am I getting "Error in 'script': Getinfo probe failed" when creating a...
I am trying to create a custom command in Splunk for checking encryption using bcrypt python library. While using, the search error "Error in 'script': Getinfo probe failed for external search command"...
View ArticleWhy is my search head missing in Distributed Management Console (DMC)?
I'm sure this is going to be something simple. I have a small Splunk POC environment consisting of a cluster master, 3 indexers, and 2 search heads. When pulling up the DMC on the master, I see all 3...
View ArticleIs it possible to use id and base in the same search in Simple XML?
Hello, Is there an available post-processing method to use a base search and produce a secondary search id? I'm putting two Gantt charts in one dashboard and it's easiest to just use a base search in...
View ArticleIs there a faster way to test line breaking configurations without updating...
All, I am currently playing with some line breaking. But in order to test it I need to update my crcSalt, and restart Splunk. A little time consuming. Is there a faster way of doing this I am unaware of?
View ArticleWhy am I getting this error message when configuring ActiveMQ to work with...
Hi all, I am relatively new to ActiveMQ and JMS. I have tried reading all the documentation (http://activemq.apache.org/jndi-support.html) and support forums, but I am still unable to figure out what...
View ArticleNMON Performance Monitor for Unix and Linux Systems: Why am I getting a...
We keep getting this error message from each one of our search heads, I fixed the permissions on each search head and am still getting errors. Any suggestions? -rwxrwxrwx. 1 root root 2648 Sep 12 08:53...
View ArticleHow to assign a common index name for all splunktcp inputs?
Can you please tell us, how to assign a common index name for all splunktcp inputs at indexer side? Trying but this seems to be not working if some of the source doesn't have path or less a than 3...
View ArticleWhy isn't my search sorting events chronologically by month?
I'm executing the following search to generate a report with columns sorted chronologically by month: ( ... ) | eval month_num = strftime( _time ,"%m" ) | stats count by date_month | sort - month_num...
View ArticleHow to build a timechart from a specific field and convert it from UTC to PST?
Hello Splunk Masters, The search query I have built out works great, but due to the amount of requests hitting us, Splunk can get backed up and post a bunch of logs all at once which causes a...
View ArticleIs there a way that I can construct a search that will pass a list of values...
Hello, I have a custom command from an app where I can do a search like `sourcetype=mysourcetype | customcommand ioc=1.1.1.1` If I try to do something like `sourcetype=mysourcetype | dedup src_ip |...
View ArticleWhy am not receiving any data using DUO Log Add-on for Splunk and Splunk 6.4.3?
I installed the DUO Log Add-on for Splunk on one of my search heads, configured the local input with the API Host, both keys and selected all three logs to be extracted and set the collection interval...
View ArticleWhy am I getting "Invalid key in stanza" errors trying to configure the...
Hi, I'm following the doc for configuring Splunk Add-on for Microsoft Cloud Services (http://docs.splunk.com/Documentation/AddOns/released/MSCloudServices/Configureaccount ), and using config files,...
View ArticleWhy am I getting strange results with the fillnull command when I input a...
I have a search that looks like: multisearch [search a] [search b] | table field1, field2, field3 | fillnull value="N/A" | outputlookup lookup_table | tscollect namespace="Foo" When I input the lookup...
View ArticleHow to configure HTTP Event Collector (HEC) with _TCP_ROUTING to forward data...
I am trying to forward http input to specific to outputs group with _TCP_ROUTING, but events get forwarded to default outputs group. **inputs.conf** [http://abcd] disabled = 0 _TCP_ROUTING =...
View Article