Splunk server uptime - missing Splunk server details
Hi all, I am running the below query, I get responses from some of my Splunk servers but not all ? | rest /services/server/info | eval LastStartupTime=strftime(startup_time, "%Y/%m/%d %H:%M:%S") | eval...
View ArticleDiscrepany in "Count"
My requirement is to detect login attempts by a disabled user. Typically this could be found using eventcode 4768 and result code 0x12. I wanted to enhance this to look specifically for a user that has...
View Articlesearch down sevices
Hi , I have a list of services in my oracle server , i want to control the status of this services (Services Up and Services Down) I create an alerte to give me the liste of the active services (...
View ArticleEventtype errors using splunk app for windows infrastructure
How do I resolve splunk app for windows infrastructure event types errors in a distributed environment? They are all enabled but not producing and results. Eventtype 'perfmon_windows' does not exist or...
View ArticleNot receiving all files present in the directory?
I am monitoring files present in the path F:\ftproot\ControlMonitorReports\Admin\EOR_DB2_Monitor_Logs\ Below is my input.conf...
View ArticleSplunk windows TA flow chart
Can some one draw a flowchart or work flow of TA works in splunk ? Need to know If Addon installed in HF/UF , indexer , SH what config files are being used and flow of each components . Eg : if Tags in...
View ArticleSparkline after Join Command Problem
Hello Fellow Splunkers, I have been trying the following query to pull the ES notified hosts and bring a sparkline of the host's log counts to reduce the amount of false positives on the "Event logging...
View ArticleTransposing a table with _time as header and grouping the results
Hello all, I currently have a search that produces the following output: ![alt text][1] This is the result of multiple append and join columns. I would like to transpose the table to this: ![alt...
View Articlenot able to send data using HttpEventCollector by .net core app
class Program { static void Main(string[] args) { EnableSelfSignedCertificates(); TraceListenerExample(); } private static void TraceListenerExample() { // Replace with your HEC token string token =...
View Articleno "cluster master" in splunk recomandations !
Hi We are sizing a splunk infrastructure and i was looking at this page : [**Summary of performance recommendations**][1]...
View ArticleCorrelate data name to text line // Lookup maybe ?
Hello, i have the following problem. When i start my bukkit server (Minecraft) and join with a Player, the server will write i a log file with following text: [12:56:48] [User Authenticator #1/INFO]:...
View ArticleFeature request: enhance mapping.choropleth functionality?
Currently, choropleth maps have an annoying feature where if you're using sequential coloring of geometries, the minimum color is always white (0xFFFFFF) and whatever is specified in the source for...
View ArticleCan write_splunk collectd plugin be configured to send to multiple UDP ports?
I'd like to leverage collectd to gather not just metrics for SAI but also statsd data from custom apps. I'm using the write_splunk plugin to write SAI metrics using a UF UDP port. The problem comes in...
View ArticleSplunk Fundamentals 1 Lab 5 In the search bar, type the search: error OR fail*
In the Splunk Fundamentals 1 class Lab 5 it states "In the search bar, type the search: error OR fail* ". I have the time set to All Time The search is supposed to show hosts, login errors or fails....
View ArticleIs there a maximum time frame for cold and frozen buckets?
I've searched through the docs to find out if there is a max setting in splunk for the bucket retention policy and I have not come across anywhere that says a max time frame you can set within the...
View ArticleNeed a Help with Query
I have the data for users.. in some index=abc and users list as well. Ingesting that data every week into my splunk Want to create report that newly added users this week by comparing with the last...
View ArticleJSON line breaking
I am trying to break one big json event into several events, eventually 1080, but in the example below there would be 5 events I know I need to create a props.conf This is what I have so far, but it is...
View Articlehow to get aggregate total of 3 months of response times in chart
I've created a search to chart average response times of each application over the past 3 months. How would I get the aggregate total of each month per application? my search COMPANY="FOO" PORT="*" |...
View ArticleProblem changing cell color in dashboard
Using Splunk Enterprise v7.2.1 I'm creating a dashboard and want to change the colors of some of my cells based on the field value. I'm having a very hard time getting this to work as expected. What...
View ArticleNeed a Help with Query for Report
Hello, I have user data which is ingesting every week on Saturday in to Splunk. I have 3000 Events on 5th Oct and 3150 Events on 12th Oct. i.e, 150 new users created in last one week. And I have the...
View Article