What does : | where prediction!="" AND logins!="" do when detecting outliers?
Hi I am using the MLTK. I have a question about the usecase "Detect Numeric Outliers". Specifically line #4. Why is it important when detecting outliers? I have plotted 2 graphs. Graph 1 uses line #4...
View ArticleTransforms to Remove HTML Tags
Hello- I'm importing data from a SQL database that includes HTML tags. Here is an example: NoteText="This is my first sentence. This is bold testSecond Linenew line I'm looking for a way to utilize...
View ArticleBeginner - Connecting Search Head To New Indexer - Distributed Environment
Hi all, Currently, our splunk dev environment consists of a standalone instance that is both our indexer and search head. What I am trying to do is set up a new search head that will connect to our...
View ArticleHow to send search reports to a network share
A previous splunk admin had some daily search reports in PDF format coming from the splunk server (version 6.6.4 running on Windows 2012) being sent to a remote NFS file share on a Linux file server....
View ArticleTime Conversion Issue with now(), 0, last 24 hours, since, etc.
Hello, I'm having a time conversion issue with any earliest or latest time that is not in epoch. Here is my XML code to convert time from epoch to the date/time format I...
View ArticleInternal Error 500 Splunk app setup
When trying to run the setup of an app we get an "Oops, Internal Error 550" message. 2019-10-15 18:44:13,055 ERROR [5da5f75c7c7fc82054ccd0] error:325 - Traceback (most recent call last): File...
View ArticleSplunk SmartStore - Do warm buckets need to roll to frozen?
Recently setup SmartStore with a test index and sending data to S3. It's working perfectly, but I have questions about the warm to frozen and archiving. In the following splunk doc, it says hot buckets...
View ArticleCreate backgrounded search with javascript
All is in the title :-) I often have to launch long time running search. Instead of waiting for results on dashboards, i'll like to create searches with searchmanager js component. Is there any...
View ArticleCreate a Shared alert via REST API
Hello everyone! I had a great doubt about creating alerts using Splunk Rest API. Every of them are shared only for the owner/creator after been created. How can I create a shared alert with my group of...
View ArticleUpdate timepicker on another input change in dashboard
I have a dashboard with 2 inputs fields * a dropdown to choose a lookup file * a timepicker (token=timerange) Is it possible to update the timepicker tokens (earliest and latest) when i update the...
View ArticleDetect installed Firefox extensions
Hello, I wanted to reach out to the community to see how users are detecting Firefox extensions that users are installing on their computers. My goal is to be able to have this data in Splunk allowing...
View ArticleCan i display the search condition that was met
If i have a single alert search with multiple conditions that looks something like this: index=X condition1 OR condition2 OR (condition3 AND subcondition1) OR condition4 OR condition5 OR (condition6...
View ArticleStreamable command can return more than one row?
Hello, I'm creating a custom command on splunk (as you can see bellow), my problem is that from one row I want to create two. Is it possible? Just to keep you in the context, what i'm trying to change...
View ArticleHow to ignore case and remove characters?
I occasionally use Splunk as part of my job to research issues, but am very much a novice. The query below charts the stored procedures and maps their average run times (and it works). index=X...
View ArticleSplunk EventGen not working on Windows 10
Good Day Team, Did anyone manage to get splunk eventgen working on windows 10? I have been struggling to get it working on my windows 10 PC using splunk v7.3.2. I want to GIT but didnt get much that I...
View ArticleRename Columns not Fields
Hello, Is it possible to rename a table column without renaming the field? I have several child dashboards that I drill down to from a parent dashboard. In the parent dashboard I want to rename the...
View ArticleNeed to limit iis logs to 4xx and 5xx statuses in universal forwarder
I am trying to limit the input of iis logs to only 4xx and 5xx vaqlues in the sc_status field. In the etc\system\local directory I have created an inputs.conf, props.conf. and transforms.conf files...
View ArticleHow to connect search head to new indexer in a distributed environment...
Hi all, Currently, our Splunk dev environment consists of a standalone instance that is both our indexer and search head. What I am trying to do is set up a new search head that will connect to our...
View ArticleSplunk SmartStore: Do warm buckets need to roll to frozen?
Recently setup SmartStore with a test index and sending data to S3. It's working perfectly, but I have questions about the warm to frozen and archiving. In the following splunk doc, it says hot buckets...
View ArticleHow to create backgrounded search with javascript?
All is in the title :-) I often have to launch long time running search. Instead of waiting for results on dashboards, I'd like to create searches with the searchmanager js component. Are there any...
View Article