How to create a shared alert via REST API
Hello everyone! I had a great doubt about creating alerts using Splunk Rest API. Every of them are shared only for the owner/creator after been created. How can I create a shared alert with my group of...
View ArticleHow to update timepicker on another input change in dashboard
I have a dashboard with 2 inputs fields * a dropdown to choose a lookup file * a timepicker (token=timerange) Is it possible to update the timepicker tokens (earliest and latest) when i update the...
View ArticleIs it possible to display the search condition that was met?
If I have a single alert search with multiple conditions that looks something like this: index=X condition1 OR condition2 OR (condition3 AND subcondition1) OR condition4 OR condition5 OR (condition6...
View ArticleHow to display percentage of total events that have a field value greater...
I have a dashboard and want to add a single value panel that shows the number of events with a value for "time_taken" > 10000ms, as a percentage of a total number of events in the selected time...
View ArticleHow to track memory dumps in sql server?
Hi all, I'm a beginner and I am wondering if anyone who uses Splunk to monitor SQL server has successfully set up tracking for memory dumps. As you may know, when a memory dump occurs in SQL Server, a...
View ArticleIs there any reason to keep the KVstore on?
All, - Is there any reason I should keep the KVstore on if I am not using it? - Can anyone link me ot how the kvstore works in a distributed env? thanks -Daniel
View ArticleHow to ignore writing a repeat message to splunkd.log
Is there a method to ignore/exclude logging in splunkd.log for a particular event (similar to the nullQueue redirect for normal events in props/transforms.conf)? A 3rd-party tool sends its syslog...
View ArticleHow to get elements by class using mvc.Components.
I'm coding dashboard and I'm trying to have js and css which are working fine with single table id, but I want to use the same styles for all tables which have the same class. I do not want to use...
View ArticleSHC - failed on handle async replicate request
I have noticed something odd in a SHC deployment. Im consistently seeing "SHCMasterArtifactHandler - failed on handle async replicate request" errors, these report to be caused by the reason "active...
View ArticlePredict query using OTHER with a conditional statement - HELP
I have a dynamic dashboard timechart that is being fed by user inputs that is having trouble working with my predict query. I currently have something close to 1500 hosts to accomodate and am only...
View Articlehelp on transpose command in a pie chart
Hi I used a Transpose command at th end of a search in order to display a pie chart It works but I need to retrieve the fields SITE there is in table pipe because I use a dropdown list in order to be...
View ArticleForwarder Resend Data After Connect To Indexer
Hi, Splunkers: I have a forwarder that is target to a incorrect indexer and it was paused to send data for 3700s. Now I have configured to a correct indexer URI and how can I make the forwarder...
View ArticleHow to change the row value to column value ?
I have the following query host=*localTest* sourcetype="perf" Path "/api/*/" cache="MISS" OR cache="HIT" | stats count by Path,cache And the output of the above query is...
View ArticleHow to get results only from latest source file of particular sourcetype
HI, I got an index which send data to sourcetype with new source file every week. what I want is to my dashboard search query only return events from the latest source file. For example , my index is -...
View ArticleWhen I try to open a app iam getting Page not found error
I have a .spl file which i have packaged in admin login. I try to install this spl file in localhost. When I try to open the app Iam getting page not found 404 error. How to solve this?
View ArticleHF and deployment server
Dear All, We are adding one HF more HF to our system and planning to build Deployment server as well. So we have 3 HF and 1 deployment server. HF may further increase in coming days. Do i need to keep...
View Articlehow to add Sourcetype Cli command
hi i would like add some sourcetype. Adding thoungh Web Browser is easy, just click create sourcetype button and not need splunk restart I found a cli command to add a sourcetype, but I couldn't find...
View ArticleSplunk HEC: Python post requests fails with 401 Unauthorized client error...
I have created a python script to post json data to Splunk: splunk_ep = 'https://xxx:8088/services/collector/event' SPLUNK_TOKEN = os.getenv('SPLUNK_TOKEN') auth_header = {'Authorization':...
View ArticleJSON Parse error while uploading .kmz - 7.2.0
Having some issues trying to upload a .kmz file.. It's working fine on the 7.3.1 sandbox I have myself, but trying to add it to a 'proper' server running 7.2.0 (to which I have power user access, but...
View ArticleHow to forward logs from syslog server to splunk so that it is recognizable...
eg. I have many logs forwarded to the syslog server. I intend to install a universal forwarder on that syslog server to forward to splunk. However once forwarded to Splunk, what will be the sourcetype?...
View Article