Splunk Memory Crash
Hi Team, A crash is reported to Splunk from **NSFileHandleOperationException** Class and in **SSMemoryInfo inactiveMemory:** Function. Don't know what is the root cause for this one. And couldn't...
View ArticleSplunk Add-on for Windows update version 4.8.4 to 5.0.1
We are going to upgrade the Add-on for Windows from version 4.8.4 tot 5.0.1. while running Splunk 7.0.3 and ES 5.0.1 (these will be next to upgrade) After going through the release notes and the...
View ArticleHow to enable pagination in dashboard with Trellis single values
Hi Splunkers, I have developed a dashboard that contains Single Value results in a Trellis layout. The dashboard is displaying data based on a token that is passed from a different dashboard. All is...
View ArticleUnderstanding forwarding, filtering and license consumption
Hello. I've inherited a 'proof-of-concept' Splunk installation consisting of several linux servers running Splunk Enterprise under a dev license. We've a couple of Indexers, an index master, a...
View ArticleHow can I calculate the max number of concurrent search on IDX?
Hi, Splunker! I have a question about the max number of concurrent searches in indexer cluster and search head cluster environment. Let’s say there are 3 sh and 5 idx nodes. This is the indexer cluster...
View ArticleAdd a dynamic label to show percentage increase from the same month from last...
I need to find a way to show the percentage of increase/decrease inside the label when a certain point of a graph is hovered. For example, I hovered the point in April 2019 and has a value of 1,000,000...
View Articlesplunk time problem
Hello , We have a problem between the time of the splunk and the time of the events cisco probably : We create a real-time alert about changing the status of switches or routers interfaces. Based on...
View ArticlePython Logger registers multiple times, sometimes fail
This issue is related to this...
View ArticleHow to customize default service analyzer in ITSI?
In default analyzer top 50 services/KPI's are loading in home page. I wanted to change it to 5 services/KPI's?
View ArticleBrand new splunk container throws error on startup (RHEL 7.6 + Docker...
Loading a new and unmodified splunk container throws an error and cannot start on RHEL 7.6 The docker image has been pulled from docker.io using "docker pull splunk/splunk:latest" This occurs on RHEL...
View ArticleHow efficiently log files can be handled?
We have spotlight which can write logs to a file. How can we manage log file size in Linux and Windows OS? Need to rotate log files in Linux and Windows without breaking events.
View ArticleProper formatting (identation) of queries in savedsearches.conf stanza causes...
Hi splunkers, I'm convinced that following clean code principles starts with proper indentation. That's why all my Splunk Queries are formatted using CMD + Shift + F after i write them. This gets you...
View ArticleSplunk Exercises
Good Day Team, I'm starting out in Splunk and am so eager to use all these commands I am learning. I am kindly asking if there are some sites out there that I can get source data I can use with...
View ArticleChange color depending on value using javascript with a twist - table column...
Hello all, I have below javascript code that I use to change the color of my table cell: require([ 'underscore', 'jquery', 'splunkjs/mvc', 'splunkjs/mvc/tableview', 'splunkjs/mvc/simplexml/ready!' ],...
View ArticleWhere is there documentation for the "Summarization Period" of Splunk data...
Greetings fellow Splunkers, Our client wants dashboards, reports, and alerts that provide comprehensive statistics in real-time and the ability to quickly view trends over time. Even a five-second load...
View Articleinputlookup with matching events
I have one lookup file. Now I want to see the list of servers that are in the list but not in AV index.
View Articlecomplete Splunk MIgration from 3 different instances to a new instance?
Hi Splunkers, We have to migrate our 3 Splunk instances to a whole different new instance. Since Splunk documentation says copy entire contents of $SPLUNK_HOME$ to the new instance but since we have to...
View ArticleConverting epoch time to a readable format
I'm currently creating a dashboard and need to put the time of an event into a readable format as I currently see a number such as: 1571187604872 The search I am running is: index=BLAH...
View ArticleNeed Help with Line Breaking
Hello, I have the raw data coming to splunk but lines are not breaking and getting multiple events in 1 event without breaking. I tried to write below props but not working. Please do help me. Thanks...
View ArticleIcon for custom app will not appear. I only get the default "App" icon with...
I've been looking at Answers post on this and tried many things but haven't had any luck getting my custom app icons to appear. I have all named correctly and placed in app/static. Here is what I have...
View Article