How to convert epoch time to a readable format?
I'm currently creating a dashboard and need to put the time of an event into a readable format as I currently see a number such as: 1571187604872 The search I am running is: index=BLAH...
View ArticleSplunk Alert
I want to create an alert that will email us if we see any traffic that is not from a.b.c.d network communicating with w.x.y.z network (source or destination). I know I'm for sure missing stuff. Thank...
View ArticleDisplay the ratio of the sum of two fields
Hello, My data looks like this: urlupdateid=4, urlid=1, payer=Aetna, EffectiveDate_datetype_correct=T, EffectiveDate_correct=F, total_datetypes_correct=1, total_dates_correct=0, total_datetypes=1 host...
View Articlecan we make our MLTK model to auto learn.
can we make our MLTK model to auto learn. Also if I use " partial_fit " is there any way we can dynamically update my threshold value. for i.e. I am querying data >2000 but business grows and I want...
View ArticleSplunk to syslog with raw files
So here’s my situation: Multiple CentOS boxes running Suricata IDS. Suricata logs events to both: `/opt/log/suricata/eve.json` (basically raw JSON objects) And `/opt/log/suricata/fast.log` (a syslog...
View ArticleSplunk Stream Memory
I have noticed a big spike in Memory with Splunk Stream on one of our SQL Servers. It climbed up to 30GB and caused some performance degradation. this is a 7.3.1 universal forwarded, but splunk stream...
View ArticleHow to parse JSON with multiple array to barchart
hi, i got data like this { "source": "sadmin", "sysinfo": { "ram": [ { "name": "ram", "usage": 1243 }, { "name": "ram0", "usage": 1215 }, { "name": "ram1", "usage": 2151 } ], } } i need to create a...
View ArticleRegular expression by specifying the beggining
Hi all, I have no idea. I have many event like this. /abc_d/efg_h/abcd_ef/1234/ghi_jk/ /abc_d/efg_h/zxcv_vf/56789/sdfg_h/ abc_d/egf_h/dfghh_h/5y865/ghjk_r/ /abc_d/efg_h/ is common. so, I want to do...
View ArticleEvent Correlation for Cloud Monitoring
HI All, Would like to know does Splunk provide some out of the box rules for Clod Monitoring ? If not,did some of you tried that, would be great if you can share the same . Regards, Shweta
View ArticleOptimization / Post-Process Searches
I am running into a concurrent search / disk quota limit with a custom app I have written. The app sits on my ES search head as the data for an investigation is there and the spot most of our analysts...
View ArticleIdeal way to monitor Splunkd services. Is there a way i can be notified(via...
Hi, My Splunkd service in production instance is automatically getting stopped. It has happened couple of times before as well. We don't get to know untill we or clients try logging in. Is there a way...
View ArticleHow to extract a field from raw using rex?
SVSCPLEX,S0W1,S0W1.DAL-EBIS.IHOST.COM,SYSLOG,zOS-SYSLOG-Console,SYSLOG,-0400,NE,001C,19283 01.21.46.880 -0500,S0W1 ,JOB03487, ,40000000000000000000000000000000,00000090,TESCREAT,00," IEF450I TESCREAT...
View ArticleHow to get a record count of a file under some path
How can I get a record count of a particular file under some path where more than one file exist. Ex: host=xxxx /home/xxxx/ there are many files. I need the record count of each file present under...
View ArticleLoad balancing intermediate forwarders
We have intermediate forwarders that receive data from UFs and then forward it to our indexer cluster that consists of 4 indexers, my issue is I see imbalanced data distribution and resource usage, for...
View ArticleHow many indexes should I use?
Hello All, I have some sizing questions and wanted some input from the community. I'm pretty sure the answer, like most, will be "it depends", but I'm looking for some pointers that I feel are outside...
View ArticleSlideshow : Is it possible to change color of the loading screen
Hello, I create a slideshow of 3 differents views. This view use the dark theme option but when the views changing the app display a white loading screen. If I choose the "invert color" option of the...
View ArticleSimple XML - Token inside eval if
Hello, I have an eval if condition in my dashboard for my drilldown: if('category'=="Total", "search ageGroup=*", where ageGroup='group_token') I pass this line of search to a query on another...
View Articletest server for Splunk
I have single instance test environment. How can I move one index data from productio to test environment for testing purpose.
View Articletest server for Splunk
I have single instance test environment. How can I move one index data from productio to test environment for testing purpose.
View ArticleColomn chart colors based on percentage of value
Hi all, I've made a couple of colomn charts to monitor healthy machines. But I would like to give the bars certain colors based on a % of unhealthy machines. I tried to google this but I didn't find...
View Article