Recommended way to ingest files from remote server into clustered indexers?
We have a clustered search head and indexer environment with 16 indexers and a Deployment server On a remote Windows server we have a PS script that runs a Microsoft API call every hour to pull alerts...
View ArticleMaps+ Cluster sum(field)
I have a dataset that includes the number of people getting on\off a bus and at what lat\lon that occurred. I've got Maps+ showing how many events took place in a cluster, but I would like to display...
View ArticleNon-Padded Milliseconds on Timestamp
Hello.. Splunk 7.0.5, I have a data source as follows, which has 1, 2 or 3 digit values for millisecond. : Tue Oct 08 2019 14:47:33 tid="d83af63f5acd9c510bd440d" object="EnterpriseSalesInformation"...
View ArticleKV Store - audit trail?
We're writing an app that allows users to input some asset lookup data into a KV Store. Occasionally these KV Store records need to be modified or deleted. We're thinking of adding a status field...
View ArticleLicense usage by Host
Hi, I can see the license usage of hosts in my environment by using this query: index=_internal source=*license_usage.log type=Usage | stats sum(b) AS Bytes by h | eval GB = Bytes/1024/1024/1024 |...
View ArticleTime picker is not working in the dashboard since the base search has...
We have a dashboard and wanted to add timepicker into this but it's not working since the following base search has earliest and latest it's hard coded. I'm wondering if we have any other way to add...
View Articleusing geo_countries and geo_us_states in same search
I want to create a chloropleth map of vendors in the US, highlighted by state. but Canada is also a vendor I want to include. Does this mean I must have 2 calls to geom? The first being 'geom...
View ArticleCSV File with multiple sections and headers
I have a CSV file that has a header/title section with some interesting information in it (the run, application version, username, etc). It then has 2 sections of CSV data with the same field names,...
View ArticleGet Saved search name details
How do I get a list of saved searches name, the user who ran it, the last time it ran and the query it ran, and who created the search ? I have looked at a couple of queries like, but can't get the...
View ArticleHow I can extract two diferent events in a single search
Im new in this and I need some help with this for example I need to correlate two events from linux. my first search is "svr-jrs-mat" rhost="*" results: Oct 18 16:48:10 svr-jrs-mat-01 sshd[12160]:...
View ArticleHow to join or search fields from two different indexes with a common field
Hi, I have two indexes basically like this: indexA has field1, field2, field3 indexB has field4, field5, field6 **field1=field4** (both are username) I need a table showing: field1, field2, field5,...
View ArticleSplunk app for infrastructure is not showing entities and im receving events,...
I have Installed Splunk App For Infrastructure and Splunk add-on for infrastructure. I have configured the HEC 8088 and the Receiving Port 9997. I have installed a Linux Client with the script. I made...
View ArticleMicrosoft Office 365 App for Splunk
App Veresion: 2.0.2 Splunk 7.x Installed the Splunk App, configured the Azure/O365 accounts and I'm able to view data from services we're currently subscribed: OneDrive, Teams, Exchange but I'm not...
View ArticleFIELDALIAS from props.conf is not working
Below is my props.conf configuration: [] FIELDALIAS-0_abc = field1 as field2 FIELDALIAS-pqr = field2 as field3 FIELDALIAS-xyz = field2 as field4 Current behavior: - field1 and field2 are coming from...
View ArticleSplunk Add-on for VMware: Fetching inventory successfully but failing to...
Hi All, Facing an issue. Just got Splunk Add-on for VMware installed on my dev environment and not able to fetch data. What happens: 1. Plugged in Splunk user - all validated, green checkmark. 2....
View ArticleSplunk DB connect 3.14: How to resolve MY SQL Communications link failure?
Hi All, I am trying to setup a connection through Splunk DB Connect to MySQL dB. When I trying to create the connection and trying to save the created Connection, I am getting this error....
View ArticleHow can one represent different values for a single extracted field?
This issue comes from the error logs of a login service. When a user scans their badge and attempts to log in with an invalid alias the resulting service exception will contain the following example...
View ArticleHow can I add another field being shown inside the tooltip when hovered...
Need to find a way to code either in XML or JavaScript to add a field from a search inside the tooltip when hovered. ![alt text][1] [1]: /storage/temp/274959-screenshot-27.png Referring to the...
View ArticleBest practice for hinting drilldown actions to dashboard users?
I'm adding various [drilldown actions][1] to Splunk 7.3.0 dashboards. I like the variety of actions that I can define. For example, I've defined some actions that affect the current dashboard by...
View ArticleHow to convert julian date to dd/mm/Y
SVSCPLEX,S0W1,S0W1.DAL-EBIS.IHOST.COM,SYSLOG,zOS-SYSLOG-Console,SYSLOG,-0400,NE,001C,19283 01.21.46.880 -0500,S0W1 ,JOB03487, ,40000000000000000000000000000000,00000090,TESCREAT,00," IEF450I TESCREAT...
View Article