Stash data going to main index
anyone knows why stash sourcetype for a particular app(demisto in this case) going to index=main? i believe these are notables. I will like to know which .conf file contains this setting and how to...
View ArticleRestrict searches from unowned search head in indexer cluster
We have a 3 node indexer cluster with one search head. We have allowed another team to connect their search head to our cluster so that they can pull certain statistics. Is there a way to restrict what...
View ArticleCustom Commands - Can Streaming Command return more than 1 row per result???
Hello, I'm creating a custom command on splunk (as you can see bellow), my problem is that from one row I want to create two. Is it possible? Just to keep you in the context, what i'm trying to change...
View ArticleWhy isn't the licensing requirement stated in the Splunk Cloud Gateway...
Instead of wasting admin's time in their dev environment, throwing a load of weird page errors and having an utterly broken interface (CSS won't load, etc) why not just state in the documentation that...
View ArticleHandling splunk dashboard token
Hi All, I have a dashboard which contains 2 inputs(both are text fields ).But the user can give the values in both the text fields or he can give only in one of the text fields leaving the other one...
View ArticleTrendline period integer syntax queston (sma | ema | wma)
I am looking through the documentation on Splunk about trendlines and sma | ema | wma. In the documentation, it says you must pick an integer between 2 and 1000:...
View Articlesplunk not recording spanningtree logs
My core switch had several spanning errors this morning, but Splunk did not record them. They are in the switch logs though - I need to know how to make it record those events (really, just record...
View ArticleHow to generate a report based on utilisation of AWS services covering cost &...
Hi I would like some query's or a query combined into one which gives me information about the following point's •Formula for % usage over time for Memory and CPU •Formula for MB/GB/TB used over time...
View ArticleHow to join the same sourcetype - Basically inner join with same sourcetype...
I am using the below query to achieve IN condition in same source. Basically I am achieving how many Order has been confirmed from hold. I got what I need but is there a better way of doing in. In...
View ArticleHttpListener - Socket error from 10.23.132.224:49352: Connection closed by peer
Hi, I am getting this error and after that HEC stops sending the events to Splunk. Also, seeing these errors - ttpListener - Read Timeout communicating with 10.23.132.224:50926, disconnecting Any idea...
View ArticleCloning information and forwarding to another splunk indexer from a splunk...
Issue: I am attempting to get a specific index from an internal splunk setup to an external one without clustering. Thus far I have been lead to believe that using indexandforward is the best option...
View ArticleUse a PostProcessManager within Custom Visualization
So for visualizations in general it seems the visualization gets tied to a 'search' which should provide a necessary amount of data for the visualization to render. For the visualization I have in...
View ArticleMultiple blacklist from different inputs
We are working on moving from Splunk Add-on for Microsoft Windows DNS to Splunk Add-on for Microsoft Windows. We currently have the blacklist for event codes 4662 and 566 setup in the Windows add-on as...
View ArticleEventtype are broken in Splunk 8.0.0
I have several `eventtypes` that are extracted in various apps. This stopped working after I upgraded to `8.0.0` Its not fully gone, f.eks this works fine. index=main eventtype=error But I do not see...
View ArticleMissing fields in the index
Hi, We have dynatrace data onboarded into Splunk though API. we came across this situation. When I ran the search with an index (index=abc)for last 4 hours/24 hours. There are only few fields are...
View Articlesplunk search matching term
When searching and the auto suggestion is bringing up a matching term, is there a keystroke command to select that? Currently I have to click with my mouse
View ArticleSplunk calculate sequential sum for every timestamp
Hello, I would like to create fields (or a field with multiple values) which represents the sum for each timestamp. For example, if I have data like this: 10/23/19 10:37:01.000 AM urlupdateid=6,...
View Articlechange sourcetype for sourcetype not starting with specific word
I want to change the sourcetype for all incoming logs with sourcetypes not starting with abc. I have following setting but it would change it for all the sourcetypes #Transforms.conf on indexer...
View ArticleDashboard validation - validate_all.py Script error
When I run validate_all.py , this scripts validates the splunk_archiver_dashboard.xml. But when I run this script it gives the following **error:...
View ArticleCustomize formatter.html
I am working with using the Custom Visualization approach and have included the formatter.html file to provide a formatter to aid in customizing the visualization instance. I would like to style the...
View Article