Show All the Results within the Field
I want to show all the results within the field itself as I do not want it just show the top 10 limits from the list. I would like to see the result that lowest number of results. Is there a command...
View Articleneed to extract multiple values for a field in a custom event
The whole event is coming in as below. Need eventtype to extract "event_type={type}" and size to extract all the values in size {"event_type":"event_type=adsad","size":"128844"}...
View ArticleTabling in post-process duplicates a row of data??
A hat-wearing dinosaur and I tried to figure this out in usergroups without any luck. tl;dr moving this string exactly | table owner LastFirst OfficeName PersonType JobTitleGroup JobClassGroup JobTitle...
View ArticleSearching string with patterns
Hi, I would want to search for all results for this specific string pattern 'record has not been created for id XXXXXXXXXX,XXXXXXXXXX in DB' Note that: XXXXXXXXXX is a variable value, always of 10...
View ArticleShow me how to set filter text before loading reports page
hi Every time open a report page, i'am have to do a search. so I want to create preset report pages Show me how to set filter text before loading reports page ![alt text][1] thank [1]:...
View ArticleCalculating % error rate from a single field for a timechart
Hey All, I'm trying to make a timechart that shows the % of un-successful requests processed every hour. Success (or not) is represented in the 'info' field as 4 separate values: granted, canceled,...
View ArticleError in 'dbxquery' error code 126
Hi all, I'm using **Splunk 7.3.0** and **DB Connect 3.1.4**. I created multiple connections between databases and my splunk instance. Input job seems to execute at 6am all day. I can see this info in...
View ArticleCustom authentication.conf for Search Head Cluster
Hi, **Version** - Splunk v7.1.0 **Component** - Search Head Cluster **Background** - in our organization, we are using Splunk Infra to collect data from various components and servers. (over 400 VMs,...
View ArticleIndex over-consumption of Disk
Hi all, I noticed my Splunk instance wasn't indexing data this afternoon. I looked at the server and one of the disks that hosts some of my indexes was full. I looked at the individual size of each...
View ArticleCannot create static or dynamic dropdowns for this search
Hi all, Since I'm a very recent Splunk user I found problems creating dropdowns for my dashboard compiling the Google bot hits to our domains The data I want to get is coming from the search bellow,...
View ArticleNeed help in writing regex (PCRE)
HI All, We have events where some fields are having multiple value , below is the example event1 : 123,s@gmail.com,abc here id = 123 email = s@gmail.com name = abc Event2 :...
View ArticleSplunk Stream Windows host forwarding data without Winpcap
I am wondering if anyone could shed some light on the following: I was under the impression that to forward stream data I would need to install Winpcap on Windows forwarders. I followed the steps and...
View ArticleInstalling Forwarder on Centos machine remotly
Dear , Do you have tested script in-order to install splunk forwarder last version remotely .
View ArticleHelp for retrieving a lookup date and to display it in a dashboard
hi I have a csv file in my lookup folder (host.csv) and I wonder if its possible to retrieve the last modification file of this file and to display it in a panle title? thanks for your help
View ArticleHaving Problems configuring File Server Mount Points for Splunk Streams
Hello I have Splunk Streams installed on a Centos 6 Server which is also acting as a NFS Server. This is capturing packets and writing pcaps to the correct directory. I have a Windows Search head where...
View ArticleHow to Pass a token value to a visualization option ?
Hello, I am using custom image map viz and I want to pass the token "image" to define different image name depending on the search result `index=indexname |MY SEARCH...
View ArticleSplunk SDK user access permissions required
I've had a couple of python scripts that use the sdk to pull search results running for a couple of years. This week I'm upgrading those scripts from python 2.7 to 3.7. I also upgraded the SDK from...
View ArticleSplunk query question
how can i do this search in better way: index=test_data sourcetype=test_source_data protocolName="ABCDE4C72260F082" OR "ABCDE4C72260EFB9" OR "ABCD881DFC610A55" OR "ABCD7426ACF35BAB" OR...
View ArticleCan I do continuous Packet Capture with Splunk Streams?
Hi I have a requirement for Continous Packet Capture with Splunk Streams. For example, I want to capture all traffic on port 25 and then save it to disk, so that I can retrieve the pcap at a later date...
View Articlehow to setting filter text before loading Reports Page
hi how to setting filter text before loading Reports Page current search reports the are as follows: 1. click Reports 2. typing keyword(ex. error) ![alt text][1] but I want the result to be just a...
View Article