How to customize pagination in dashboard using SIMPLE XML?
Hi All, I want to make navigation to page 1 easier and convenient even if i am in page 100 which currently is hard as I need to click on Prev button 100 times to go to page 1 in the dashboard which has...
View ArticleIs it possible to copy savedsearches.conf from an old Splunk app to a recent...
Hi, The requirement is to have the same dashboard (lots of href links to searches in Splunk organized in blockes) when building up a new Splunk distributed platform. I am thinking to reuse the same...
View ArticleAfter upgrading Splunk Enterprise Security from 3.1 to 4.1.1, why did I get...
These were the error messages I received: The search "Network - Substantial Increase in an Event - Rule" is related to the correlation search "Network - Event Count By Signature Per Hour - Context Gen"...
View ArticleWhy is fieldformat not working if I don't include a certain value in the table?
here is my search, I'm trying to create a report that shows the **error count**, **error percentage**, and **total transaction count**... | dedup TransactionID | stats count As ErrorCount by...
View ArticleWhat is the process to run the TA-prtg Add-on?
I installed this app and configured the prtg.conf file by completing the server, user, and password but nothing is displayed in the Overview view. Are there other files to configure Splunk in or PRTG?...
View Articlehow to blacklist the file which is being monitored in two different stanza...
Can any one help how to blacklist a file , the file is monitored and linked in two stanzas
View ArticleHow to get count of events for each field?
In the following query, I'm trying to display the count of events for each field (bar) from a single field (foo). foo=* bar=* | stats values(bar) as Clients count as Amount by foo | eventstats...
View ArticleIs the token I set up in HTTP Event Collector fixed and indefinite?
I have a question on HTTP Event Collector design. In my previous experience, every time I had to use an API for communication I would have to first supply my login credentials to generate a token,...
View ArticleIs there any way to view the Splunk DB Connect 2 input "choose and preview...
Whenever I use the Splunk DB Connect 2 GUI to view an input, if I select the "choose and preview table" tab to view the settings, it runs the query. Sometimes this query takes an excessive amount of...
View ArticleCan I configure my dashboard to refresh only every x hours?
Hello: I have a problem with my dashboard. The problem is that every time I refresh the page with the dashboard, searches are executed. I would like the dashboard to refresh only every x hours...
View ArticleHow to attach a group read access to the Windows Eventlog when installing...
We are trying to collect data from certain secure Windows Systems and the team have requested to install "Splunk Universal Forwarder" with minimal permissions within a domain group....
View ArticleWill indexer clustering use twice the amount of license?
We are currently configure network endpoints to distribute syslog to two indexers. The licenses are twice. Will the indexer clustering consume the twice license?
View ArticleHow do I create a chart with the x-axis as processing time for transactions...
Location Processing Time (minutes) ----------- --------------------------- Central 21.6 South East 27.4 How do I generate a report with my x-axis as 'Processing time' and y-axis as Number of events?...
View ArticleSplunk Dashboard: How to add a name tag to panels using HTML?
We are using Splunk 6.4.2. We want to create a dashboard with several panels. We want to add the HTML tag to the source in order to be able to load the dashboard but position to panel3 at the top. I...
View ArticleHow to multiply the x-axis values by the y-axis values and display the result...
I got a project where I have a csv file with one particular field. Each bar ranges from 200-700 in value. I need to be able to multiply the values in the x-axis by the numbers on the y-axis and put the...
View ArticleWhy are files in a folder not getting deleted on the universal forwarder with...
I setup my universal forwarder to monitor a folder and send the contents to one of my indexers. That works great. I changed the inputs.conf from the monitor stanza to the batch stanza and added the...
View ArticleHow to count events that are common or existing among multiple sourcetypes?
Seeking help of Splunk Gurus. I have three sourcetypes : TICKET_OPENED, TICKET_ACTIVITY & TICKET_CLOSED. A common field among these three sourcetypes is TICKET_NUMBER. It is possible that a...
View ArticleHow to configure a scheduled alert to trigger one email whenever a specific...
We've been using real time alerts to send us an email whenever a specific log/event is hit. However we only have 4 CPU cores and can only run 4 real time alerts. What is the best configuration to set...
View ArticlePalo Alto Networks App for Splunk: After configuring inputs.conf, why are we...
I'm new to Splunk Enterprise after completing a trial of Splunk Cloud. I am attempting to have data flow from my Panorama and when I look at the monitor tab, I am seeing UDP 514 data flowing to the...
View ArticleWhy is the host name I set in a monitor stanza on a universal forwarder not...
I have an rsyslog server aggregating syslog streams from switches and firewalls. The rsyslog server writes log files to disk by source IP address. I'm attempting to read these log files using an...
View Article