The New Splunk Dashboard Beta version will not load on the current version of...
I download the trial version of Splunk Enterprise on my laptop (Windows 10) to test out Splunk. So first thing I did was test downloading some apps. The new Beta Dashboard app (which is one of the...
View ArticleThe index processor has paused data flow
The index processor has paused data flow. Current free disk space on partition '/' has fallen to 4665MB, below the minimum of 5000MB. Data writes to index path...
View ArticleACI and origin of event
I am about to set up Splunk in a PCI environment. Therefore I need to know for every event where it comes from. Many inputs seem to be a little difficult from this perspective. For now i just want to...
View ArticleAdding a column to a statistics table using rex
I'm fairly new to splunk and have just learned how to use the rex/regex. I am trying to add a column in my string search to a statistics table to display the name of the workstation. This is my current...
View ArticleMake Syslog-ng Server HA with load balancing
Hi all, We'd like to make our syslog-ng server HA. Which is a heavy forwarder instance. The plan is to clone our syslog server. Front both of the machines with the load balancer. And set it to active...
View ArticleHow to put results of custom search command to index
Hello all, I have add-on with written a custom search command. This command call my python package. **my_searchcommand.py**: from lazy import Lazy from splunklib.searchcommands import ( dispatch,...
View ArticleHow to display details in table
I need to display a table with 4 columns and date is like this - Colum A Col B Col C Col D x y z a b c c Problem is when it only displays the Row1 results since data is present for all columns. I need...
View Articlegetting error for regex "exceeded configured match_limit, consider raising...
Below is the regex I am using |rex field=_raw...
View ArticleSearch without join for multiple index
Hi, I have a requirement where I have 2 Index, I want to display the raw data, Below is the query I tried but I am not able to show complete data. Fields A B C D E F G H I J L M P Q R S T U V W X Y Z...
View ArticleContinue with last know value on a simple timechart
Simple search to look at the battery status on my UPS: UPS_BATT | timechart max(UPS_BATT) span=1m But the UPS_BATT value only comes in every 4~12 hours. How do I continue with last know value, until...
View ArticleCorrelation searches not creating episodes
Splunk Version:7.2.6 --> SH cluster with 3 nodes ITSI Version: 4.2.0 Issue: Sometimes the episodes are not generating with NEAP and showing duplicate episodes
View ArticleExclude a specific date/time of data from an overall average
I am calculating monthly averages and have an issue where on a single day in October there was an error in the data. I would like to remove this single date and time range (Oct 12th 00:00-04:00) from...
View ArticleRemoving strings after a certain string with Rex
I'm trying to remove characters after a certain string in my search string. I am still getting the strings after "3" appearing after. I only want a 3 to be displayed. I only want the 3 to show up from...
View ArticleConnecting Tableau to Splunk
I am trying to connect Tableau to a Splunk instance. I know almost nothing about Splunk and am hoping some folks have had experience with this. My understanding, from the documentation, is that we have...
View ArticleAdjust size of panels in Trellis layout
I have a panel with a split layout for displaying two different event counts. I am using Trellis layout and there are unnecessary scroll bars that I would like to get rid of. There is an option to...
View ArticleMacro with tsats query returns no results.
I've created several macros with a tstat query. when running the macro through the UI, no results are displayed. When I run the tstat through the UI, i get results. I do not have a pipe in front of the...
View ArticleDashboard not loading with error, "totalQuery is undefined"
Some of my dashboards are not loading after the 7.3.x upgrade - the previous version was 7.2.6. The error messages are different from browsers but common thing is, the dashboards are not loading with...
View ArticleFIlter the data
Hi, Can i write my search as index=idx1 host != (a,b,c) | stats count by host The thing is i want to filter some of the hosts in the count so.
View ArticleForwarding splunkd.log output to syslog.
I must be missing something very simple here so bear with me. I am running a splunk unviersalforwarder instance, and I would like to forward its internal logs (e.g. splunkd.log) to my own syslog...
View ArticleAlert that monitors ports 8000, 8089 and 9997 every 5 mins
Hello Folks! I need to create an alert that that checks if ports 800, 8089 and 9997 are up or down every 5 minutes. Could you please help me out? TIA!
View Article