Do I need to install a Splunk forwarder on a Splunk server to ingest its own...
Do I need to install a Splunk forwarder on a Splunk server to ingest its own logs? Or does the server automatically grab its own logs?
View ArticleWARN FileClassifierManager - The file is invalid. Reason: cannot_open
I have a watched file on a Universal Forwarder (Windows) and the file is send to the Heavy Forwarder (linux), but some file are not indexed, and some are indexed. This is the configuration on...
View ArticleSplunk ML toolkit - algoritham for incident prediction
I want to know if Splunk ML toolkit app has a algo for the incident prediction/forecasting? if yes has anyone used it - I saw some videos and could find the one. please let me know.
View ArticleCompare two strings and find the difference
Hi All, In the middle of a search I have two string fields, one is called A and the other B (both have the ";" as delimiter but the number of values inside is variable): A=test;sample;example...
View ArticleClicking Sort Order in a Table, SPL, Doesn't Display NULL Values
Hello, Here is my SPL (although I don't believe it is necessary(?) as this is a (mis)functioning of SPL in general). index="pay_test" AND host IN ("pay2", "pay1") AND (appName=TYTR OR...
View ArticleAdjust size of panels in Trellis layout
I have a panel with a split layout for displaying two different event counts. I am using Trellis layout and there are unnecessary scroll bars that I would like to get rid of. There is an option to...
View ArticleSplunk Docker in AWS
Anyone running Splunk Docker in AWS as part of a dev/test environment? Wondering which AWS service you found most optimal for this.
View ArticleTrouble with returning only active alerts
I'm trying to display a dashboard of all current alarms in my Cisco UCS environment. I'm having trouble comparing events to test if tthe event was cleared or if it's still active. I can only determine...
View ArticleHow to send Splunk report to Unix server
Hi Team, I'm generating a report weekly and sending it across as email. However the team wants this file to be pushed onto a directory on Unix server. Any idea how i can achieve it?
View ArticleDate range on a field
I am plotting a timechart based on a datetime field (timestamp) in the event. The search query looks like: * "logname=customlog" | fields host, SourceName, EventCode, EventType, Type, ComputerName,...
View ArticleInstallation of Splunk Dashboards App (Beta) from "Browse more apps"...
Looks like you've included multiple apps in the package - this error appears when installing:> Invalid app contents: archive contains more than one immediate subdirectory: and splunk-dashboard-app
View ArticleIndexer _internal size under /opt/splunk/var/lib is large
Hello, We have an indexer cluster that has a custom indexes.conf that specifies the volume path and retention of each index. However, it appears the _internal DB on each of the indexers it writing to...
View ArticleIs it possible to map value to color/color code using a bilinear color...
(Disclaimer: May be a little sympathetic nuts. Meaning you do necessarily need to be sane to enjoy this question/answer) Many custom visualizations can work with a colorcode in the event data to...
View ArticleCan sampling for subsearches be used to parameterize main search?
Is there a way to set sampling for subsearches separately from the main search? For example, given a search of a huge index (`srcidx`) like: index=srcidx thirdparam=bar [ search index=srcidx param=foo...
View ArticleDoes a Splunk forwarder need to be installed a on a Splunk server to ingest...
Do I need to install a Splunk forwarder on a Splunk server to ingest its own logs? Or does the server automatically grab its own logs?
View ArticleWARN FileClassifierManager: The file is invalid. Reason: cannot_open
I have a watched file on a Universal Forwarder (Windows) and the file is send to the Heavy Forwarder (linux), but some file are not indexed, and some are indexed. This is the configuration on...
View ArticleSplunk Machine Learning Toolkit: Algorithm for incident prediction
I want to know if Splunk ML toolkit app has a algo for the incident prediction/forecasting? If yes has anyone used it? I saw some videos and couldn't find the one. Please let me know.
View ArticleHow to compare two strings and find the difference
Hi all, In the middle of a search, I have two string fields, one is called A and the other B (both have the ";" as delimiter but the number of values inside is variable): **A=test;sample;example...
View ArticleSPL: Clicking sort order in a table, doesn't display null values
Hello, Here is my SPL (although I don't believe it is necessary(?) as this is a (mis)functioning of SPL in general). index="pay_test" AND host IN ("pay2", "pay1") AND (appName=TYTR OR...
View ArticleHow to adjust size of panels in Trellis layout
I have a panel with a split layout for displaying two different event counts. I am using Trellis layout and there are unnecessary scroll bars that I would like to get rid of. There is an option to...
View Article
