Force CSV header in export job with output_mode=csv and no matching events
Using the cURL/API to submit an `output_mode=csv` export job like this: `search .... | table fieldA fieldB` will give a CSV payload if there are any matching events, otherwise it will return no data at...
View ArticleAvoiding Overuse of appendcols
Hi Splunkers! Just wondering whether anyone can advise me on how to tune the following search statement? The reason why I use appendcols is I need to get results from multiple fields with multiple...
View ArticleHelp with a Regex
I have a field called File_Name that I've generate by trimming the filepath off of my source from a local data input. The files are either xml or txt files but the names all follow the same format....
View Articlegetting error in pushing bundle from master apps to slaves
Hello, I am getting an error when I tried to splunk validate cluster-bundle and splunk show cluster-bundle-status when I tried to apply cluster-bundle returning the following error "Encountered some...
View ArticleSplunk Enterprise Server Fails to Start
I'm getting the following error when splunk is attempting to start up > Operation "read_pid" failed in /opt/splunk/src/libzero/conf-mutator-locking.c:339, conf_mutator_lock(); Operation not...
View ArticleAssigning a row value for arthimetic calculation
I have a table output like Date Title Product Count 10 November 2019 PA Number of A 371 10 November 2019 PA Number of B 129 10 November 2019 PA Number of C 195 10 November 2019 PA Number of D 110 10...
View ArticleHow do I divide my other results from one specific result?
Currently I have `index=* Name=rateA OR rateB OR rateC OR rateD OR rateE | stats sum(Rate) as sumRate by _time, Name` What I want to do is get the **sumRate** of all the other rates and then divide...
View ArticleAny plans to update this app for metrics indexes and to be compliant with...
I like the layout of the dashboard for the app so I'm curious if there are any plans to update it to work with metrics and Splunk 7.3/8.0 compatibility?
View ArticleIs it possible to force CSV header in export job with output_mode=csv and no...
Using the cURL/API to submit an `output_mode=csv` export job like this: search .... | table fieldA fieldB Will give a CSV payload if there are any matching events, otherwise, it will return no data at...
View ArticleHow to extract the protocol, Device_IP, transaction sequence number and the...
I have a field called File_Name that I've generate by trimming the filepath off of my source from a local data input. The files are either XML or txt files but the names all follow the same format....
View Articleflume http sink to Splunk HEC?
How to set the the HEC token value in the flume http sink configuration? flume http sink has the following header props, but neither look like the right thing: acceptHeader contentTypeHeader Anyone had...
View ArticleHow to convert JSON with multiple values for same metric name in to metric...
I have a sample JSON object containing multiple values for same metric_name which is CPU_usage. How to convert it in to multiple metric points whose metric name is same i.e CPU_usage. samplejson: [ [-]...
View ArticleConditional search
Below is the log example. Fri Oct 11 20:01:48 2019: **History was not closed with a proper agent termination after the above date.** Fri Oct 11 20:01:48 2019: Repairing of history database started......
View ArticleSplunkWeb will not start after upgrading to Splunk 8.0.0 due to "SyntaxError:...
SplunkWeb will not start after upgrading to 8.0.0. web_service.log includes the following message: 2019-11-12 18:34:59,331 ERROR [5dcafb52437f3b120e8d90] root:770 - invalid syntax (LookupFileEditor.py,...
View ArticleLine Breaking not consistent on Tomcat logs
I've written for below props.conf and placed in etc\apps\\local. I'm getting sporadic results and lines are being chunked together. Any help would be greatly appreciated. [tomcat:jackrabbit:log]...
View ArticleHow to avoid the overuse of appendcols?
Hi Splunkers! Just wondering whether anyone can advise me on how to tune the following search statement? The reason why I use appendcols is I need to get results from multiple fields with multiple...
View Articleeval condition help on manipulating a field which has multiple field values?
I have an eval condition in my query as follows My_query | eval object=host." (".id.")" | table host object which gives me the null values on the object field as follows host object abc And reason for...
View ArticleSplunk Add on for ServiceNow Updating Security Incidents instead of creating new
Using The Splunk Add On for ServiceNow we are generating Security Incidents. This was working correctly then suddenly stopped creating new Incidents and just updating the last incident for that alert....
View ArticleHow do I select a time frame for events?
For the following search, I want to display the earliest and latest events within a duration of a year. However, I want the Error Counts to be displayed with a duration of only a week. I read about...
View ArticleIndex has splint into two. How can I merge the new index back into the old?
During the upgrade process for Splunk TA for Windows, the perfmon index location was moved. This resulted in two data locations - one with year of data and another with the last two weeks. Searches for...
View Article