XML validations Option "fields" is deprecated in my dashboard
I am upgrading my Splunk version from 6.3 to the latest and seeing the XML validation issue in one of my dashboards. Can anyone suggest another alternative for this?> name="fields">$show_fields$...
View ArticlePagination cursor with GET REST API
If I setup the REST API modular input - it'll properly read the API but I can't figure out how to get it to paginate. In the API response there's a field called next-cursor which its value should be...
View Articleldapsearch not returning list of all AD groups and users
I'm trying to create a lookup of the domain, ad group and user using `ldapsearch` command from `Active Direcotyr Add-on`. The below query is schduled as report and generates the lookup. If I manually...
View Articlehelp me on how i can create lookup file in lookup editor
Greetings!! help me on how i can create lookup file in lookup editor I use to see a field called host that is identified by source IP and i want to add also another column that will describe that IP...
View Article_indextime is 5 hrs ahead of event time (_time)
Hi, We have Splunk Enterprise 7.2.6 in our environment. I noticed there are latencies (difference between _time and _indextime from 1hr to 10hrs). My Splunk Heavy Forwarders are in GMT timezone, hence...
View Articlesort multi value field by word length
is it possible to sort multi-value field by word length...if yes then how to.
View ArticleDistributed management console
What is the DMC on splunk? Why should I have need to install it? How should be installed, It is an app? The monitoring console is not the same thing as that? I'm configuring and distributed environment...
View Articleremove custom csv file of threat intellignance
hi I uploaded custom csv file containing IP addresses. Referring link "https://docs.splunk.com/Documentation/ES/latest/API/ThreatIntelligenceAPIreference". I have to remove data rows one by one. there...
View ArticleTotal amount of IPs
Hello. I have this query: index=XX | stats count by ipaddress This creates a table which says how many log entries are there for each IP address, but what I need to know is How many different IP...
View ArticleQuery Help
Hi, I am trying to search logs from specific source and with specific name and to search IP found in previous search in all indexes. Ex: index=firewall and name="malicious IP' (this will give a log...
View ArticleData retention
Where must the data retention be settled in indexer or in my case distributed environment in search head? Then seen that it must be setted in file indexes.conf but it S present just in...
View ArticleSplunk App for Infrastructure on Search Head
Splunk App for Infrastructure data collection on Search Head Followed: https://docs.splunk.com/Documentation/InfraApp/2.0.0/Admin/ManualInstalLinuxUF Environment: Search Head 7.3.0 Indexer 7.3.0 Setup:...
View ArticleSpath for getting date json field
Hi all, I'm trying to use spath to extract JSON data from a field name that represents a date: { "field1": { "2019-01-02": [] } } but when I try **spath input=message output=result field1.2019-01-02**...
View ArticleRest command for Index Size
Hi , I am using the below REST command to create 30+ indexes. But they are getting created with default size as 500 GB. How can I pass argument to restrict the total index size as 5GB? curl -k -u...
View ArticleDoes Splunk have an app you're supposed to use for the Splunk Add-on for F5...
Does splunk have an app you're supposed to use with the Add-on for F5 Big-IP to view the dashboards it collects data on? or just the add-on?
View Articlehelp for keeping data formating after a scheduled search
hi In my dashboard, I am formatting that like below when the search is directly integrated in the dashboard blockall700.00["0x65a637","0xf1813f","0xd93f3c"][5,25]progressbarabsolute/ $NbIndHost$...
View ArticleInfoblox modular input
Hi all, I'm trying to create a new input for infoblox with the Infoblox BloxOne Threat Defense Cloud Input Add-on (https://splunkbase.splunk.com/app/3860). When I click on next, when create the input,...
View ArticleWhy am I getting Access is denied errors on indexers?
I have cluster with 2 indexers, RF=2 running Splunk version 7.1.2 on Windows Server 2012. I often get following error: Indexer Clustering: too many bucket replication errors to target peer. In...
View ArticleHow to get timechart to work in a search with multiple calculations
Hello, I am trying to make a timechart for my field "finalProfit" in the search below. I have tried doing timechart per_hour(finalProfit), eval commands in my timechart search, and a number of other...
View ArticleHow to format result by join column results based on another column
Hi Every one, I am new to Splunk, I have a requirement as given below, I have a result as given below by combining two different input lookup, Country index servers Argentina win_ar serverA Argentina...
View Article