Help with timewrap Command
Hi, I am trying to show a comparison of traffic on my website for today, yesterday and last week. I am using below query for getting the results. My query is if i put that into a chart then on x-axis,...
View ArticleAssign subsearches to multple fields and evaluate their additions/substractions
I have a base search and there are multiple events that I can find depending on some set of the subtstring. Let's say A, B, C I just want to get the counts of these events and calculate a single result...
View ArticleHow to extract words and digits from a particular field
Hello everyone, I am trying to extract strings containing SAMM #2222-A-1111 from other strings in a field named SAMU This is what I have entered SAMU="SAMM*" "#2*" "-*" It works but also output other...
View ArticleMonitor files in a Windows Directory with wildcards
I am having a problem trying to monitor some files on some Windows servers. The directories that I am trying to pick up the files from are: **D:\webroot\www.foo1.foo.cd\App_Data\logs...
View ArticleSplunk App for Infrastructure: Error message on search head
Splunk App for Infrastructure data collection on Search Head Followed: https://docs.splunk.com/Documentation/InfraApp/2.0.0/Admin/ManualInstalLinuxUF Environment: Search Head 7.3.0 Indexer 7.3.0 Setup:...
View ArticleHow to assign subsearches to multiple fields and evaluate their...
I have a base search and there are multiple events that I can find depending on some set of the subtstring. Let's say A, B, C I just want to get the counts of these events and calculate a single result...
View ArticleRemove data after moving index location
I just moved my homePath and coldPath to a new location, and wanted to delete the data stored on Splunk's default index location ($SPLUNK_DB). I would leave it, but it's using the bulk of that...
View ArticleHow to join fields that have different values
I need to join two searches that do not have a common fields. First search has a field **FileName=Test.json** Second search has field **FileName=Test.json.pgp** How do I join the two searches? Thanks
View ArticleWhy does syslog data delay when setting no_priority_stripping=true?
Hi, When I set no_priority_stripping = true in input.conf in Splunk server, my syslog data send to Splunk work but a very long delay of time. When I remove no_priority_stripping = true from input.conf....
View ArticleHow to match index search results to CSV lookup
I have a search that returns information about usernames and their IP, machine name, etc. I want to cross-reference a CSV lookup that has a list of usernames and then the search result would only show...
View ArticleIs it possible to route events to particular license pool based on host or...
Hi, We have a situation where we want to have multiple pools in our license master and each pool should index data from specific host. We don't want multiple indexer OR license master to achieve this....
View ArticleI'm trying to use makeresults to test an alert but it doesn't work
I'm trying to use makeresults to test an alert but it doesn't work because "number of events" is always 0, but I thought the point of makeresults is to always make events?
View ArticleSending logs to HEC endpoint
Hi, I need to sent logs to HEC through HTTP. Only available option via HTTPEVNTCollector APPender. But Httpeventcollector is Layout Based. But i am using Encoder in my project. Can anyone suggest...
View ArticleHow do I send just the value of token $job.resultCount$ to a webhook?
We have a simple alert with a Webook action assigned to it with an endpoint is OMI. Search: index=xyz TCP_ERROR appName="jojothedolphin" Alert: If number of results > 10 After the alert is...
View Articletimecharting 2 seperate data sources with a case statement. What about this...
Something about this search makes it so we absolutely never get into the case that would label the column "msad". I have tried switching everything up: Making the zscaler case first, changing the msad...
View ArticleSyslog event timesteamp not display in correct format with...
Hi, How do I display the correct syslog event timestamp in Splunk. this is Syslog Event timestamp when display in Splunk with no_priority_stripping=true. 2019-11-14T14:34:02-08:00 I want to display...
View ArticleDo I need to meet all course prerequisites to take a class?
I would like to take and advance class that has course prerequisites. Do I need to meet all requirements in order to register?
View ArticleHow to add text fields to dashboard to specify start and end time filter ?
We have a dashboard and wanted to add text fields to enter start date with time and end date with time say (11/13/2019 08:00 pm - 11/14/2019 10:00 AM) so that dashboard should be updated according to...
View ArticleSupport for Python 3 ?
Hello @starcher Are you planning to upgrade you app to support Python 3 / Splunk 8.x.x ? It would be great. Thanks.
View Articleerror when executing samlpull command
I installed your app on a SHC with SAML (ADFS) configured. When executing | samlpull, I get an error. Inside log, I see: 11-15-2019 09:23:26.615 ERROR ScriptRunner - stderr from '.../splunk/bin/python...
View Article