simple table to count monthly and yearly
Hi together i have some events like: date product count_soled_today 2019-01-06 bike 15 2019-01-11 bike 5 2019-01-12 scooter 2 2019-03-16 bike 3 2019-03-17 bike 5 2019-04-03 scooter 3 and would like to...
View ArticleMy events are in the below mentioned description format, How can extract...
Event 1: Filesystem Type Size Used Avail UsePct MountedOn /dev/mapper/rootvg-rootlv ext3 6.0G 4.0G 1.7G 71% / /dev/sda1 ext3 194M 65M 120M 36% /boot /dev/mapper/rootvg-home_lv ext3 2.0G 636M 1.3G 34%...
View ArticleHow multivalue of field can be extracted in the below mentioned event , all...
Filesystem Type Size Used Avail UsePct MountedOn /dev/mapper/rootvg-rootlv ext3 6.0G 4.3G 1.4G 77% / /dev/sda1 ext3 194M 78M 107M 43% /boot /dev/mapper/rootvg-home_lv ext3 2.0G 528M 1.4G 28%...
View Articlehow i can extract value using KV pairs
Hello all How I can extra value from my event. 23-Oct-2019 08:07:23 23 23-Oct-2019 08:07:23 234 i want to display TestCase1= 23 TestCasePassed=234 Thanks in advance
View ArticleAbout deployment-apps
Hi, all. I have a cluster environment. (1 search head, 2 indexer) I want to change the character code of the data. So, I rewritten and reloaded props.conf of the application under deployment-apps of...
View ArticleCustom Dashboard layout with css no js
I need custom layout for dashboard, we can not use javascript. css is ok. It has multiple single value visualizations but need to have them different sizes in different rows/columns. I couldn't attach...
View Articleremove source
I added a CSV file (sample1.csv) through "Upload files from my computer" (My host is DESKTOP-7FST5G). I did different search queries with it. After some time I added second CSV file (sample2.csv) If I...
View ArticleSplunk in k8s behind an nginx-ingress controller redirects.
Hi Guys, Trying to access SplunkWeb for a deployment I have done in my KuberneteS (DOCKER) environment. The issue is I only have access to a https port. I use an nginx-ingress controller and tls hand...
View ArticleProblem with removing spaces using sed - with characters present
/finesse/api/User/72741/DialogsBertSmith Trying to remove the spaces between > and < I have tried the following - several of the patterns I have tried work fine on REgex testing sites but fail...
View ArticleDo you have an introduction document for splunk 8.0??
Is there a marketing documents or sales documents for Splunk Enterprise 8.0? file type: pdf 또는 ppt
View ArticleUnable to connect Splunk DB Connect and Oracle Autonomous Transaction...
I've spun an Oracle Autonomous Transaction Processing Database on Oracle Cloud. I have downloaded an Instance Wallet and am trying to create a connection string using the Oracle wallet. Splunk...
View ArticleEVAL-expression incomplete in TA-microsoft-windefender
It appears that in the "TA-microsoft-windefender"-addon something is missing that causes warnings in the search-log but more important, it does not do what it is supposed to do. The problem is...
View ArticleHow do I get different field values in different fields that are associated...
Hi, could you please help me with below info: user service name device abc123 baadmin Brahma Louwps121 bcx123 admin siva louwps123 bxc111 admin Brahma Louwps123 abc123 backup vijay Louwps101 cxz123...
View ArticleNeed docs for enhance monitoring using splunk
Hi, I have joined recently as splunk architect. Have been assigned to work on enhancement of monitoring. We have deployed itsi on our environment. Need to know how best to enable monitoring for...
View ArticleBug report: # in the Name of a Role causes error
Hi everyone, Splunk doesn't seem to have a proper bug reporting/tracking system, so I'll report it here: Using the # symbol in the name of a role is accepted by the Splunk GUI. After the creation,...
View ArticleHow to stop getting duplicate events from WindowsUpdateLog?
Hi. I have a problem that I'm getting duplicate events from `WindowsUpdate.log`. I'm pretty sure it's related to the following message I'm getting in the internal logs `Logfile truncated while open,...
View ArticleHow many indexer needed for my setup
Hello , I have one setup one indexer and one splunk search head. Indexer has 64 RAM and 16 CPU core and SH as 128 CPU and 32 core. Indexing per day 25 to 30 GB only. On investigation found all queues...
View ArticleRemote desktop license manager data in Splunk
Hi Team, Is there any way we can remote desktop license manger data in splunk, requirement is to create alert whenever license falls below certain number, creating alert is not a problem main thing is...
View ArticleHow do i convert a Json Multi key value pair to multi line chart
Hi I have X number of "totalHitCount" in a JSON file (mtr.gauges.caching_metrics.nodes{}.totalHitCount). The node{} and i am looking to graphs each node with time on Y and nodes values - multiple...
View Articleanyone got the CB ThreatHunter app working?
Trying to get the CB ThreatHunter app working on my dev instance of Splunk ( 7.3.2 ) with no luck . Sadly the documentation isn't that great and to a certain extent confusing. For a start anyone know...
View Article