Single Search Head/Single Indexer (distributed search)
Hi, Is it possible to create a single search head instance ? And or a single indexer instane? - Or are the instances by default indexers?
View Articleiam receiving a message unbalanced quotes , i tried using back slash
| eval e="$time_token.earliest$", l=$time_token.latest$"| eval e=case(match(e,"^\d+$"),e,e="" OR e="now" , "0" , true(), relative_time(now(),e)) | eval l=case(match(l,"^\d+$"),l,l="" OR l="now" ,...
View ArticleCollectd Docker Plugin for Splunk App Infrastructre is not working
Hello Everybody, i want to monitor my docker containers with collectd and the Splunk infrastructure App, I followed the instructions of...
View ArticleProcess Solaris audit files into Splunk 7.2.5
Hi, I have a customer running both Solaris 11 and I need to monitor their Solaris audit data as kept in their Global Zones (this monitors all Zones). How do I process this binary format file to...
View ArticleIndex and forward events on indexer
Hi all, i have a Splunk indexer (version 6.2.14) that receives events from a Splunk forwarder (same version). On the forwarder I have a monitor that reads some files from local filesystem and forwards...
View ArticleNeed help using Tstats getting count of a string in raw logs
I want to show the count of logs where a string appeared I have a strong and need to know how many times it appears in logs
View ArticleCan Splunk process data that is "updated" over time?
Dear fellow Splunkers, I have a use case where I believe Splunk could provide great insight, alerts and dashboards, but I do not know if the way data has to be acquired makes it the right tool for the...
View ArticleCan i run a refresh from the command line?
Hi From the GUI i run this, but i want to automate this process, http://hp737srv:8000/en-GB/debug/refresh can i run it from the command line? I have tried Curl but its is not working bash$ curl -u...
View ArticleJoin two lines in the same search
Hi all, I'm currently monitoring log files. I have exctrated 2 fields end_collection_timestamp & starting_collection_timestamp. I want to calculate duration of execution. | eval duration =...
View ArticleDisplay date on X axis
Hi all, I'm trying to generate a timechart wich expose execution duration of a file. I almost succeed but i'm not able to generate an X axis with tiimestamp visible. Is it possible ? index="saplogs"...
View Articlecan some one explain me the function of the below code in specific
| eval created_upper_token=if("$time_token.latest$"="" OR like("$time_token.latest$","%now%"),"@s","$time_token.latest$") | eval...
View ArticleLookup file 'cisco_ios_messages.csv' has 2 missing fields
This warning has been polluting my internal logs for a long time: 11-27-2019 13:39:46.280 +0000 WARN IndexedCSV - csv file...
View ArticleHow to show latest month data in Solid line and rest all months in marker...
Hi , I have data for each month like below. For example, Data1 min Months -1 322 Jan-19 1 340 Jan-19 2 200 Jan-19 -1 250 Feb-19 1 360 Feb-19 2 200 Feb-19 Similarly for all months till Oct-19. we want...
View Articlesourcetype reporting interval?
Anybody have a query to show sourcetype reporting intervals (how often a ST sends data). I cant download or install any apps, so I need to use spl. Timechart maybe? Anybody have a dashboard for this?...
View ArticleCan I create multiple rows of the tag title
I am trying to separate in two rows my tag title without using an html tag with its linebraker. *TITLE TAG code* >>> `**** STREAM BY AGE CATEGORY ( Stream: YYYYYYY Aging: YYYYYYY ) ` *HTML TAG...
View ArticleVerification of SAML assertion using the IDP's certificate provided failed....
I have configured SAML 2.0 SSO with our own IdP. My local splunk app http://khal:8000/ successfully redirect to Assertion consumer URL. Then I enter user and pass there and get an error message on...
View ArticleText Clustering in Splunk
Hi, Here is my requirement I have file with column 'Description'. I need to get the most common pattern of the words.Example Repetitive Pattern Count Percentage Examples Job 80 15% Job Related with...
View ArticleSplunk USB Control
Hi, We use Splunk to manage usb devices. We write script which find usb's serial number and check in our database if it is registered splunk run a command which is **devcon.exe update...
View ArticleRequire splunk query to get list of processes running in web server
I used sourcetype-perfmon:process and i could get fields - counter/instance/object which refers process name
View Article3 issues with TA_crowdstrike app: URL constants valid only for commercial and...
Hi, I'm trying to use your Add-On for the EU Cloud API and I've encountered the following issues and found a solution I would like to share with you in order to ask you to check and eventually fix them...
View Article