create table from database schema
hi i have database schema, and want to extract a table like in picture. i try to use regular expression but it's not work, explain here; https://answers.splunk.com/answers/786057/field-extract-1.html...
View Articlehow to set timestamp format for each event in a log file?
Here is the scenario. We have a log file that comes in that we do some modification on the sourcetype to set it based on the lines in the event. We are doing this using props and transforms. I am...
View Articlehow to get count numbers based on the values
I have the following fields: x, value, I want to get number that count by value of x. for example : 267 is the smallest value of 101L1, then the number should be 1, the next one 268 is 2... x value...
View ArticleSplunk stream forwarder : client side configuration to intercept loaded jsons ?
Hello fellow splunkers ! **Problem** : using an internal wbesite of the company I'm working for, I have to check several values in a webpage to take a decision. All of them are loaded trough json,...
View ArticleTimechart issue
Hi all, I have extracted a field (exit_status) in log file. I want to know if a process exit properly. I have 3 use cases that can be found in log files, exit_status = normaly, exit_status= -1 or...
View ArticleError for Kinesis Input : Failed to execute...
encountered this error in the logs: message="Failed to execute function=handle_cloudwatchlogs_fmt_records, error=Traceback (most recent call last): File...
View ArticlePunchcard rounds values: how to show decimals?
Hi all, I am using Punchard plugin to create some cool dashboards. I have values of the temperatures of some compressors, and I am showing the variance and the standard deviation in a calendar by...
View Articlesearch with same field diferent dates into a table side by side
i want to verify if there is a difference in 2 counts made that relate to diferent timelines. This is what i've came up with index="tenablesc" sourcetype="tenable:sc:assets" | dedup ip | stats...
View ArticleCan't view Web Interface " ERR_CONNECTION_REFUSED"
Hello everybody, I have just installed Splunk, all ports are ok, firewalld is down. But i cant acced to the interface web, y use localhost:8000 and there is not any answer. I reinstalled it 3 times,...
View ArticleIs it possible to set a token with the value of the nth row of a result set?
Hello All, Using this run anywhere for reference: | makeresults | eval fruit = "Apple", amount=54 | append [ | makeresults | eval fruit = "Pear", amount=2 ] | append [ | makeresults | eval fruit =...
View Articlesearch problem
Hello , I'm getting the following error in the Search head. How do I troubleshoot? Search process did not exit cleanly, exit_code=-1, description="exited with code -1". Please look in search.log for...
View ArticleCustom Command in Splunk
I have created a python script and it is taking an argument . I have declared it ,like this` hash = Option( doc=''' **Syntax:** **ioc=**** **Description:** Name of the field which contains the hash''',...
View ArticleWhere can I find the Jenkins plugin for splunk?
Hi All, I am creating an POC to ingest Jenkins event into Splunk and I have checked in the Splunk answers.com and found the link https://wiki.jenkins.io/display/JENKINS/Splunk+Plugin+for+Jenkins and...
View ArticleUsers subsearch in event type not working
This is my search I am trying to use in an event type so I can tag my events. index = mail | eval Subject=coalesce(Subject,subjectx) | search Subject = "*NVEM Battery Alert*" But i get this error?...
View ArticlePercentage chart
Hi. I have a query that makes the difference of a query comparing today with last week. I would like to generate a graph of percentage difference between the two, could someone help me? My chart...
View ArticleHide dashboard panel results until search is complete.
Hello Splunk Community. We have a dashboard with 8 panels. The dashboard has 2 text boxes where we can use to enter start date with time and end date with time & it also has a drop down to select...
View ArticleIndex Retention Time
Hello, I did some reading up on the hot, warm and cold buckets and data retention of indexes but I am not sure I 100% get it. What I am simply trying to do is to set my indexes to keep data for 180...
View ArticleChange graphics in XML
Hello, I have the splunk chart structure and would like to leave the 03 charts that are of numbers together within the same square, how can i do this in xml? I need the first column to have the 03...
View ArticleField extraction on working (props.conf)
I have one props placed in location , opt splunk etc apps appname local props Below is the code [db_accounts] DATETIME_CONFIG = EXTRACT-AUTHID = \s+(?[A-Za-z]\w+)(,|\n) EVAL-sourcetype = if(source like...
View ArticleJoining sourcetype a with sourcetype b where sourcetype b is a reference...
I am building a table query to list down tickets against applications. Where tickets are stored in sourcetype 'a' and application names are stored in sourcetype 'b' with a common ID field When time...
View Article