SEDCMD throws replaced string to nullQueue ?
I have been using both the SEDCMD and nullQueue to remove unnecessary events and strings in particular events. transforms.conf REGEX = (Hostname:\slocalhost) DEST_KEY = queue FORMAT = nullQueue Above...
View ArticleQuery to display average cpu usage for all splunk search heads & indexers
I'm building reporting for capacity planning to improve the performance across our splunk environment. During my company's peak period of year, our indexers CPU gets pegged and I'd like to query for...
View ArticleWhy am I not receiving my real time alerts to list attempts of brute force...
Hi, I created an alert to list attempts of brute force attacks. Something like: "source="WinEventLog:Security" EventCode = 4771 | transaction user, ip maxpause=10s | table user, ip, eventcount | WHERE...
View ArticleHow do I fix "splunk resync shcluster-replicated-config" failures on search...
I have this error: Error pulling configurations from the search head cluster captain (https://192.168.221.101:8089); consider performing a destructive configuration resync on this search head cluster...
View ArticleIssue with strptime
Hey guys, So I've used strptime before but for some reason this isn't working properly. I have a column with different types of data like below: Column |Value ------------------ 02/2016 | 100 03/2016 |...
View Articlehow to select distinct rows from lookup?
How to select only distinct rows from the lookup table? I am selecting student details but I have duplicates in the lookup, so how to select only distinct rows from lookup?
View ArticleHow to input time using earliest and latest tokens on a string date?
I have a KVS that contains a week_date in the form of a string m/d/Y |inputlookup AAA__test_execution_count | eval _time=strptime(week_date,"%m/%d/%Y") Now what I want to do is have an input time on a...
View ArticleScripted Input Bash Script with date stamp
Hello, What is the best way to handle a scripted input so that it echo's the date in a format Splunk can interpret easiest? Currently I use the date command, example: echo "`date`...
View ArticleAlert Manager stopped displaying information about incidents
Hello, I've installed the Alert Manager App on my search head and the TA on my search head and indexers. Fired alerts were coming into the Incident Posture dashboard just fine. I could see the alerts...
View ArticleHow to generate a search for users that have clicked or visited a URL, how...
How to search for users that have clicked/visited a url, how many times, and display results in a table with two columns. Column "A" would be the user, Column B the qty of hits to the url. THANKS!
View ArticleWill SEDCMD replace strings in particular events before indexing and send it...
I have been using both the SEDCMD and nullQueue to remove unnecessary events and strings in particular events. transforms.conf REGEX = (Hostname:\slocalhost) DEST_KEY = queue FORMAT = nullQueue Above...
View ArticleHow to select distinct rows from a lookup table?
How to select only distinct rows from the lookup table? I am selecting student details but I have duplicates in the lookup, so how to select only distinct rows from lookup?
View ArticleHow to handle a scripted bash input with an international date stamp when my...
Hello, What is the best way to handle a scripted input so that it echoes the date in a format Splunk can interpret easiest? Currently I use the date command, example: echo "`date`...
View ArticleAlert Manager: Why is the Incident Posture dashboard not displaying alerts?
Hello, I've installed the Alert Manager App on my search head and the TA on my search head and indexers. Fired alerts were coming into the Incident Posture dashboard just fine. I could see the alerts...
View ArticleHow to use Timechart count by a subsearch field
Hello, I'm trying to use "timechart count by" a field from a subsearch. Bellow, my query that is not working. index=index_cbo "Scope State: 65280" | eval CNPJPDV= CNPJ."-".PDV | append [search...
View ArticleHow to resolve messages about 'File Integrity checks' for Splunk files
Getting this message "File Integrity checks found files that did not match the system-provided manifest. See splunkd.log for details." ![alt text][1] Anyone seen this before? Any idea what it's about?...
View ArticleCompare values of two fields from different field value
Hi All, This is a ticket data. I have a field called "Team" having 2 values "SAP" and "Non-SAP" and the respective team members for both the values SAP and Non-SAP as a different field called...
View ArticleNT4 - Options
Hi folks, You'll have to excuse my memory lapse here - Splunk forwarder on NT4, installation of - I recall getting an old version of the forwarder to install on NT4 some time back, but the version is...
View ArticleHelp with Auditing the Auditors? (How can i identify from a list what matches...
I have a requirement to check to see if our auditors have run specific dashboards every week. I would like to build a query that reports if they haven't checked their areas of responsibility. I've...
View ArticleDaily Business Hours Apdex Chart
I have dynatrace apdex score of user satisfaction index. I need take this score avg by filtering 8 am to 5 pm business hours and draw a chart with the previous day business hour apdex chart. So i would...
View Article