Simple xml : I want to create cool single value display html
-24h@hnow| makeresults count=2 | streamstats count | eval _time = if (count==2,relative_time(_time,"-2h@m"), relative_time(_time,"@m")) | makecontinuous span=1m _time | eval count=random() % 200 |...
View ArticleChecking when a field value has changed
Hi team, I have a highly simplified set of log entries similar to the sample data below: |makeresults |eval dummy="Dec 09 19:43:45 system1 User_name: User1 Client_version: 1.1" |append [| makeresults...
View ArticleHow can we send the entire error stack from app logs to our email from splunk?
May I know if we have such option to do via splunk. I guess logstash would help in such scenarios, but wanted to understand if this approach from splunk will degrade the splunk performance as well as...
View ArticleGetting json argument value of an attribute depending on value of another...
Hi Everyone, I am new with splunk queries. I am trying to retrieve a table with the data's build_number,errorstacktrace, and the testname for the nodes which is having "errorstacktrace" attribute in...
View ArticleSplunk rolls back to previous version on while upgrading
We have Splunk cluster architecture with 1 cluster master, 2 indexers, and 1 search head. We have successfully upgraded cluster master and search head from version 7.2.0 to 8.0.1. While upgrading...
View ArticleSearch the strings that are not available in lookup file
All, I have a question on how to perform a search with the strings that are not available in lookup file.. I have a lookup file as below Test_Name|Test_Case Abar|Aliq Azad|Aliq And so on Now i would...
View ArticleSplunk for Snort not giving me good logs
Hey guys, looking for your guidance. I am currently trying to set up Snort version 2.9.15 on a standalone VM. I followed the guide on the official Snort site to install that version of Snort with...
View Article_audit index data retention in Splunk cluster
Hi, I have a Splunk cluster that consists of: - 1 cluster master - 3 indexers - 1 search head The indexes at the search head are configured to be forwarded to the indexers. I would like to set a...
View ArticleConvert Time Format
Hi , In splunk query i need to convert time format as below . Current format - 08:09.23 AM, Fri 06/10/2016 Required Format : 10/06/2016 08:09:23
View ArticleExtract the second word with the events
All, I'm able to extract the second word but now the requirement is little different. _time _raw Shivera **346.789.63** is taking the second class 456.789.345,345.67.56 Shivera **345.786.66** now on...
View ArticleMap not showing up in Missile Map Viz
I'm trying to use the Missile Map visualization, however, I only see the lines over a grey background, without the map that I normally see in say, choropleth maps. How do I use the same map as the...
View ArticleUnable to update email address in my Splunk Account profile
Hello Everyone, I'm trying to update a new email address in Splunk.com > Dashboard> My accounts > Update email address But the email address is not getting updated its still showing the same...
View ArticleHow can I check whether the data is being forwarded to indexer
How can I check whether the data from a server is being forwarded to indexer.
View Articlecorrelate 2 events
Hi Guys, We will have 2 events within a fraction of 3- 4 seconds when ever a user fail to login to our application as below; **2019-12-23 08:03:10 192.168.57.88 - 10.10.10.1 USER Peter profileID...
View ArticleMy splunk stats count is showing count but unable to view the events
Hi, When I search for a particular index in my splunk I am not getting any events data. However, when I do search the same index with stats by count I am getting count ass 1430. In both the cases my...
View ArticleJson data issues with timestamp
Hello, I'm using python scripts to get data into splunk. They are getting data in JSon format. Here an example: {"urgency": "Medium", "first_authenticated_response_at": null, "created_at":...
View Articlemicrosoft azure add-on for Splunk is unable to pull ad risky sign-on logs
microsoft azure add-on for Splunk is unable to pull ad risky sign-on logs if we look for internal logs , getting below mentioned events frequently , didn't see any issue but still we are not seeing any...
View ArticleReusable Script - Reset All Tokens with a Single Click
Hello, I want to create a script that will reset all tokens in a dashboard. However, I would like this script to be reusable without changing any code. I am using the following, which I learned from...
View ArticleSplunk for Snort not giving me good logs
Hey guys, looking for your guidance. I am currently trying to set up Snort version 2.9.15 on a standalone VM. I followed the guide on the official Snort site to install that version of Snort with...
View Article