How i can add different drill down for each output in the panel
Hello How i can add different drill down for each output in the panel. i have created separate dashboard for each project just want to add drill down so that if i selected CCP -- new dashboard ll open...
View ArticleY-axis log automatic max truncates
I have a line chart showing data with values between 0 and 9. Using a log Y-axis but letting the max be automatically derived, it chooses a max of 1, so the peaks are clipped/truncated/cropped. If I...
View Articlenames of internal indexes "_audit" and "_thefishbucket"
I have confusion around the names of these internal indexes. I was always taught to set up my stanzas in my indexes.conf to "_audit" and "_thefishbucket". But upon examining a fresh install of Splunk...
View ArticleSplunk - Display Events when there is no matching subsearch events
In the logs I will see event with text CanonicalItemLoggingService and id=3632735. Similarly in the logs, I may or may not have events for 3632735 with text TargetItemLoggingService and...
View ArticleHow to set up SSL/TLS for the Splunk indexer
Hi, I am trying to establish an SSL/TLS-connection with own certificates between the UFs and the indexer. I would also like to enable non-SSL connection for some UFs, but so far I haven't been able to...
View ArticleInteresting... passwd file over rules user-seed.conf
Not sure if this has been seen by others and it didn't turn up in my searches... I have a 7.3.3 instance where I forgot the admin password. So I created a $SPLUNK_HOME/etc/system/local/user-seed.conf,...
View ArticleHelp with firehose ingestion
Hello all... I am trying to use the Splunk-Trumpet project to a HEC end point with indexer ack, a valid SSL cert and internet facing. I can use curl to POST data to this endpoint with SSL enabled, so...
View ArticleCorrelating different types of data from different sources
Hi, is there a "standard" way of correlating data from different sources? For example, I have a metadata source and an event source. The metadata source has data such as "ServiceName" or "Location",...
View ArticleOdd Data Extraction via Rex
Hello, I am trying to extract data for this ResetMyCallLog. I have the data logged into the search. What's odd is when I attempt to extract it, it only covers up to the Date of the 19th. The code:...
View ArticleSplunk Add-on for Active Directory with CA Identity Manager
I have been traying to configure Splunk Add-on for Active Directory to get ldap query info from CA Identity Manager, but when i write the configuratios its doesn't work, i am doing proof with a ldap...
View ArticleHelp on installing Eclipse for Splunk SDK for java
Is there a specific version of Eclipse that we're suppose to use to install Splunk SDC in eclipse market place as described n the [splunk dev documentation][1] ? when i try to install manually it...
View ArticleDetecting outlier based on result of timechart
Hi, I am trying to detect if any of the server in farm decrease in performance. I can see performance going down as the number of logs go down by using the following query: index=xxx | timechart...
View ArticleCount/List results from subquery that exist in main query
index="main" "main keywords" [ search index="main" "subsearch keywords" | fields myField | rename myField as search | format ] So Subquery returns a list of `myFields` like so... `("abc" OR "xyz" OR...
View ArticleMissing Data on Line Chart
Here are some data samples ![alt text][1] ![alt text][2] [1]: /storage/temp/278607-result1.png [2]: /storage/temp/278608-result-2.png I am having an issue where data past the date of 12/18 is not...
View ArticleServer Metrics in Splunk
I would like to monitor the key metrics of some servers I have on Splunk, what should I do? Ex: CPU, Memory, Swap, Load, Disk Usage, Processes, Network Interface Utilization, Network Latency (Ping),...
View ArticleChange color of single value visualization using count
As shown, I have two different panels. The first panel uses count to determine background color. I need the second panel to do the same without changing the text inside the panel. I am using stats...
View ArticleValidating timestamp extraction after an update
Hi, I have updated all my instances by updating the datetime.xml file as described here:...
View Articlehow to create a textbox with numeric value
I have created a textbox input type in a dashboard. I want to limit that user can enter only numeric value in a textbox.
View Articledatetime.xml 2020
I am implemented the datetime.xml issue. Now according to article https://docs.splunk.com/Documentation/Splunk/latest/ReleaseNotes/FixDatetimexml2020 I want to validate the change. I create test.csv...
View ArticleWhy is Splunk Search Assistant highlighting certain words from my description...
I am using **searchbnf.conf** file to provide help on my custom search commands but the search assistant is highlighting certain words from my description in green color which is not intended. How can...
View Article