Relative reference to columns
There's something I'm just not getting today... I've got a chart command that generates results from a series of searches, evals, and other processes. The net result is a nice little chart with results...
View ArticleModify x-axis labels to show bin centers
I am trying to create a histogram plot, but I want to make the x-axis labels more readable. How do I go about doing this? Here is what I am doing: `my search | bin field span 0.5 | chart count by...
View ArticleHow to make table row count 100 over?
Hello, All In Splunk Enterprise 8.0.1, I searched "index=_internal | table _raw" and Visualization with Table. I'd like to make Table rows over 100. But How to I can't find. Is there a way to remove...
View ArticleDeployment Sizing on AWS
We are deploying Enterprise Security for various clients on AWS, and are in the planning phase. I am attempting to create reference documentation that would contain the minimum instance type and number...
View ArticleRBAC without using indexes
Is it possible to do RBAC without indexes ? I have 5 indexes at least, but I can’t use indexes to do RBAC because all users should see all 5 indexes, but the requirement is that they should only see...
View ArticleTime Chart and DBXquery
I am new to splunk. I have a DB connection from where I am fetching a table. I want to create a dashboard for with x-axis as time and Y-axis as count of table in every hour. i tried with timechart...
View ArticleSplunkWeb Broken UI
Hi, We have been experiencing broken UI on 3 of our nodes (DS, SHDep, & IDXCM; 2 screenshots below) and the rest seems to be fine. The Web UI is not showing web objects as normal, like the...
View ArticleSplunk inputs and whitelists --- how to?
I've combed through inputs.conf and the various questions on answers but can't seem to get a definitive example in how to employ a whitelist or modify my monitor stanza to match on specific folders and...
View ArticleIndexer not indexing data
My Cisco Indexer just stopped indexing new data. Splunk is receiving data from the Syslog server but just not getting index and so nothing is showing in the Cisco Networks apps/addon. I do have an...
View ArticleSizing on Smartstore (S3) for local storage
The smartstore documentation says the following: "The amount of local storage available on each indexer for cached data must be in proportion to the expected working set. For best results, provision...
View ArticleCreate an alert (Splunk query) for different nodes where if the status of the...
Hi Guys, I am Just creating a rule for a switch for multiple nodes where if the status of the switch goes down and doesn't comes up within an hour then it has to be triggered. But also if you see logs...
View Articlecutom alert action python script
Hi all. I am struggling where should I check. I want to make splunk user automatically. so, I made this script. test.py import sys import os import request import json def test(): data = {...
View ArticleCSV Lookup for search query
I have a search query like this index=ppt sm.to{}="<12-12-518@dt.com>" OR sm.to{}="<050920@cp.com>" |table sm.to{} sm.stat and I want to use a csv lookup instead because I have more email...
View ArticleMicrosoft Office 365 Reporting Add-on for Splunk is affected by stop...
Hello, I found a blog about microsoft retiring basic authentication for Exchange Online on October 13, 2020....
View ArticleHow to calculate the value of row for every column and fetch the result in...
I want calculate the row values of every column by error message... I did | Stats count(host) values(host) values(functionality) count(functionality) values (loan_num) by error_message I'm just getting...
View ArticleWhy would Splunk NOT obey "dispatch.ttl" and delete results/artifacts early?
We have a not-ar-all overloaded ED wearch head with a separate volume for dispatch with plenty of room that never gives us 500MB warnings. We also have a few weekly-scheduled searches which bring back...
View ArticleSplunk_TA_paloalto not parsing the logs
Splunk_TA_paloalto is not parsing the logs : inputs.conf : [monitor:///data/splunkapp/syslog/MSSLCPRY01/paloalto_fw/*/*.log] sourcetype = pan:log index = it host_segment = 6 disabled = false Is it...
View ArticleAdd a percentage row into a chart?
Hello there! I want to add a percentage row into a chart table. string: index=smsc tag=MPRO_PRODUCTION DATA="*8000000400000000*" OR "*8000000400000058*" | dedup DATA | chart count by SHORT_ID,...
View Articlehow to follow events on a field with different value
Hi guys, I am new to splunk. I have multiple events that looks like this: - 2020-02-07 07:21:20 action_time="2020-01-02 07:21:20.39", id_client="1234", ticket="1", - 2020-02-07 07:21:20...
View ArticleAWS instance wise billing report in Splunk
Have a requirement to create a dashboard which will give instance level billing breakup for particular service like Under EC2 Service instance A is occurring $xyz cost. Please share some Idea how we...
View Article