How to force all needed rows and columns to display in a chart, table or...
Howdy, I'm struggling with the following and hoping you can help. To summarize, I require a 'value' column, which is the left most column that contains all the possible values I have defined in an eval...
View ArticleDisplaying one column value as tooltip to another column for a table
Hi, I am using one table in my dashboard. if possible I wanted to display one column values as tooltip to another column. basically in below table Threshold value need to be displayed as tooltip when...
View ArticleHow to forward indexed data to RSA NetWitness?
So I will start with the details of my setup. I am running a single server instance on a network of ~300 endpoints. All of my systems are forwarding to a total of 4 indexes currently. I am using Splunk...
View ArticleWindows Event Logs Analysis - parsing of the logs is not what it is expecting
Is anyone having trouble with evenitid add-on working with Splunk_TA_windows add-on? The Windows logs are being parsed and in a nice readable format but eventid seems to be expecting something...
View ArticleIs it possible to regex a sourcetype on a per file basis
One of our 3rd party apps has some pretty unfriendly logging. The app itself carries out somewhere between 20-30 jobs, each of which has its own log. the issue we have is that all logs are written to...
View ArticleNewly created LDAP group not accepting created roles
We have a few users that need access to application logs. We have our active directory admins create a group and once they create that group it shows up in splunk for us to add a role to. The latest...
View ArticleFiltering out data (from a forwarder) on Indexer?
hi, i have several universal forwarders deployed, and im getting lots of events i want to filter out. I understand from reading answers here i need to do this on the indexer (or else install heavy...
View ArticleFiltering out data (from a forwarder) on Indexer?
hi, i have several universal forwarders deployed, and im getting lots of events i want to filter out. I understand from reading answers here i need to do this on the indexer (or else install heavy...
View ArticleCSV report not showing data correctly
Hi, I have a daily scheduled report which goes to sftp server in a csv format. I am getting complaints that the data is not coming properly. I investigated and suspect that it may be because of the...
View Articlesplunk crashing on lookup command
We have simple csv lookup like: network,descr 192.168.0.0/24,network_name Lookup description in transforms.conf: [networklist_allocs_all] filename = networklist_allocs_all.csv max_matches = 1...
View ArticleSplunk Platform Upgrade Readiness App does not show up under apps even after...
Hi All , I am trying to install the app on search head and even after installing(Manage app->install from a file->upload) and restart of search head the app is not appearing . i have even check...
View ArticleGuidance needed on how to display current waiting time by shift
I am really struggling on how to frame the question. In essence I need to display the duration trucks are spends waiting in a carpark and display the average waiting time. But this must further be...
View ArticleService level agreement on data loss
Splunk as product what is the percentage that splunk assures on no data loss. Is there anything like 99 % or 99.99% Any document for reference would be helpful
View ArticleSum multiple indvidual columns into flat row
I have a search that based on a lookup that is pulling names and totals over the course of a 24 hour period or week based on time. How can I sum each column without having to sum every field...
View ArticleHow to get data from an external source machine
What would be a way to get data from an external machine which is not part of our environment .Correct me if I am wrong .I was assuming to install UF on the external machine , create an HTTP token on a...
View Articlewhat is the best way to forward k8s cluster logs/status etc to indexers?
indexers + SH setup on perm. What is the best way for splunk to monitor a k8s cluster deployed on one box / 3 nodes setup (HA) / 6 nodes setup (HA DR)? Thanks in advance!
View ArticleHeavy Forwarders stopped receiving some logs
Hi, I have a new HF once accepted logs for about a week, then stopped receiving on almost all logs at a same time. I compared this HF with the old working one and I don't see rotated logs created on...
View ArticleIs the AMD Rome EPYC architecture a valid option now?
I've been poking around the interwebs trying to figure out if there is a benefit/downside to going with the new AMD Rome EPYC architecture for our Splunk servers. I don't find anything specific. I...
View ArticleNot Like function !Like
I am trying to search for a server which is named differently than all the others in our network. Commonly servers are named with Location followed by 4 digits and then some string in the end (Eg:...
View ArticleCan the Subscription-based inputs use a list of subscriptions rather than one...
Azure Security Center Alerts and Tasks, Azure Resource Groups, Azure Virtual Networks, Azure Compute, Azure Billing Consumption, Azure Reservation Recomendation, and others all require a subscription...
View Article