Installing the Java logging JAR
I want to write some Scala that writes out to the Splunk logging API, so I went [here][1] to get started. It links [here][2] to get the JAR. The only JARs there are for the SDK and SimData. The only...
View ArticleExcluding a source
I have a host sending log data and I am wanting to exclude a specific directory from being ingested and/or indexed but no matter what I try, the data continues to appear. I am using a heavy forwarder...
View ArticleTime chart for average of duration by Channel span 1h
I have the following data and i am trying to create a time chart of the data for average duration by channel "_time",duration,CH "2020-02-13 11:30:32.367",275,BOSRetail "2020-02-13...
View ArticleHow do I transpose a trellis label into a code for using in a drilldown
I have a trellis view where I break down my charts into Cities. The labels are something like 'Charlotte, NC'. I can make a drilldown to my details page using the form.city=$trellis.value$. The problem...
View Article[SSL:UNKOWN_PROTOCOL] unknown protocol(_ssl.c:741)
I made alert action In Add on Builder. (I want to receive alert results and create a splunk user.) I have this ERROR that I can not solve. signiture="Unexpected error:[SSL:UNKNOWN_PROTOCOL]unknown...
View ArticleSplunk AddOn for Salesforce UserAccountId field
Hi, We are using Splunk to query the LoginHistory object from our Salesforce org. In the login report, there are two fields : UserId and UserAccountId. May I know what values do these two fields refer...
View ArticleTable cell renderer does not work on Firefox
I've very similar javascript as below in my dashboard which adds up the color in the table. As I've updated dashboard.css I cannot utilize XML color palette, so I had to use table cell renderer....
View ArticleSplunk 8.0.2 report acceleration problems
Prior to updating to Splunk Enterprise 8.0.2 scheduled accelerated reports ran extremely fast: Report A Duration: 37.166 Record count: 314 After updating to Splunk Enterprise 8.0.2 the report ran...
View ArticleFiltering out data (from a forwarder) on Indexer?
hi, i have several universal forwarders deployed, and im getting lots of events i want to filter out. I understand from reading answers here i need to do this on the indexer (or else install heavy...
View ArticleNeed help in regular expression to extract data.
I need to filter the data from below _raw only the SPLUNKXML ="" _raw 2020-02-13 01:04:18.910, COUNT="863132", URL="http://122.32.10:8080/HP/Material", SAD="GET",...
View ArticleNeed help with Configuring Splunk Add-on for Cisco ESA
Hello All, I have been going through Multiple posts but still not able to configure my Splunk Add-on for Cisco ESA. I have some confusion and need your opinion on it. I have a Distributed environment...
View ArticleHF upgrade from v6.6 to v 7.3.3
Hi All, I am planning to upgrade a heavy forwarder from v6.6.6 to v 7.3.3 What should be my approach to upgrade? Can i directly upgrade the HF to v 7.3.3 or, I have to upgrade it to v7.0 and then to...
View ArticleDashboard multiple lookup filters
Hi there, I am trying to create a dashboard with some filters.. Roughly: 3 boxes populated and filtered by a lookup or kvstore lookup cat (car manufacturer) - for instance could be car manufacturer (...
View Articlesum multiple session duration
Hi at all, I have a very strange problem that I'm trying to solve. I have a data source with the following fields: - user - dest_ip - start_time - end_time I have to understand how long a user used...
View ArticleIndexed data vanishes after few hours and cause 0 events for 2 3 hours time...
I have a Clustered environment and monitoring setup for application logs,universal forwarders push data to indexers . Lately , I have been facing issue where the application logs are getting indexed...
View ArticleSplunk Forwarder connection to Cluster Master
Hi All, I am trying to build a query through which we can track if all the Splunk forwarders are connected to Cluster Master. Wanted to create an alert if there are issues when forwarder is not able to...
View ArticleRestrict user access to specific lookup table
I have a lookup table that stores employee data to map employee numbers and departments.In the dashboard I will use the following spl, but I don't want the user to query the lookup table or export it...
View ArticleWhat is the best way of moving data from splunk to HDFS storage for...
We are currently trying to set up a reliable solution for moving data from Splunk to HDFS location. This is not for archiving. We would like to move the data to HDFS location so that we can further...
View ArticleSplunk shows no logs (0 events) on it for some amount of time in a day .) 0...
I have a clustered splunk environment and monitoring in place for quite a few application logs. Lately , I have been encountering an issue with data collection in Splunk . For some frame of time...
View ArticleGet columns that have non-zero value columns over time (using timechart)
Hi Team, Can anyone help me on this - I want to Get columns that have non-zero values over time (using timechart). _time Column1 Column2 Column3 Column4 Column5 Column N 2/14/2020 2:11 0 0 0 0 0 0...
View Article