Sending data between dev and prod indexers
i have a dev and prod setup. We cannot have UF agent installed on splunk infra servers , as splunk does not support it. so we have setup a way to collect capacity/cpu/mem data just like uf agent for...
View Articlesplunk event time and timestamp on log file is not matching.
splunk event time and timestamp on log file is not matching. Our log file has below entry for timestamp "2020-02-20 10:14:59.363" But that time and splunk time not matching. How can I fix it? Below is...
View ArticleRouting the data to a different Index via Regex
Hello, We have a source ABC sending us logs and are being stored inside an index called all_logs. From that source, we want to separate the events, which contains the field SiteUrl:...
View ArticleTokens not setting in hyperlink
I am trying to set a token when someone uses a hyperlink in a dashboard, in theory using the details below as part of the href should work but it is not, does anyone have any thoughts on how to get it...
View Articlehow to show table pagination with start and end instead of >
Hi All.. I need help with table pagination by default splunk provides pagination option as << prev & next >> instead of that can we have start & END, where START will show first...
View ArticleNULLの場合に他のフィールドの値を代入したい
お世話になります。 以下のようなデータがあります。 issue.id,Key 1111 2222 null 3333 issue.idがNUllの場合Keyの値をissue.idに代入したいのですが、どのようにすればよろしいでしょうか。
View ArticleMicrosoft Teams Webhook - underscore problem
Hi, I have alert and I am sending a notification via mail and MS Teams. The result is a table ------------------------------------------------ apple --- 3 ---- link_to_dashboard...
View ArticleHelp on fields command which doesnt works
hi In my stats command, i need to filter the events by Model and by SITE But once its done, I need to mask the fields SITE So I am doing a `| fields SITE`but it doesnt works because I have double...
View ArticleRun an entire Search timewindowed
Hi, I have a scheduled search that detects assets when they enter and leave geofences. For that I calculate things like total time travelled, distance, everage speed and so forth... The search is...
View ArticleNeed help in time difference for events
Hi All, Pleas help me in getting a query to display the time difference from the events that mentioned below index=opennms nodelabel="GQML2-WANRTC001" "uei.opennms.org/nodes/nodeUp" OR...
View Articleiplocation.py file missing from $SPLUNK_HOME/etc/apps/search/bin/
Hello Eveyone, I am trying to use iplocation command to search for ip address info within my network. My search is as below: eventtype=wineventlog_security | iplocation src_ip prefix=srcip_ | table...
View ArticleEncrypting vales in Splunk conf file
I am writing a modular input in splunk and need to store API key and secret in a .conf file. I see how I can Rea the .conf file but how to I make splunk encrypt (and subsequently decrypt) these vales...
View ArticleMultiple server login search
I need an alert that notifies me when the SAME Account_Name logs into 2 specific hosts within the same 30 minute window. I'd like to see the events grouped by Account_Name. We auth with AD. Not sure...
View ArticleHow to populate a null field if certain field equals ***
Hi Folks Have an issue where some of my log entries contain null fields in which i need to populate in order to run stats against. From the csv dump below, dest_port is empty so i need to basically...
View ArticleTable row height
Is it possible to adjust the height of table rows on the dashboard, in order to facilitate a smaller font and thus fitting more on screen? I've tried setting via css but it only let me sets the column...
View ArticleNeed to get events created in last 30days
Hi, I am trying to fetch splunk events that are created in last 30days for below query, by selecting time range as last 30days. But i am getting all time events itseems for this query. Please suggest...
View ArticleHow to send splunk data to Prometheus?
We have a requirement to send Splunk data to Prometheus. As and when we get events into Splunk they should be sent to Prometheus. Can anyone guide me how to achieve this? --Poornima
View ArticleHow to pick the status what i wish to
I have table with 3 field values as follows SOR Datafeed Status 1art xxx Met SLA 1art yyy Missed SLA 1art zzz Met SLA Now i would like to consider status of SOR as Missed SLA if it has one single...
View ArticleUpdate the email on my certification request form
I submitted my certification form, on the Splunk website, yesterday to receive my Splunk account from Pearson Vue. I just realized that, by default, it has my work email address and I need to include...
View ArticleHow to I pass 2 fields from subsearch
Hi guys, I'm having a query that take 2 fields from specific index type, and then going out to the main index in order to get more useful info for the search. The query is working only when I put a 1...
View Article