Cant generate proper table with percentage and BY clause together
Hi! First question and relative newbie, so bear with me! :) I created below query to show the number of missing server ID's per rack. But I can't get the `BY` clause and percentage calculation to work...
View ArticleHow to remove unfinished buckets from "bin" command
I am using a bin command on _time field to have 10 minute sections of data. Like below: |bin _time span=10m minspan=10m | stats sum(myField) as myField by _time |streamstats avg(myfield) as avg by...
View ArticleSignature mismatch between license slave - but key/secret are the same
I reinstalled Splunk with clustering today. The problem is that I keep getting 'Signature mismatch between license slave' errors. I have the same Splunk Secret on all servers. Therefore I added the key...
View ArticleDifference between two date by field
Hello,This is my query | loadjob savedsearch="myquery" |where strftime(_time, "%Y-%m-%d") = "2020-02-24" |eval show=if(STEP="show",strftime(_time, "%Y-%m-%d...
View ArticleHelp with props.conf with lookup?
All, I have a lookup, which I in turn want to do a couple aliases on. But doesn't seem to work. I get clienthost back, but the aliases don't. Any idea what I might be doing wrong here? ## Some DNS...
View ArticleCreating a report to point to a file filled with hashes
I have a few files with a ton of signatures indicating a malicious actor. The files consist of MD5 hashes, file sizes, filenames, and SHA256 hashes. Id like to make a dashboard with reports checking...
View ArticleHow do I install the Puppet Report Viewer in a clustered indexer and...
I have been asked to install the puppet viewer application into our clustered environment. Reading the install information, it appears that it's speaking about a non-clustered environment. What would...
View ArticleIs there a REST API for putting a Cluster Master into Maintenance mode?
I was just curious about this since I couldn't find anything on it in the following page: https://docs.splunk.com/Documentation/Splunk/8.0.1/RESTREF/RESTcluster Thanks in advance.
View ArticleGigamonAppforSplunk : Streamfwd not running
Hello Folks, I am installing the Gigamon app on splunk and it requires the Splunk Stream app as well as the Add-on. >I followed the instructions as provided in Readme file. When I restart the app I...
View ArticleITSI - Unable to update the Action Rule in Configure
I am trying to update the ITSI action rule in the messages, with some different body of the message. Even after saving it, the message is not saved and returns to original. The steps taken are ITSI...
View ArticleWebsite monitoring with SSL
Hi Splunk Team! I want to use the website monitor app to monitor the URL with my ssl how do i config app? thank all
View ArticleWarning after Splunk upgrade to 8.0.2 and Enterprise Security to 6.1.0
Hi at all, I've just upgraded Splunk Enterprise from 7.1.1 to 8.0.2, Enterprise Security from 5.2.0 to 6.1.0. and all the related apps and TAs on a Search Head. All the upgrade is ok but I have this...
View ArticleSplunk Simple XML : Invalid character entry in XML help with CDATA in href
hi UI gurus, we have a simple requirement to display certain links in a dashboard. All is good until there is invalid (un-encoded) characters involved. then if I use `[[CDATA]]` then Splunk simple XML...
View ArticleWhat is the difference between a "Finalized" search and a "Done" search?
After upgrading to v8.0.1 we noticed that many of our long-running scheduled searches are ending up in a "Finalized" state, instead of a "Done" state. We also suspect that our results are now...
View Articlelog file parsing on IDX
Hello, I just want to parse a log file. I try every solution found on forum but never work. (Splunk 7.3.3) **Log:** 2020-02-22 12:49:21:5962020-02-22 12:49:20:435 **What i want on Splunk SH:** _time...
View ArticleNeed help in some time conversion
HI all, Need help in getting below code adjust to get the value as expected. index=nw_syslog "DDOS_PROTOCOL_VIOLATION_SET" AND ( "*USDAL*" OR "*USEMC*" OR "*NLACO*" OR "*SGPNH*" OR "*USHCO*" OR...
View ArticleSubsearch only returns 1 value
The search below looks up a serial number in another index, there will be multiple values to "x", but currently it only returns 1. How do I get it to return all of the values? Also, 2nd question, as...
View ArticleMy search is slow. I was wondering how should I convert my search into a macro?
My search is running slow. I have a live dashboard and it is populated by a query in my search. I am new to Splunk but I managed to develop a dashboard project. I'm working on macros and I was...
View ArticleData loss after shutdown Splunk
Hi, I used "Add Data: Files and Directories" function to add a 200MB csv file from my hard drive into Splunk Enterprise 8.0.2 (Trial Version, MacOS). In order to do that, I configured it with a custom...
View Articleprops.conf not working to break the events after pipe line
i am trying to break the events in the below data after each pipe (|),placed the props.conf on both UF and HF still doesn't apply but when I am trying the same props.conf in the UI (add data) before...
View Article