Displaying time point from one dashboard panel onto other panels
Let's say my dashboard has two panels with timechart displays. As I hover over panel1, I'd like for panel2 to show an indication (possibly via a vertical line) of the time in panel1 where my sprite is...
View Articlecan the add-on be in winrar or i must extract it ?
i have a critical question . when i push apps and addon in both shcluster and indexer cluster, for the indexer cluster we use the master node. the question is the add-on is downloaded from splunkbase...
View ArticleList, Raw and Table log format selection not appearing
After I run my query, I am unable to see the logs it pulls under events. I can't see them using the raw, list or table options. I used to be able to see them but can't know. I"m experiencing this both...
View ArticlePull Different Fields from another Sourcetype
I'm having to search across two indexes and am looking for a particular string of text, called "sampletext" Example: index=sso sourcetype="ping*" "my sampletext here" Now, I would also like to search...
View Articlexml field extraction with a twist
Data example:ReadyB-107445Upgrade Splunk Windows TA2020-01-29T13:49:44.3372019-03-12T12:49:22.703owner oneowner two&ReadyB-143465Review/Upgrade Splunk_TA_Nix to...
View ArticleWhen I run $SPLUNK_HOME/bin/splunk apply shcluster-bundle it runs...
HI, I have a critical issue , When I run $SPLUNK_HOME/bin/splunk apply shcluster-bundle it runs successfully but when i open the searh head members no apps are installed !! . Is there any additional...
View ArticleMake a dashboard visual from calculated field
Splunk n00b here with a question. I have a query I would like to display on a bar graph dashboard visual. Here is the query: index=wsi_tax_summary sourcetype=stash partnerId=* error_msg_service=* ein=*...
View ArticleQuery for checking on failed dashboard loads
I'd like to know if there's a way to get alerted if a dashboard is not performing as expected for a user. How do i query for list of all reports that are throwing errors in a dashboard? Is that possible?
View Article"Saml response does not contain group information" SSO error
Would appreciate suggestions on how and what to change in our IdP environment and/or our Splunk instance's SAML configuration, to get around this "Saml response does not contain group information"...
View ArticleHow do I create splunk query to get the total percentage of the two results
I'm new to splunk and need further guidance to be able to accomplish my dashboard for Pi-Hole: Could some expert guide me how? Queries Blocked tag=dns tag=network tag=resolution query_type=blocked...
View ArticleHow to Use Eval to add 2 Field Values
Search -- |source1 | stats count(source1.field1) by (source1.field2) | sort 0 source1.field2 * Search Output source1.field2 | count dev | 6 prod | 5 uat | 7 qa | 8 * How can we add count values of...
View Articlepercentage of one field event over other
I have two query 1: sourcetype=A error=499 2: sourcetype=A X=* 2nd query is almost equal to total transactions. I would like to make timechart of % of error count on X events. Basically I want to make...
View ArticleSplunk 8.0.2 Docker environment variable or defaul.yml setting for...
Is there an environment variable or a setting for defaul.yml I can set for python.version = python3 so that it is added to the server.conf? docker run -dt --restart=always...
View ArticleReport on user engagement in Splunk
Is there a way to grasp user engagement within splunk. For example, in regards to all users under "user" role, I would like to try to report on the following: 1) how long they stay on a specific...
View Articlesplunk distributed environment issues
I have some questions that i hope someone can help me clarifying them : 1) In an indexer cluster, can i install apps and add-ons on each indexer separatly without pushing all using the cluster master?...
View ArticleCan Monitor files and directories and HTTP Event Collector use the same name...
My application wants to sent dat to SPLUNK via Monitor files and directories and meantime via HTTP Event Collector. My application will format the data them required. Can I use the same data source...
View ArticleHow to setup scheduled search to run after fulfillment of another?
Hi! We have some searches on a dashboard that work way too long as they include several subsearches and calculate data for the latest 30 days, that lead daily scheduled pdf of that dashboard not to...
View ArticleLog collect status monitoring and
Hi, splunkers: My customer want to monitoring the following 2 things: 1. The status of logs collection. Thats means they wan to ensure that all logs were indexed to splunk. 2. The status of splunk....
View Articletop 10 values of fields and percentage using sdk (Similar to fields on UI)
In the splunk UI on the left hand side after the query search you can find the fields and the top 10 values, (their percentage and count) for all the fields. I would like to use this programatically,...
View Article"Account Settings" is accessible without Search app access
A user with role which does not have read to "Search" app could not access "Account Settings" to change his password. Any idea how to get "Account Settings" without Search app grants? TIA.
View Article