Limit index access to App only
I need to restrict the user to not to see indexes which are created in a specific App from Search App. Any suggestion how to achieve this? TIA.
View ArticleHo to hide "Settings" for a given role on given App?
I need to hide "Settings" in splunk bar on a given App and for a given role. Any suggestions? TIA.
View ArticleHow to ingest a thousands of rows with no timestamps
I want to ingest a very large file that has no usable timestamps. I want to set: SHOULD_LINEMERGE = false DATETIME_CONFIG = CURRENT The problem is that the thousands of rows get the same timestamp down...
View ArticleMap Tile Override
Hi Team. I am attempting to use the app (great by the way) with an Australian Map Tile Provider and I have verified that the Z parameter is off by 1. E.G. where the "normal" fetch is looking for a zoom...
View Articlehelp on displaying results under timechart
![alt text][1]hi I would like to display the results of a timechart without doing another table search is it possible please?? thanks [1]: /storage/temp/285614-capture.jpg
View ArticleHow to get the data related to creation, modification, deletion of a...
Hi, I want to check when the index was created, modified or deleted from internal logs(also other details of this particular operation). Is there any way to query this data?
View ArticleSplunk Forwarder enable boot start not working on Windows XP
Hi, I have Universal Forwarder on my Windows XP machine. I enabled the boot-start upon installation but upon rebooting the machine, splunk forwarder is not running and it needs to start manually. Does...
View ArticleHow to make a panel disable when another panel is clicked?
I have 3 panels in the same row in my dashboard. My requirement is that if I click 1st panel the 2nd and 3rd panel should be blurred or in other words click functionality should not be enabled. How to...
View ArticleReplicating same locations twice or more on using maps+ as visualization in...
I have link switcher to filter the data ,when I am selecting any particular option, token for the same is passing in the query of maps+. ![alt text][1] **query :***index="indexA"|where TOTAL="$token$"...
View ArticleHow to extract timestamp from JSON file
I am uploading a JSON file into a test index and I'm trying to set the timestamp for and prefix. The events in the JSON file always start as follows: {'received': '2020-02-27 10:49:07', 'operator_id':...
View ArticleSplunk DB Connect - Duplicate events in Rising column
I setup 3 DB inputs as part of our requirement to ingest DB logs. Problem is we're encountering duplicate events upon ingesting data to splunk. I can observe the duplicate events when there's no...
View ArticleSplunk query to exclude the searched strings based on date and display in table
Hi Splukers, I have a requirement to search for some filenames and display the missing files as per the date. Thus, i made up a query to look like index=123 host=htrstef87 "string_1," "created" NOT...
View ArticleIndex Clustering
Just got my license this past week and I've been having a blast setting up. Amazing program. Anyway, I'm running into an Index Cluster Question. I've got a separate Master Node and three indexers all...
View Articlecan some one help me in fixing this?
how might i incorporate regex into a like eval element in a search like this. This syntax does not work | eval product=case((signature LIKE "%Cipher%") OR (signature LIKE "%SMBv2 signing%") OR...
View ArticleUniversal Forwarder Local Clock
I have more than 100 UF deployed and wan to know the date and time of each of the forwarders to be shown in real time basis on a dashboards. How I can read the clock data of a UF on a real time basis?
View Articlereturn: eval filename=strftime(now(), with yesterdays count (as fileinformation)
hello, looking for some help. I am running a search, daily.... but the logs in the source get updated late by the application (the app updates the source/log-file next day with values related to...
View ArticleScheduled save search in every 30 minutes past 2 mins
How to run a saved search for every 2 minute in 30 minutes interval (i.e) it should run at 2.02, 2.32, 3.02, 3.32. I tried this 2/30 * * * *, but it is showing as invalid format
View ArticleWhat is the maximum limitation of drop-down values ?
I am trying to set up a dropdown on over 90000 unique values. But all the values are not coming in the dropdown. why this is happening? Are there any limitations?
View Articledistinct_count (dc) threshold
I'm trying to eliminate results below a threshold with dc and it's not working. I only want to show versions that have at least 10 users. Here's some of what I've tried: 1. Syntax error index = data |...
View ArticleIn a mulit-site cluster, does Splunk replicate just the data to the remote...
In an multi-site cluster Splunk replicates the data to the remote site, but doe Splunk also replicate the index information or is indexing left up to the remote site indexer? Also, does Splunk...
View Article