return yesterday count on: ---| eval filename=strftime(now(), "xyz_%d.csv
Hello, I am running below search; daily (last 24h) .... which returns results and "outputlookup" results into a csv based on "xyz_NO_of_day" Runs fine....if I am running such search on same day (i.e....
View Articlecan multiple indexes be searched for different fields?
Can splunk search for different indexes that contain different fields, and present that data out in readable format? I am trying to use one search that looks in index A, for specific fields, then...
View Article500 internal error when trying to access manage app or data input
I am getting 500 internal server error with below message when I try to access "manage app" or "data input" File "C:\Program Files\Splunk\Python-3.7\lib\site-packages\cherrypy\_cprequest.py", line 628,...
View ArticleDeep Learning Toolkit-Issue with apply command
I am building an LSTM Auto encoder to detect anomalies in Time Series Data In the Jupiter Lab environment , I am able to run my code and I am getting the expected result When I try to run through...
View ArticleHow to get notified for indexer automatic detention
Im not seeing any way Splunk will notify regarding automatic detention, which usually happens because of disk space issues
View ArticleHow to generate the alerts on specific condition
Hi All, I am new to Splunk.. Here is my requirement.. I have pass log directory to forwarder. Now i want to read the logs and generate the alerts when log file contains "file(s) count is 2" or greater...
View ArticleList of servers sending logs to splunk along with source & sourcetype details
Hi, I need to list all the Source Server Details (Hosname and IP Address) including log paths & Log File names which are sending logs to Splunk environment. Following query doesn't fetch IP...
View ArticleProduct Version info error
Not sure what happened this morning but I was unable to log in as admin. I noticed that it had orphan some of my alerts with my admin account even though it was still active and found this error below....
View ArticlePrinter Dashboard Idea/Issue
Hello, Trying to determine Best Practices for the following, and I don't want to reinvent the wheel if a Splunker had already resolved this issue. This is for a printer dashboard. This is a minimized...
View ArticleIngest events from AWS SQS but how to config timestamp field in props.conf
I am a newbie and I have understood basics on how to use the props.conf. But I dont find any doc on ingesting events from AWS SQS then how do I config the props.conf file to include event_timestamp as...
View ArticleServer Class Blacklisting Not working
Hello all, I am trying to blacklist some of the apps below. It doesn't matter what I do, the apps continue to get deployed to our QA search head. I had already checked whether these apps are being...
View ArticleHow to specify S3 bucket name for the AWS Add-On for AWS in Cloudwatch Input
Hi, Currently the Cloudwatch Input is collecting all metrics for all of my S3 buckets as shown here: [{"BucketName":[".*"],"StorageType":[".*"]}] How do I specify just one S3 bucket using the syntax...
View ArticleHelp getting multiple columns from a chart
I've spent the last week trying to figure out the answer to this myself in the documentation and in the questions. I'm sure this is easy if you've been using Splunk for any length of time, but I'm very...
View ArticleSplunk Universal Forwarder 7.2.x compatible with Linux kernel 4.x / RHEL 8?
Are the Splunk UF 7.2.x releases compatible with being run on Linux kernel versions 4.x, specifically RHEL 8?
View ArticleHow to specify S3 bucket name for the AWS Add-On for AWS in Cloudwatch input?
Hi, Currently, the Cloudwatch Input is collecting all metrics for all of my S3 buckets as shown here: [{"BucketName":[".*"],"StorageType":[".*"]}] How do I specify just one S3 bucket using the syntax...
View ArticleHow to create a predictive forecast for capacity consumption, then display in...
I have spent a few hours trying to solve this and viewing the forum, but no luck so far. I have a single dataset containing a chunk of data. I am trying to create a predictive forecast for capacity...
View ArticleRegex: skipping or jumping over segments for field extraction
Hey there! I am wondering if it is possible to create a regex for field extration which extracts a string, but at the same time, leaves out part of the string. Let's say there is a logline with: IP:...
View ArticleFind time difference between two events with specific condition
So i have numerous logs regarding user accessing app to order food for delivery. based on the session id, and user id, I'm able to find the first and last timestamp of each session and calculate the...
View ArticleShow a particular column as the last column always
i have a table as below. one two three four total five six i want the "total" column to be shown at the end always, like below, need help to do this.. one two three four five six total. also note that...
View ArticleSearch showing data starting on a Saturday up to current day
I have a customer that needs to have a dashboard showing a start date of Saturday and ending on the current workday. The search that I have tried, with no results, is: index=| eval...
View Article