Any materials or tutorials for dashboard/visualisation customisation please?
I'm struggling lot to learn dashboard/custom visualisation using Javascript and CSS. Could anyone please share materials or links please.
View ArticleLog Search Time with transaction
I have Cisco ESA logs coming into Splunk and extractions are working as they are meant to. The logs are sent by syslog and each line of the event appears to be an entry in the index. So that I can...
View ArticleUsing different lookup tables with a case statement
Hello, I am fairly new to Splunk and was wondering if the eval case function could be used in conjunction with lookup tables. Here is my current problem (if there are other solutions I am open to...
View ArticleHow to speed up log search time with transaction
I have Cisco ESA logs coming into Splunk and extractions are working as they are meant to. The logs are sent by syslog and each line of the event appears to be an entry in the index. So that I can...
View ArticleCan the eval case function be used in conjunction with lookup tables?
Hello, I am fairly new to Splunk and was wondering if the eval case function could be used in conjunction with lookup tables. Here is my current problem (if there are other solutions I am open to...
View ArticleMultivalue Extraction
I have the following set of data within each event: stack_trace: [ [-] { [-] class_name: FOO file_name: BAR line_number: -2 method_name: WALK } { [-] class_name: FOO2 file_name: BAR2 line_number: 1356...
View ArticleWhy am I getting a warning about disk space when minFreeSpace is 5000 and...
The disk usage is at 17% and inode usage is at 1%. The error message from Splunk Web says minFreeSpace is 5000 and free space is 85711: 03-03-2020 16:16:48.266 +0000 WARN DiskMon - MinFreeSpace=5000....
View ArticleIf one field null, populate another field with 0
Hello Splunkers, I have two fields that correlate. One field is hostname and another field is score. When I try to get an average of the score I get a incorrect value due to it calculating the score...
View ArticleSplunk HEC events to arcsight
Is it possible to send Splunk HEC events message part to 3rd party collector/arcsight? Eg... Now it is : Logstash --- SplunkHEC/ HF --- Indexer I want to parse message field in the HEC and send to...
View Articlehow to determine the order ranges display in tables and charts (When using...
I want to order renge from low amout of min/hour to high, like this : 1S-1M, 1M-30M, 30M-1H, 1H-2H, 2H-3H, 3H-4H, 4H-5H, 5H-8H, 8H-10H, 10H-15H, 15H-More I use this command; | rangemap field=duration...
View ArticleDuplicate events, same indextime for duplicated events
Hi Splunk Chaps, We are having issues with a data source where events are duplicated in the cluster. Strange that there are duplicate as well as non-duplicate events for few source types. Also looked...
View ArticleHow to order the ranges display in tables and charts, when using the rangemap...
I want to order range from low amount of min/hour to high, like this : 1S-1M, 1M-30M, 30M-1H, 1H-2H, 2H-3H, 3H-4H, 4H-5H, 5H-8H, 8H-10H, 10H-15H, 15H-More I use this command; | rangemap field=duration...
View ArticleHow to identify whether duplicates are happening from forwarders...
Hi Splunk Chaps, We are having issues with a data source where events are duplicated in the cluster. Strange that there are duplicate as well as non-duplicate events for few source types. Also looked...
View ArticleWhat would you say is a normal amount of threads for a a Splunk Universal...
All, Member of our management team is concerned about a Splunk Forwarder with a number of processes and threads. Curious what's normal ? What might create more threads? Less? # ps auwxH|grep splunk|wc...
View ArticleFirst transpose. Then colorPalette.
Hello, Here is my dashboard before using the transpose command ![preTranspose][1] index=oit_printer_monitoring AND type=Printer | eval timeConvDate=strftime(_time,"%a %m-%d-%Y") | eval...
View ArticleAllowing More Fields to be Shown in a Search
Quick background: I'm looking for SSO logins by users that have authenticated via NTLM. Issue: I copied a snippet of text directly from the SSO logs ("NTLMSSP principal: DomainName= UserName") that I...
View ArticleHow do I add data to Workday add-on feed?
We want to be able to see when a Workday user changes their direct deposit account/routing information multiple times. Workday users shouldn't be changing this very often so if it is happening it could...
View ArticleHOw to black list entire folder
HI Experts , I am prety sure this has been already answered but I am not able to find the correct answer on the community . I have path as below C:\app1\tomcatlogs1\WNSalesLogs1\WNEngine1\ server1...
View Articleneed some help in writing SPL for below scenerio
i Have 2 source types each source type having asset_id field i want a search to display same asset_id that is in both source types from that results i want to display nexpose_tag field for that...
View ArticleHow do I add custom behavior for one dashboard panel?
I'm trying to edit the source code of my dashboard to create a panel that only produces results if a text field input (value of my token called $partner$) is NOT "*". If $partner$=*, I don't want this...
View Article