Water Gauge Custom Viz: Display Percent option does not work?
I cannot remove the "%" even though there is an option for it. Just a heads up.
View ArticleHow to exclude null field values from search results?
Below are the log events I have, where one event has two `savedsearch_name` fields with two values `"Apache_Monitor"` and other is `""` empty. And other event has only one `savedsearch_name`...
View ArticleHow to overcome the subsearch limit of 10500?
I am working with Terabytes of data and running into a brick wall with the subsearch limit. The search that I am running is below sourcetype=slapd_log host=server-0* "BIND" [search sourcetype=slapd_log...
View ArticleHow to check and review Splunk and Splunk Enterprise Security configurations...
1- Review Splunk and Splunk Enterprise Security App Configuration 2- Check the system performance of Splunk 3- Review Enterprise Security app configuration 4- Ensure that the existing data sources...
View ArticleAfter setting up Splunk to monitor a folder, why is only the first log file...
Hi I have set up Splunk to monitor a particular folder for logs, but somehow it picks only the 1st log file added to the folder, not the latter ones. Can you help solving this issue please? The logs...
View ArticleSplunk IT Service Intelligence: Why am I getting error "URI Too Large" when...
I'm trying to configure some drilldown options from swim lanes in the Deep Dive view in the Splunk IT Service Intelligence app, but having some difficulties doing that. My goal is to be able to drill...
View ArticleTesting the HTTP Event Collector, why am I getting a "Server is busy" message?
curl -k https://localhost:8088/services/collector/event -H "Authorization: Splunk 8F6CCFXA-6D7B-48BE-A59F-7361D6003422" -d '{"event": "hello world"}' {"text":"Server is busy","code":9} Any help is much...
View ArticleWhen ‘requireClientCert = true’ , is set in server.conf, unable to run...
on splunk server have following set up **server.conf** [sslConfig] requireClientCert = true Unable to run: `splunk reload deploy-server` or `splunk reload auth` other CLI commands work okay Error...
View ArticleForescout: How to line graph month over month AV compliance counts by status...
We have obtained counts for each status description using the following search..... index="forescout" sourcetype="fs_av_compliance" description="Server*" | dedup src_nt_host | search...
View ArticleHow to run a curl command to reassign an abandoned search?
Running the curl command noted in the docs:https://docs.splunk.com/Documentation/Splunk/6.5.0/Knowledge/Resolveorphanedsearches On my search head captain: curl -k -u uname:pass...
View ArticleIs it possible to get diagnostics of the login process on the Splunk Mobile App?
Want to know if it Is it possible to get diagnostics of the login process on Splunk Mobile app.
View ArticleHow can I return specific results using head and tail commands?
I have an alert currently set to return a full set of results based upon the stats command which sometimes might number as many as 30 rows. I would like to split this alert into 3 separate alerts to be...
View ArticleIs there a way to have Splunk send email alerts based on historical trend data?
Hi - I have been looking around for a way to do this, I'm not sure if it even exists. Basically, I'm looking to see if there is a way to have Splunk send email alerts based on historical trend data....
View ArticleIs it possible to do event based comparison on file SAVE?
Hi Experts, Is it possible to do event based comparison on file SAVE? Events compare with previous file and present file and provide differences.
View ArticleWhat's the best way to perform maintenance on a member of a search head cluster?
I need to perform some emergency maintenance on 1 member of my 4-member Search Head Cluster tonight. [From the docs][1], it looks like I need to remove the target from the SHC, clean the Splunk...
View ArticleHow to write a search to group values until threshold is reached?
I have data from 2 different data sources. I am trying to figure out how to distribute a value into a cost until the cost is "used up". In other words, until the sum of VALUES=COST. Then it moves on to...
View ArticleHow can I see the search peer that a forwarder is connected to when using...
Apart from seeing data coming from the forwarders arriving in an index is there any way I can see which indexer a forwarder is currently sending data to? Either via a command, api call or log entry? On...
View ArticleCreating Stack-able graphs for 2 fields
These are my events : Based on the below info I want to crate a stackable bar graph that shows 2 errors "luchip" and "xmchip" in different colors 10/11/16 7:13:37.000 AM *2016/10/11 07:13:37| 2767|...
View ArticleHow to extract values from multiple events and create a new event with those...
I want to extract a key-value pair from multiple events and create a single event with those extractions. We have events coming in with a unique EventCode. I only want the Event code, everything else...
View ArticleNOT a question: There is a small bug in the health checks for 6.5.0...
There appears to be a bug in `splunk_monitoring_console\default\checklist.conf`. After running the Health Checks, the GUI drill-down for "Search scheduler skip ratio" states "This checks whether...
View Article