How to customize the colors and layout of my dashboard other than "Edit Source"?
Hey Fellow Splunkers I'm interested in changing the colors and layout of my dashboard, the only place I see where those changes can be made is in "Edit" then "Edit Source"? Thank You, Anthony, S.
View ArticleHow do I combine information from two traps into a single line in table based...
How do I combine information from two traps into a single line in table based off of message ID comparison, user, and IP address (Where IP address in one trap is data and not in a field)? My search is...
View ArticleHow and where do I customize my dashboard via XML?
Hey, Splunkers I would like to change the colors to my dashboard, unfortunately I don't have admin access to add a CSS file to the directory. I would like to know if it's possible to edit via XML...
View ArticleHow to search the count of host Instances, and get the latest occurrence if...
In addition, if there is a duplicate host, I'd also like to keep the fields of the latest. Here's an example: Host Date Source Label 198.162.1.1 1:00:54 198.162.4.5 A 198.162.2.1 3:32:54 198.162.4.5 Q...
View ArticleHow to join 2 CSV files that have unique values in single table?
Fields in first.csv file: **DN**, **uidn**, **count**, **Status**, **TimeStamp** Fields in second.csv file: **DN**, **uidn**, **AppID**, **eid**, **user**, **eStatus**, **Timestamp** DN value is...
View ArticleHow to perform a join on a field from source1 to one or another field in...
I'm trying to join information from a metadata search to a lookup file. It works using a subsearch such as this: | metadata type=hosts index= | join type=left host [|inputlookup myfile.csv |rename...
View ArticleHow to identify valid tstats fields in an index?
I am trying to create a search that I can use to determine what fields are available for a tstats command. I have a large index with multiple sourcetypes, many of which are extracted at index time. The...
View ArticleHow to edit my search to prevent getting multiple alerts?
Created a search to monitor members added/removed from a group. It's working in search, but in the alert email for deletion of one member from the group, we're getting thousands of alerts. Please see...
View ArticleSAML Configuration to Okta in Splunk Enterprise 6.3: Where do I find...
I am setting up SAML authentication to Okta in Splunk Enterprise 6.3. Attribute query URL, Username, and Password are required for setup. I am having trouble finding the information needed to populate...
View ArticleWhy are we getting a different result running a search via REST API call...
So, I have a customer that is running the same search via different methods ... He is running it via an API call as well as a saved search that is emailing the results to his team. Problem is that the...
View ArticleHTTP Event Collector: Is it possible to send multiple events in one API call?
In HTTP Event Collector, is it possible to send multiple events in one API call? I tried setting line break properties in props.conf, but unfortunately that did not help. Here's what my props.conf look...
View ArticleHow to create a pie chart of percentages out of just numeric token values?
Trying to do a pie chart out of just numeric values, getting values from different tokens and using them for this piechart, I just want to show them as % of the entire sum of numeric token values. How...
View ArticleHow to properly connect a search head cluster to a search peer?
I'm having a very hard time connecting my search head cluster to my search peer. I have stepped through the search head documentation very carefully located here:...
View ArticleHow to display the average of each host for a particular search in a timechart?
I have a search as follows field_id="X" | eval b=len(_raw) | stats sum(b) as b | eval gb=round(b/1024/1024/1024,2) | eventstats avg(gb) as Avg Which displays the average gb per each day for that...
View ArticleWhere can I blog my Splunk experiences?
I'm interested in blogging my experiences with Splunk, `blog.splunk.com` doesn't have a section for this. Can anyone recommend where to do this? For those interested, my blogging will include -My...
View ArticleHow to edit my search to count a certain event, then group that count by...
Variables : LoginString Connections UT=10 UT=45 Essentially, I want to grab the login string where UT=45and then tie that LoginString to the Connections. I want to then count the number of times UT=10...
View ArticleWhy am I receiving "SL: CERTIFICATE_VERIFY_FAILED" errors after configuring...
I have configured the SSL certificate according to instructions of the TA. - Copy the URL of Security Center and paste it to the Firefox browser. - Click View Page Info > Security > View...
View ArticleDisplay list of dashboards in "dashboards tab" in two different tabs
I need to display all list of server dashboards in server tab and desktop dashboards under desktop tab. Right now all dashboards are under dashboards tab. Any idea of how I can implement this?. I...
View ArticleHow to use a custom token filter within Simple XML
I'm trying to implement a custom token filter based on the [Transform and validate tokens](http://dev.splunk.com/view/webframework-concepts/SP-CAAAEW4) docs, but can't quite seem to make it work....
View ArticleUnable to get the email alert ? Even when the alert condition is set to...
Hi All, I have used the below query to capture the **splunk service status (Up or Down) via splunkd.log**. When executed with the time stamp as yesterday we are getting the output. But I want to...
View Article