How to create a dashboard search with the condition "If status is not...
I want to create a dashboard with a table listing integration name and execution status with the following condition: If execution status is different than success -> on same row, show error code,...
View ArticleHow to edit my eventstats search to return a count of failed authentications...
Been working on a report to show the best data on authentications failed more than ten times in a time span of 10 mins. Am I headed the right direction? I'm just questioning my count in the table...
View ArticleShould I configure a universal forwarder to forward data to the master node...
Setting up a Splunk indexer cluster consists of the following: idx01 : indexer mode: master idx02 : indexer mode: slave idx03 : indexer mode: slave idx04 : indexer mode: slave sh01 : search head sh02 :...
View ArticleHow to update a drop-down based on the value selected in another drop-down...
Let's say I have two drop-downs. The first drop-down represents a set of trials. Let's say there were three trials. The second drop-down represents runs in each trial. Trials drop-down: All 1 2 3 Tests...
View ArticleHow to reference a dashboard token in an HTML panel?
I regularly get requests for some data that I get from several searches. The people requesting it like it formatted just so, so instead of manually formatting it each time I'd like to have my searches...
View ArticleDoes anyone use Linux zram with splunk?
I was wondering if anyone uses zram (compressed ram blocks) with Splunk. It seems each time I upgrade Splunk core (especially on indexers), the more hungry memory Splunk core gets. Typically zram is...
View ArticleWhat alternative can I used for the join command in my search to avoid the...
I am basically doing two searches where the results of the 1st search serves as input for the 2nd search. There are also two sourcetypes: TICKET_OPENED & TICKET_CLOSED, both with a common field...
View ArticleWhy is CSV Timestamp recognition not working with my current props.conf for...
I have 3 environments: Laptop - Splunk 6.5.0 Test - Splunk 6.4.3 Prod - Splunk 6.3.2 In the first two environments, I am able to pull in a csv nightly and grab the timestamp from the first...
View ArticleTA-NMON occasionally gets stuck in AIX and leads to high page space...
Hi, In few of our LPARs, we have observed a pattern that occasionally the underlying AIX process (/usr/bin/topas_nmon) called by NMON Performance Monitor for Unix and Linux Systems do not get stopped...
View ArticleHow to get all possible entries from two lookups?
How to get all possible entries from two lookups? For instance, lookup_1 and lookup_2 lookup_1 application ========= app1 app2 app3 lookup_2 service link ====== ============== s1 link1 s1 link2 s2...
View ArticleWhere is the indexname in the licenseUsage log entries?
Hi, We went from 6.1 to 6.4.1 recently, and noticed that the index that is reporting the license information is now some type of guid, rather than the actual name (See below). How do I get the name for...
View ArticleDashboard PDF scheduleing
Dear all, I would like to schedule Dashboard PDF email on Monday and Sunday only. I try to type ***0 11 star star 7&1*** in Cron Expression but it only send email on Sunday. May I know how to make...
View ArticleSankey sorting
Is there a method to sort sankey by the largest cumulative item in the left side group? I'm doing some throughput analysis and I i'm displaying volume between two nodes and we need to see it arranged...
View ArticleExport dashboard panel results in different sheets of Excel
Hi, I am trying to export the splunk result in Excel sheet. Till now I am able to export one panel's result using the help from [can-the-splunk-for-excel-export-app-be-used-with-d][1]Export to Excel...
View ArticleCentering the fields for the column title
Does anyone know if it's possible to center the tile of each column in a chart? in the picture attached I'm trying to see if I can center sourcetype, source, host, availability, Performance, Host...
View ArticlePassing tokens dynamically to search query
I have a drop down which I populate with the query and editing field values index="myindex"|stats values(Category) as categories|rex field=categories mode=sed "s/Change Request/CR/" |rex...
View ArticleBest place to filter out on field
Hi, I have the following query to report on license utilization, and now want to filter out on specific slave indexers: index=_internal source=*license_usage.log type="Usage" | join type=left i [rest...
View Articledynamic drilldown on table value
I have a table Fruits. Under Fruits table I have value "apple" "grape" "kiwi" I want to redirect the page to a new page depending on which row the user has clicked. So, if i click on "kiwi" (from the...
View ArticleHow do you configure the Proxy Settings?
I tested this Add-on without using proxy settings and it works great, but how do you get this to work if you have to utilize a proxy and is there any special configuration for certificates?
View ArticleHow to edit my rex to receive values for Start Date and End Date?
Rex expression used : `startDate= (?.*) endDate= (?.*)` Data format : `&startDate=10/02/2016&endDate=10/02/2016&` Don't get any values back for the Start Date and End Date columns.. What is...
View Article