$env:$ tokens do not resolve within evaluation of a different token?
I'm posting this question mostly because it's maddening. I want a dashboard that is shared between two apps to behave differently based on the value of $env:app$. Doesn't work: If I run a search as...
View Articlefast alerts?
Existential question here... :) What is the appropriate mechanism in Splunk to have multiple (potentially 100s) of alerts that are based on latest events rather than realtime or timeframe searches...
View ArticleUse hostname variables in index_time EVAL
Hi everyone, I am trying to add a custom field on every events that coming from a Heavy-Forwarder, so that from search I can know which HF the evnets are going thru. Here is my configuration in a HF:...
View Article(Splunk Dashboards App Beta) How to wrap text in a table?
Hi, I'm using Splunk Enterprise Dashboards App (beta) and inserted a table in my dashboard, but I need to wrap the text to show all of the content. Instead of this: ![alt text][1] I need something like...
View Article[Splunk HTTP Event Collector] Having trouble connecting to HEC port.
We are often seeing the following error messages from HEC servers and users are complaining of failures connecting to HEC: 04-16-2020 19:02:04.513 +0000 WARN HttpListener - Socket error from...
View ArticleHow to create hundreds of fast alerts for searches based on latest events,...
Existential question here... :) What is the appropriate mechanism in Splunk to have multiple (potentially hundreds) of alerts that are based on the latest events, rather than real-time or timeframe...
View ArticleHow to join and get stats from same index?
Hi Experts, I have data set like below from same index but from different sourcetype, common field on which I can join is aapid, app_id. I want to only show those app id which take more than 20 min...
View ArticleSplunk Add-on for Microsoft Office 365 TypeError: can only concatenate str...
Hi im having this Error where my Splunk Add-on for Microsoft Office 365 is not working. TypeError: can only concatenate str (not "bytes") to str . Please suggest help ASAP. Thankssss! Here is the log...
View ArticleChecking latest version of microservice
I have got a query to check container metric for micro-services. There are currently multiple versions of micro-services running. I would like to change the query to check metrics for latest version of...
View ArticleFound problem on TA-Demisto configuration
Hi All, I'm install splunk on windows. After i'm insert parameter of "Demisto URL/Hostname/IP Address" and "API Key" i'm found error "Encountered the following error while trying to update: Error while...
View ArticleBase Query return 440 events, but stats result is 0
Hi team, I have below query. The base query has 440 events returned, But when I use stats command, tje number is 0. Does the because the special charaters in the string to be matched? How should I...
View Articlecount number of grouped events
hello i have this query : index="prod" eventtype="csm-messages-dhcpd-lpf-eth0-sending" OR eventtype="csm-messages-dhcpd-lpf-eth0-listening" OR eventtype="csm-messages-dhcpd-send-socket-fallback-net" OR...
View ArticleHowa to Extract only MPid field with the value from the raw data.
hello all How to Extract only MPid field with the value from the raw data. so that **MPID=127746** i can list {"MPid":"127746","url":"https://www.webox123.com","id":2301,"IDformance_level":"436",...
View Articlecolor a splunk table collumn based on value
I have a statistical table with rows and columns I need to color a particular column values either red or green based on some value.How can I achieve that A B C D 1 1 1 1 2 2 2 2 3 3 3 3 Hence,as per...
View ArticleOfficial support for Splunk 7.3 in Container
We're considering setting up Splunk enterprise 7.3.0 (for heavy forwarding) in a docker container. https://docs.splunk.com/Documentation/Splunk/7.3.0/Installation/Systemrequirements As per this Splunk...
View ArticleHow to split JSON events to usable format?
Good morning all, Complete novice with JSON workings, but essentially I have managed to configure a REST api that's ingesting the result of an alternative monitoring tool (sacrilage I know), running...
View ArticleMake One column of table as drill down
I have a Splunk table with three columns with headings. I want to know how to add drill down/make one column only(first column) clickable and pass that value to all other panels. Any help would be...
View Articleserver monitoring
Hi team, I have installed UF and add on for windows and getting server data to my splunk instance..... are there any use cases on monitoring and forecast predicting using MLTK for this data...?? this...
View Articlemonitoring data
Hi team, what is the difference between perform data and the data provided by the windows add on???
View ArticleWhat is the difference between perform data and the data provided by the...
Hi team, what is the difference between perform data and the data provided by the windows add on???
View Article