Is it possible to take a dashboard panel from one app and put that panel in a...
Question to see if this is possible. I have a few source types with things such as Cisco network devices, where there was some conflict in the mappings, so I put them in separate apps as to not break...
View ArticleAdding labels to polygons in choropleth maps
I am working on a choropleth map with an overlay from a custom kmz lookup. I have the visualization presenting data correctly, but I want to include labels for the custom regions rather than having to...
View ArticleHow to combine two searches and display as a single tabullar?
I have the below search_1 My search |top 5 users I have a second search as below My search |stats values(field_1) as field_1 values(field_2) as field_2 by users Now how can I combine these two searches...
View ArticleDynamic Time custom field
Hi, I have a problem on a dashboard, I have to create a timechart dashboard on a custom field (that is not index time) and add also a timing filter on this custom field. I have created the dashboard in...
View ArticleWhy is the overpage of the Splunk App for AWS not to showing the graphical...
Overpage of Splunk App for AWS is not to showing the graphical output and I'm getting below exception in splunkd.log 10-27-2016 10:31:38.395 -0400 ERROR ScriptRunner - stderr from...
View ArticleIs there a way to force a locale so that Splunk recognizes a timestamp in a...
I have a timestamp that i haven't been able to use. The format is the following:<11/Dez/2015 00H00m WET> Event information ... Dez is for December in Portuguese. Using `%d/%b/%Y %HH%Mm %Z` but...
View ArticleWhy am I receiving "ERROR S2SFileReceiver - event=statSize...
Hi, I am receiving the above error `ERROR S2SFileReceiver - event=statSize replicationType=eJournalReplication...status=failed` Running in a clustered environment. There are always only 5 events, once...
View ArticleHow to fix my search to exclude a particular event type but get a count of...
Hi. My search which I want to count by eventtype has a stat for "eventtype=err0r". When I try to exclude it, the counts for the other event types are incorrect, even if I explicitly add the eventtypes...
View ArticleIs it possible to highlight a specific term from an inputlookup?
All; I am running Splunk 6.3.5 and need to see what term "hits" in the resulting event. The search is: index=proxysg sourcetype=proxysg_base [|inputlookup aterms.csv | return 10000 $aterms] I attempted...
View ArticleHow to generate a regular expression on a URL to capture a resource path and...
Hi all, I am looking for some help for the following use case. I have a series of endpoints represented by full URLs logged across a few sources, of which i am trying to normalize to then aggregate on....
View ArticleHow to display pie charts associated with statistics for all of ours servers...
Hi. I have a pie chart based on a given criterion, but it only shows one pie chart at a time from my dashboard. Is there a way to create all the pie charts by looping the criteria? Thanks.
View ArticleWhy does my HTML/JS Force Directed Graph keep updating and changing?
I've just setup my first FDG based on the example in the WFT. There are a couple of things things that are bugging me that I can't seem to fix.. 1 - The graph is constantly updating / changing - my...
View ArticleSplunk Enterprise Security: How to write a search to create a time chart or a...
Does anyone have a search to create either a timechart or a table with the notable event times by hour? I want to create a list of the busiest times our notables come in by urgency. I.E. 5 10 lows at...
View ArticleHow to run a macro with a group by field?
I have a macro that I want to run on multiple subsets of a data source (a group-by field). I can set up the search manually to do this by using the append command, but i'd like to make this automatic...
View ArticleWhy is HTTP Event Collector listening only on 127.0.0.1 (localhost) address?
I enabled the HTTP Event Collector and I can see on my Centos 7 by running the ss -an command that it is listening only on 127.0.0.1 address. As a result the curl is working when calling 127.0.0.1:8088...
View ArticleZscaler App for Splunk: Where should this app be installed in a distributed...
Where should the Zscaler App for Splunk be installed in a distributed environment? Can it be installed only on a heavy forwarder to index the data and then use it in Splunk ES?
View ArticleHow to migrate from an indexer clustering to a standalone environment?
Weird question, but does anyone have a graceful procedure to go from clustered environment to stand alone? Current setup: 1 master node 2 indexers clustered 1 stand alone search head Company wants to...
View ArticleIs there a way to do a NOT IN search
something like; [search index= myindex source=server.log earliest=-360 latest=-60 "
View ArticleWhy is Pivot is missing from the Splunk menu?
I downloaded Slunk on my laptop (Windows 10). The pivot menu is missing. Instead there is a dataset link. Does it need to be turned on somewhere?
View ArticleSplunk App for Web Analytics: The search "Generate user sessions" needs to...
I have nginx logs which contain very precise timestamp like this one: `2016-10-27 20:53:03.664`. Translated in seconds, it gives this value: `1477594383.66401`. As a consequence, the scheduled search...
View Article