Month to date for previous month with current month date
Hi, I have to extract the sum of particular search output from my query and the same needs to be compared with previous month to date. For example, consider today is June 15th, and i have the sum as...
View ArticleHow to extract a key and value from the json data?
Hi all, I am not able to extract the below-given value from the JSON file filed are **"initiator": test_abce, "releasenumber":0.0.11, "source": "test420", "deployenv": testppt, "ServiceMD": app...
View ArticleWindows UF using High Memory and processor
I have reviewed similar questions but haven't found a fix to this. My windows UF is utilizing high memory and processes, causing the servers to become inaccessible. I'm having too many powershell...
View ArticleRenaming timechart Fields Not Working as Intended
Hello, When using **timechart** without a **BY** this works. index IN (idx) AND host IN (server) AND source IN (ssl_access_log) AND sourcetype=access_combined AND method IN (GET,POST) AND...
View Articlei want create alert when status will be change hear hear same status will...
Actual requirement is when status field values are changed from one to another alert needs to be triggered below are the status field values Extended recovery Investigation suspended False positive...
View ArticleHelp with line breaking and stripping extra lines from events
Hello, I have been having trouble onboarding some logs that have some extra data at the top and are not breaking into individual events. I would like to remove the first 7 lines (I tried SEDCMD in...
View Articlescrape memory via lsass using Splunkd
I have installed splunk in my office PC and I got a message from an IT engineer saying below. "We were alerted to unusual behavior from splunkd on your machine. it attempted to scrape memory via lsass...
View Articlehow to separate fields and create a pie chart
Hi Splunkers, Please guide us on below requirement. Input: server, env, req no, input field,status host-1,PROD,1666680,mobile1,Deployment_Successful host-1,PROD,1666680,mobile2,Deployment_failed...
View ArticleOverride time zone DB Connect + McAfee
Hello all, We are connecting to our McAfee database using the McAfee Add-on 2.2.1 and DBConnect 3.3.1. The query reads perfectly; however, the McAfee database timestamps are in UTC time. On the...
View ArticleHow to create a search that compares two log files and displays results in a...
I have below 2 log files with 4 identical columns and in that, status is different: Status1.log host1,PROD,1666680,mobile1,Staging_Successful host1,PROD,1666680,mobile2,Staging_Successful...
View ArticleGetting error when trying to set up an alert for starting a Python script.
I am trying to set up an alert that runs a script after finding a result. For some reason, we see this error each time we try to run the script: 06-01-2020 13:20:09.091 -0500 ERROR ModularUtility -...
View ArticleError message when running a subsearch after upgrading to Splunk 8.0.4.:...
Hi all, Upon a recent upgrade to Splunk 8.0.4, I started seeing this error message when running a subsearch against a metric index using the `mstats` command: StatsFileReader file open failed...
View ArticleHow to separate fields and create a pie chart of status count?
Hi Splunkers, Please guide us on the requirement below: **Input:** server, env, req no, input field,status host-1,PROD,1666680,mobile1,Deployment_Successful...
View ArticleHow to resolve error on a search head member in the search head cluster:...
Hi All, One of the search head members in the search head cluster has a message: "Local KV Store has replication issues. See introspection data and `mongod.log` for details. Local instance has state...
View ArticleTrying to properly format a blacklist for imported files.
I have configured multiple Data Inputs, pointing at folders such as /mnt/DataInput1 etc. There is a lot of noise so tried following the following links to add a blacklist to the inputs.conf for the...
View ArticleUsing timechart command isn't working for renaming.
Hello, When using **timechart** without a **BY** this works. index IN (idx) AND host IN (server) AND source IN (ssl_access_log) AND sourcetype=access_combined AND method IN (GET,POST) AND...
View ArticleSplunk DB Connect + McAfee Add-on: How to set correct timezone?
Hello all, We are connecting to our McAfee database using the McAfee Add-on 2.2.1 and DBConnect 3.3.1. The search reads perfectly; however, the McAfee database timestamps are in UTC time. On the...
View ArticleHow to resolve alert message from IT team regarding Splunkd on Windows:...
I have installed Splunk on my office PC and I got a message from an IT engineer saying the following: "We were alerted to unusual behavior from Splunkd on your machine. It attempted to scrape memory...
View ArticleSingle value chart/trellis with smiley and other data
Hi, I have a query such as below. index = abc* host=efg* |stats latest(_time) as latest by host | eval Status = case (latest <= relative_time(now(),"-15m") AND latest >...
View ArticleProblem using baboonbones REST API MODULAR
Hello Spunk team, I want to use rest api modular input but I got this error. 6-01-2020 16:45:56.588 -0500 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7...
View Article