Will summary index work with appendcols?
I have a query that joins the data from two types of log 1st search acting on log lines like this: 2020-06-02T10:54:05,899 [431972] INFO iseries.programcall.access.ProgramCallImpl Completed...
View ArticleFinding matches between 3 different indexes.
I have the following case: I have 3 different indexes (A, B and C). My goal is to find what percentage of the devices found in index B could also be found in index C. In index A I have fields...
View ArticleModifying x-axis format
I am trying to re-format the x-axis time to read cleaner. Here is my spl: index="servers" source="/var/log/secure" action=failure | timechart count | eval time=_time |table time count | fieldformat...
View ArticleWhat does the list_settings capability allow a non-admin user to do?
A requirement for one of our support teams is to be able to export a PDF of a dashboard using the Schedule PDF Delivery option within Splunk. As an admin, I have temporarily added the list_settings...
View ArticleWhy does Email Report change column order?
_Time is the column that gets moved from last to first only within the reports csv. Within the Inline results, the search, and a direct csv from the search keeps the columns in the correct order. How...
View ArticleSetting up Splunk App for Windows Infrastructure (sourcetype=Perfmon,...
Hello Folks, I am trying to set up Splunk App for Windows Infrastructure for easier dashboarding and management, however, despite days of research, I am still unable to fix/solve the problem regarding...
View ArticleField exclusion happens before field extraction
Hello, I have two questions that are quite confusing to me, can you please explain me in layman terms? 1. Field inclusion happens before field extraction and can improve performance 2. Field exclusion...
View ArticleDemisto Add-on for Splunk: Search gets replaced with the value of the array...
I have integrated Splunk with Demisto. I am trying to run the below search from Demisto: source="squid" clientip="xxx" | where server_ip IN(${DBotAvgScore.Indicator}) | stats count by server_ip...
View ArticleHow do I added a token to the query of a dashboard in Splunk?
I recreated the dashboard using the report query and have the search returning all of the table results. I have an input for the reference number as a text box. The token name is:...
View ArticleQuestions about inclusion and exclusion in relation to field extraction?
Hello, I have two questions that are quite confusing to me, can you please explain this to me in layman terms? 1. Field inclusion happens before field extraction and can improve performance. 2. Field...
View ArticleError when trying to add token to limit table results in a search?
I recreated the dashboard using the report search and have the search returning all of the table results. I have an input for the reference number as a text box. The token name is:...
View ArticleHow do I join two searches with common field?
I have one search that checks for entries with duration >= 50000 (responses for requests) source="abc.log" | regex "\"duration\" : ([5-9][0-9]{4}|[0-9]{6,})" The search returns results with JSON...
View ArticleKafka Connect load wrong configurations (Splunk connect for Kafka)
Hello, I need help on Kafka Connect. I am using Kafka _2.12-1.1.1 and Splunk connect for Kafka version 1.20. Its’ distributed mode but there is only 1 kafka connect node. I met problem of managing...
View Articlemultisearch
Dear, couple hours i am trying to get: i have one log with no similar way of words in one line... because of that i cannot get in one search what i need. This two searches get what i need: index=ise...
View ArticleRemove host name in Account_Name field
When people RDP into a server, the results I am getting into splunk is Account_Name=Sever1$ Account_Name = jdoe. When I try to display the data in a table it displays... Account_Name: Server1$ jdoe I...
View ArticleSplunk Connect for Kafka: Previously stored configurations reload when Kafka...
Hello, I need help on Kafka Connect. I am using Kafka _2.12-1.1.1 and Splunk Connect for Kafka version 1.20. It's distributed mode but there is only 1 Kafka connect node. I'm having a problem with...
View ArticleTo check logs and the status
Hi, I would like to run a search,which gives me the list of host with status' - normal,warning and critical Where Critical being logs not present in a host for 30 mins,warning - not present in 15 mins...
View ArticleNetwork Tool Kit Ping lookup with count
Is there a way to include number of packets to check while using lookup ping? What I can see is default it is taking only 1 packet sent.
View ArticleComponnents is required
Hello, Please we have an issue where when we setup the alert action we put all the required fields with the red *. We trigger the alert and in the logs we see that it is requiring the content:...
View ArticleProblems with average duration
Hi,folks. I trying timechart the average duration but the I'm not get the average values for all spa's of times. The query is like this: " (index=a) OR (index=b) |transaction Reg_ID|search eventcount=2...
View Article