Quantcast
Browsing all 47296 articles
Browse latest View live

Will summary index work with appendcols?

I have a query that joins the data from two types of log 1st search acting on log lines like this: 2020-06-02T10:54:05,899 [431972] INFO iseries.programcall.access.ProgramCallImpl Completed...

View Article


Finding matches between 3 different indexes.

I have the following case: I have 3 different indexes (A, B and C). My goal is to find what percentage of the devices found in index B could also be found in index C. In index A I have fields...

View Article


Modifying x-axis format

I am trying to re-format the x-axis time to read cleaner. Here is my spl: index="servers" source="/var/log/secure" action=failure | timechart count | eval time=_time |table time count | fieldformat...

View Article

What does the list_settings capability allow a non-admin user to do?

A requirement for one of our support teams is to be able to export a PDF of a dashboard using the Schedule PDF Delivery option within Splunk. As an admin, I have temporarily added the list_settings...

View Article

Why does Email Report change column order?

_Time is the column that gets moved from last to first only within the reports csv. Within the Inline results, the search, and a direct csv from the search keeps the columns in the correct order. How...

View Article


Setting up Splunk App for Windows Infrastructure (sourcetype=Perfmon,...

Hello Folks, I am trying to set up Splunk App for Windows Infrastructure for easier dashboarding and management, however, despite days of research, I am still unable to fix/solve the problem regarding...

View Article

Field exclusion happens before field extraction

Hello, I have two questions that are quite confusing to me, can you please explain me in layman terms? 1. Field inclusion happens before field extraction and can improve performance 2. Field exclusion...

View Article

Demisto Add-on for Splunk: Search gets replaced with the value of the array...

I have integrated Splunk with Demisto. I am trying to run the below search from Demisto: source="squid" clientip="xxx" | where server_ip IN(${DBotAvgScore.Indicator}) | stats count by server_ip...

View Article


How do I added a token to the query of a dashboard in Splunk?

I recreated the dashboard using the report query and have the search returning all of the table results. I have an input for the reference number as a text box. The token name is:...

View Article


Questions about inclusion and exclusion in relation to field extraction?

Hello, I have two questions that are quite confusing to me, can you please explain this to me in layman terms? 1. Field inclusion happens before field extraction and can improve performance. 2. Field...

View Article

Error when trying to add token to limit table results in a search?

I recreated the dashboard using the report search and have the search returning all of the table results. I have an input for the reference number as a text box. The token name is:...

View Article

How do I join two searches with common field?

I have one search that checks for entries with duration >= 50000 (responses for requests) source="abc.log" | regex "\"duration\" : ([5-9][0-9]{4}|[0-9]{6,})" The search returns results with JSON...

View Article

Kafka Connect load wrong configurations (Splunk connect for Kafka)

Hello, I need help on Kafka Connect. I am using Kafka _2.12-1.1.1 and Splunk connect for Kafka version 1.20. Its’ distributed mode but there is only 1 kafka connect node. I met problem of managing...

View Article


multisearch

Dear, couple hours i am trying to get: i have one log with no similar way of words in one line... because of that i cannot get in one search what i need. This two searches get what i need: index=ise...

View Article

Remove host name in Account_Name field

When people RDP into a server, the results I am getting into splunk is Account_Name=Sever1$ Account_Name = jdoe. When I try to display the data in a table it displays... Account_Name: Server1$ jdoe I...

View Article


Splunk Connect for Kafka: Previously stored configurations reload when Kafka...

Hello, I need help on Kafka Connect. I am using Kafka _2.12-1.1.1 and Splunk Connect for Kafka version 1.20. It's distributed mode but there is only 1 Kafka connect node. I'm having a problem with...

View Article

To check logs and the status

Hi, I would like to run a search,which gives me the list of host with status' - normal,warning and critical Where Critical being logs not present in a host for 30 mins,warning - not present in 15 mins...

View Article


Network Tool Kit Ping lookup with count

Is there a way to include number of packets to check while using lookup ping? What I can see is default it is taking only 1 packet sent.

View Article

Componnents is required

Hello, Please we have an issue where when we setup the alert action we put all the required fields with the red *. We trigger the alert and in the logs we see that it is requiring the content:...

View Article

Problems with average duration

Hi,folks. I trying timechart the average duration but the I'm not get the average values for all spa's of times. The query is like this: " (index=a) OR (index=b) |transaction Reg_ID|search eventcount=2...

View Article
Browsing all 47296 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>