Spluk query for UPtime and Downtime?
Hi Folks, Can anyone please help in forming the query for internal splunk components up and downtime reporting, i found a similar but this gives only uptime, | rest /services/server/info | eval...
View ArticleSum of the values for last 24 hours is bigger than for the last 7 days
Hi, I have a little bit strange problem. I have _json format of the indexed events. One attribut "value" is big float number. If I make stats sum(value) as value_sum for last 24 hours, the number is...
View ArticleCustomize and Style Navigation Menu - Move that from Top to the Side with a...
How can i customize and style to move my Navigation Bar from Top to the left with a Hamburger option to expand and see the navigation views and with an option to Collapse it ? What I mean is: Click on...
View ArticleLine braking on JSON logs
Hi Guys, Can anyone please help me with line braking for the below json log, { "totalSize" : 473, "done" : true, "records" : [ { "attributes" : { "type" : "SetupAuditTrail", "url" :...
View Articlestats count or eval
I am trying to make an overview with different counts. The message always starts with : logger="blahblah-main.Start*" Some will go in error and then they will apear with: logger="blahblah.Exception"...
View ArticleVMware App: Not all Snapshots are listed
Hi, I'm using the Splunk App for VMware version 3.4.5 and facing an issue with the Virtual Maschine Snapshot dashboard. There are only some of the snapshots listed. So I'm missing snapshots for most of...
View ArticleThe rest api add-on works in with version 1.5.3 but when I upgrade to 1.8.1...
I've got about 10 or 12 rest api inputs setup in the add-on that are all working fine with 1.5.3 but stop working whenever I upgrade the add-on to 1.8.X is there anything I need to be changing to make...
View Articlegenerate a list of unique hashes and append new hashes hourly
I would like to take the following search that generates the hashes and outputs the lookup: index=windows source="XmlWinEventLog:Microsoft-Windows-Sysmon/Operational" Image=* | fields Hashes | eval...
View ArticleHow to display count of two different fields with different values?
Hello all I'm having difficulties figuring out how to output 2 seperate counts for 2 seperate fields. index=email spf="fail*" OR dkim="fail*" | dedup message_id | stats count BY spf, dkim Atttempting...
View ArticleCombining two alerts into one condition
Hi All, Actually I have conflict while sending the alert, Please consider below scenario, 1. detecting and sending alert for when ever server gets disconnected from the network. 2. after server gets...
View ArticleCannot download Splunk License from Web support portal
I cannot download Splunk License from Web support portal. show error "You do not have the level of access necessary to perform the operation you requested." ![alt text][1] ![alt text][2] [1]:...
View ArticleNeed help to create bubblechart (if even possible)
I am trying to create a bubblechart based on the search below. I have tried different methods to create something similar to the edited bubblechart image below, but with no success so far. I hope...
View ArticleSplunk mint SDK 5.2.7 iOS Appstore warning ITMS-90809: Deprecated API Usage
I have added Splunk mint SDK 5.2.7 into our mobile project and tried to submit a build to iOS appStore but it's throwing an error ITMS-90809: Deprecated API Usage - New apps that use UIWebView are no...
View ArticleLINE_BREAKER with INDEXED_EXTRACTIONS does not work
Hello Splunk TEAM, I have a question. I have this data: { "@odata.context":"https://app.inlooxnow.de/odata/$metadata#workpackageview","value":[ {...
View ArticleWhat is the usage of "(?msi)" in Splunk with rex comamnd?
Hi, I am having some problem to understand the usage of "(?msi)" with rex command,please help me regarding that?
View ArticleMultiselect: value's prefix and suffix not working
Hi Splunk colleagues, I'm having a problem with multiselect in my dashboards. Here's the code of the multiselect: BAPBAPBAP| search BAP IN("$form.bap$") | dedup BAP | table BAP"",Todos() The thing is...
View ArticleEvent type creation and AI
We categorize log events using event types and assign them to people to address the issues using tags. Our events are generally exception stacktraces (Java). Our event types are basically a search by...
View ArticleSplunk query for UPtime and Downtime?
Hi Folks, Can anyone please help in forming the query for internal splunk components up and downtime reporting, i found a similar but this gives only uptime, | rest /services/server/info | eval...
View ArticleLine breaking on JSON logs
Hi Guys, Can anyone please help me with line braking for the below json log, { "totalSize" : 473, "done" : true, "records" : [ { "attributes" : { "type" : "SetupAuditTrail", "url" :...
View ArticleSending Meraki Alerts to Splunk HEC Endpoint
I am trying to send Meraki Alerts to Splunk HEC Endpoint. Please refer this URL to understand how we send Meraki alerts to receiving services....
View Article