single value visualisation trending on dashboard
I have a dashboard on weekly bandwidth usage, and would like to get trending on the multiple reports that use the Single Value Visualisation to show if it was up/down from the previous week. But not...
View ArticleWhy am I receiving syslog errors that splunkd was killed by signal 8 (SIGFPE)...
I am receiving errors in my syslog showing that splunkd is crashing about every couple of minutes on my two clustered indexers. I have been researching the issue and have yet to determine the root...
View ArticleHow to disable search tour for all users in Splunk 6.3.x?
Since upgrading to 6.3.0 I have been getting a popup asking me to take a search tour but would like to disable this for all users.
View ArticleWhy is the Splunk dispatch directory not getting cleaned up automatically,...
We run into some issues in our Splunk environment. We have a Splunk 6.3 indexer and search head. The dispatch directory on the search head is constantly growing and Splunk stops working after a few...
View ArticleHow do I join data between an index and lookup table?
Hi there! I have an issue. On one hand, I have an index with a lot of information and duplicated values. And on the other hand, I have another file, a static file, that shares a field with the other...
View ArticleWhy is my scheduled alert email not sending and getting error "'utf8' codec...
Splunk Enterprise ver: 6.3.1 OS: Windows7-64bit email -server: local SMTP Server `./splunk cmd python -m smtpd -n -d -c DebuggingServer localhost:2500` Search App test: index=_internal | head 1 |...
View ArticleHow to get the job.resultCount for a dashboard panel search, not the base...
When using the following Dashboard and check the job.resultCount for the table element, it returns the number of the base search `$QUERY$`, not that of the filtered search `$QUERY$ | where $FILTER$=1`....
View ArticleAdd line return to renderXML wineventlog
Hi, as a french user i use render_XML to get internationnal formated windows log. but the xml event is one lined, recognition is ok by splunk but ends with an non firendly one lined event :...
View ArticleCompare Lookup CSV with Search
Dear Experts , I have created the Lookup Hostname.csv(Contain only one field Hostname) which contain 100 number of hosts. I need to write a search to compare the hostname.csv with current search(List...
View ArticleCan Splunk read logs from Scribe server on 1463 port which will be in Thrift...
Can Splunk read logs from Scribe server on 1463 port which will be in Thrift format?
View ArticleHow to configure the Qualys App for Splunk Enterprise for Kb lookup file in a...
Had few questions regarding this app, can anyone please help? 1. In a distributed envt, I have installed this app on the forwarder. The index exists on the indexer and I'm able to see the data in the...
View ArticleWhy am I unable to add an Informix DB connection via Splunk Web in Splunk DB...
Using c2.0.6 (and I think 2.0.5 as well): When I try to create an Informix DB connection, the UI doesn't seem to save the **Informix Server** value to the **db_connections.conf** file. I populate that...
View ArticleHow to write a search to find the count of parameters in a POST over a period...
Hi, We were asked to analyze the parameter usage. It is a POST with JSON body. The target is a set of 30 parameters. Each parameter is optional for that http POST. The final query will be like this:...
View ArticleIs there a way to get Splunk DB Connect 1 to parse a binary column into...
I have a DB Connect query for which the results in one column read as ***** BINARY ***** Is there a way to get DBConnect V1 to parse that column into Splunk-friendly ASCII?
View ArticleWhy am I getting "404 Not Found" after configuring the Splunk Addon for...
Hello All. I am just getting started with Splunk Enterprise 6.3.1 and have installed the Azure Add On (https://splunkbase.splunk.com/app/1586/). I can configure the add on to point to my cloud storage...
View ArticleHow could I dynamically exclude events from search results?
Hello All, I'm working on a new query for one of our SIP (VoIP) dashboards. In the SIP world, each call has a unique call ID called the SIP Call ID. Due to the way that our fail-over devices work,...
View ArticleWhy am I unable to run a fresh Install of Splunk 6.3 on a VM running Windows...
Hi. I just installed Splunk Enterprise 6.3 on a VM running Windows Server 2012. The install went fine, but when I try to run Splunk, it waits indefinitely to connect. Splunkd is running, the VM is...
View ArticleHow to troubleshoot why creating a connection in Splunk DB Connect 2 to a MS...
Hey, I tried to establish a connection in Splunk DB Connect 2 to a Microsoft SQL Server. I tested the connection directly from the server with an ODBC Connection, so I'm sure the Login, DB Name, etc....
View ArticleHow do I parse the three separate values for the Security_ID field in...
We have winEventLogs feeding into splunk. I have the following alert setup. sourcetype="WinEventLog:Security" interesting_event=yes group_type=protected | table Account_Name Group_Name message...
View ArticleWhat is the best practice for host name extraction of syslog servers as well...
I have syslog servers which receive and forward log data to Splunk from a few hundred devices. I am curious what is the best/preferred way to extract the hostname of the syslog servers as well as the...
View Article