How to remove the currency symbol etc. from a field before indexing?
This is what the data looks like in the source file (.csv). Notice the $156.03 09/26/13, 2013 , 09-Sep , Week-39 , Thu , - , 4 ,, $156.03 ,, $156.03 ,100%, $39.01 ,,0:00, 13 , $12.00 , This is what I...
View ArticleIs Palo Alto Networks App version 4.2.1 compatible with Splunk 6.3.1?
We are currently running Palo Alto Networks App version 4.2.1 with Splunk 6.2.2. We are thinking of upgrading to Splunk 6.3.1. Do we need to upgrade Palo Alto Networks App first?
View ArticleHave we correctly estimated storage for our move to an indexer clustering...
We plan on moving to a clustered environment soon, so we are starting to dive into what we need storage wise. Based off Splunk...
View ArticleDisplay events when current date is >= 30 days from expiration date
Spent all day trying to figure this out. The events I'm working with contain a field with an expiration date in Unix epoch time. I'm trying to bring up a table of events when current date is >=...
View ArticleHow to search the difference between two values that share the same field...
I'm trying to get the difference between two values that share the same field name from two different sourcetypes that contain a field indicating a request has been completed. A. sourcetype=one AND...
View ArticleHow to write a search to organize data from a CSV file into a table format?
I am trying to arrange some information received in a CSV file in a table format (as per example) The two searches I used was as follow: **Search 1** index="labour" | stats sum(Hours) as TotalHours BY...
View ArticleWhy am I unable to reload the deployment server with error "TypeError:...
Hi Guys, Today I found the following error: PS C:\Program Files\Splunk\bin> .\splunk.exe reload deploy-server Traceback (most recent call last): File "C:\Program...
View ArticleHow to search for overlapping events that occurred on the same host?
Given the Splunk result set in the attached screenshot, I'd like to formulate a search that finds all overlapping events that occurred on the same host. Many thanks!
View ArticleHow do I integrate my Google Voice with the Google Voice Analytics app?
I downloaded the app, but I need to know how to integrate my Google Voice
View ArticleHow to automate checking up application forms to connect to server ?
Hi Splunkers, We would like to use splunk for audit trails of host server logs. In our operations, we always compare application forms of MS excel in Windows file server for remote connects to Windows...
View ArticleWhy am I getting "Error while posting to...
Hi all, Has anyone successfully deployed the Google Apps for Splunk? I installed the app and then restarted Splunk. While trying to set up the app, I got an error message saying Encountered the...
View ArticleHow to define metadata in Splunk db connect and how to use database input in...
Hi everyone, I am using Splunk db connect v2. I created identities and connections. I also created a database input. The query displays the table with the different fields. I don’t know what to enter...
View ArticleGroup row values to column - Summary Index
My summary index search results for a timechart is as below: (index="siabc" | sitimechart sum(Count) by Host) Time Host Count 19:15 server1 4446 19:15 server2 6536 19:15 server3 5863 19:15 server4 7822...
View ArticleRex to Exclude + Sign
I wonder whether someone may be able to help me please. I'm trying to extract the text "Comapred to previous years almost a pleasure to use" from the raw data as shown below...
View ArticleLicence Usage Report does not do daily rollover
Hi Splunkers, I am facing the issue, that the licence report on my Splunk Licence Master does not get rolled over since about 14 days now. The license_usage.log has no entries for...
View ArticleHow to enable index data integrity in SPlunk 6.3?
Hi I was in the doc, Block Signing feature has been removed from Splunk 6.2. I need to have a indexed data integrity check feature in Splunk 6.3. Is there any alternative feature for block signing or...
View ArticleBest method for batched (periodic or en masse ad hoc, not real time) ingestion?
## What I've read I ask this question after reading the following Splunk Dev articles, among others: * "[Getting data in](http://dev.splunk.com/view/dev-guide/SP-CAAAE3A)" * "[Logging best...
View ArticleFacing issue with _time in predictive analysis. I am using LL alogorith to...
_time decrements i.e. after 26-Nov-2015 it shows 12-Sep-2015. Query : index=main host="uscinc4b8s6.noam.tcs.com" sourcetype="csv" | timechart span=1h min(Pwr Sply) as Pwr_Sply | sort -_time | predict...
View ArticleNeed help for train command in Splunk Predict App.
Unable to remove old model. I need to create new model with same name but different fields but even after changing old model is shown: query : index=main source="programlog 21sep - 70-71-72...
View ArticleCan IMAP Mailbox monitor more than one mailbox?
I have two mailboxes I want to monitor. It's fine for the email events to go into the same index. Is it possible to add a second IMAP configuration to imap.conf? For example: [IMAP Configuration]...
View Article