How to get the count of forwarders that are reporting from each...
Hi Splunkers, I want to get the count of forwarders that are reporting from each application/Workspace. Example: I have created 4 apps/workspace for 4 different teams. So now I want to get the count of...
View ArticleHow to specify a value in one place and use it in several searches?
I have several saved searches that contain `where vehicle_distance<=100`. I want to make the value of 100 tunable in _one_ place rather than having to edit all the searches. I've discovered that I...
View ArticleAnomali ThreatStream Community App: How to perform a basic search?
Installed the Anomali ThreatStream Community App from Splunkbase, and uploaded 2 sets of data. (1) Network.log that have several IP address I am interested. (2) web.log that has several url, that I...
View ArticleIs there any way to do stats count over multiple time frames?
Is there any way to do stats count over multiple time frames? I am trying to replace something written in perl and output to .xls format. I wish to count IP addresses in each subnet; I have about 3500...
View ArticleHow to best resolve peer indexes down due to wrong homepath in the indexers?
While pushing the cluster bundle from the cluster master to indexers, there was a wrong homepath in the indexers app that was being pushed. As a result, the peers could not restart and were down. And...
View ArticleAnomali ThreatStream Community App: What does "Error in TsidxStats": Could...
I am new to the Splunk world, but I was trying to use Anomali ThreatStream Community App and a search but get the following errors: (1) Error in "TsidxStats": Could not find datamodel: TS_Optic (2) The...
View ArticleHow to build a search that shows the uptime of Splunk and the host reporting...
I am required to build a search which will show the uptime of all my Splunk components over a period of one month. Also I am required to build a search for the host reporting to Splunk
View ArticleHow can I get the latest event by a specific field?
Hello, I have the following event data: City,Date,Temp,Sky New York,2016-11-10,20,Clear New York,2016-11-10-19,Cloudy San Francisco,2016-11-20,20,Clear San Francisco,2016-11-19,18,Rain...
View ArticleWhy doesn't this custom search command call class method?
Given an excerpt from custom search command: logger = logging.getLogger( 'nbclosest' ) logger.setLevel( logging.DEBUG ) K_STAG = 'stop_tag' K_TIME = '_time' K_VDIST = 'vehicle_distance' K_VID =...
View ArticleHow do I display negative values through geostats?
Hello, I'm busy mapping temperatures for locations around the world and in some cases the value is negative. Unfortunately negative values are not displayed in the map through the geostats command, so...
View ArticleIs it possible to create a multi value visualization for each value of a...
Hello, I am trying to create a variable sized visualization based on the value of a field grouped by another field. To explain what I mean, I have a table with temperatures: CITY,TEMP Tokyo,6.67 New...
View ArticleWhy is the knowledge bundle directory filling up after 6.5.1 upgrade?
I am having an issue with the knowledge bundle directory not deleting old bundles. This started after upgrading from 6.3 to 6.5.1. We only have 1 search head that keeps sending bundles to the directory...
View ArticleI have logs with out-of-order timestamped events. Will searches compensate...
Given this excerpt from log files I generate and index: 2016-11-19 20:34:21 GMT vehicle_id="1009" route="E" speed=0 distance=136 stop_tag="4502" 2016-11-19 20:36:44 GMT vehicle_id="1009" route="E"...
View ArticleHow do I extract numerical value from within a string using rex command?
Hello, I've been reading up on the `rex` command and using it to split strings, but I cannot for the life of me get it working. I have the following input: FORECAST Sun and a few passing clouds. High...
View ArticleHow to modify my search to include historic count to my current day's count...
Hello everyone, I have a search as follows which displays the usernames, their accessing application count on that day, and the average of total users average accessing application count index=foo...
View ArticleHow to edit my search to display data on a weekly chart?
Hi All, For a trend chart, I have data for the following dates 2016-10-29 - saturday 2016-11-05 - saturday 2016-11-12 - saturday 2016-11-15 - Tuesday 2016-11-26 - saturday i want a weekly chart which...
View ArticleWhat does is the function of eval in this search?
We use eval command to create new field , we used this as function ex: `|stats count(eval(method="GET")) as get` . can someone explain this example clearly? what is `eval` doing here?
View Articlehow do I cause summary indexing keep stats on distinct items?
I am having trouble understanding summary indexing, and keeping stats on container objects, but I am really interested on the stats on distinct objects in the containers. How do I cause summary...
View ArticleHow to put new line character in underlabel tag?
150 characters in undel label tag How to add new line at panel ends and set the string as per the size of panel?
View ArticleREST API Modular Input: How can I make REST calls to MS Project Server 2013?
Hello, I am busy trying to configure the REST API Modular Input to make a REST call to my MS Project Server 2013 instance, but I'm not exactly sure how to configure the form and Custom Authentication...
View Article