Extracting multiple events from a large single JSON output sent via a REST...
I have a service which runs an SQL query over a database and returns a simple table with two columns, “Item” and “Item count”, which contain the name of an item and its quantity. These tables will have...
View ArticlePDF export option is not available in HTM dashboard in Splunk 6.3.1
Hi All, While creating dashboard through simple xml we are getting pdf export option on that dashboard view.But after we converting in HTML the PDF export option is not visible on dashboard view.Please...
View ArticleSplunk SAML Unable to parse the payload received as a part if idp metadata...
We tried to enable SAML authentication for our 6.3.1 splunk SH. For this we tried to import the IdP metadata xml file, but this fails with the following message : "Unable to parse the payload received...
View ArticleDrilldown from an icon used in a single value component to another
Hi, Is there a way to be able to drilldown from an icon used in a single value component to another. In 6.2 we were able to achieve this quite easily in SimpleXML. Once we upgraded to 6.3 it no longer...
View ArticleAny way to fill my summary index with the newer portion data every day from...
Hi Splunk team, I have a scenerio where i have a raw index and a summary index , a scheduled search which is used to populate data from raw index to summary index. my scheduled searchs runs on daily...
View ArticleAssign specific color to a pie-chart-piece on a dashboard when number of...
I want to assign specific colors to pie-parts even when the number of pie-parts vary from 1 to 5 parts. Error parts are not alwys in the pie but must always be red. Completed part is always in the pie...
View Article6.1.1 Line Chart Consolidation Issue
I created a basic line chart using Splunk 6.1.1 on Linux. When I do not specify the earliest and latest variables the line chart shows as expected. When I fill in these values for earliest and latest...
View ArticleHow to display filler gauge displays horizontally
How to display filler gauge displays horizontally in simple xml
View Articleinputlookup on CSV - including date ranges in csv - help!
Hi, I'm trying to run this query: index="proxy" [|inputlookup TEST.csv | return 2 $IPs $dates] My TEST.csv file has the following: IPs dates 10.10.10.10 earliest=11/27/2015:10:00:00...
View ArticleQuery to display results of the login failures occurring in a server from a...
I am trying to craft a search which will display the users who have failed logins more than 2 times against a server. Below is the search I am using. Need help to include the "greater than 2 events"...
View ArticleHow to avoid wrong timestamp with MAX_TIMESTAMP_LOOKAHEAD
Hello, I have logs from Cisco ESA (emails) and some of them are logged in the futur. For example this log is marked "12/16/15 11:**20:30.290** PM" by Splunk but it should be "Dec 16 00:28:26". Dec 16...
View ArticleSearch multiple time ranges from lookup
I am looking to search for a given value (an IP in this case) between a specific time range. This is easy to do as a one off, but I have a large number of IP’s I need to search for and would ideally...
View Articlesubsearch maxout user defined
Hello, I would to run a scheduled report once. A very log time search, I don't care about performance or time to complete. I set in local **limits.conf** [subsearch] # maximum number of results to...
View ArticleEvent ID for each event in the index
Hi My auditors are questioning and requiring that each event we log into splunk has a unique identifier added by Splunk I see where they are coming from but cannot produce evidence of something I know...
View ArticleCreate a search based on prior search timestamps
Hi, My issue is i have two different searches, first: index=test user=test document=* second: index=test2 user=test src=home action=view what I would like to do is gather the timestamps from the first...
View ArticleSplunk can't read custom field values
I added a field "cluster" to all my events, so that I can search for results in a Hadoop cluster specified. I edited inputs.conf on each node for example with [default] _meta = cluster::Test8 and...
View ArticleCan't pull Tor Exit Nodes or Zeus Data
I installed this app yesterday and it's pulling all data except that from the Tor Exit Nodes and the Zeus blacklist (and I think a few others). Here's what the troubleshooting logs say: [*] Script...
View ArticleSplunk 6.x Dashboard Examples: How to replicate inline icons or rangemaps in...
I have installed the "Splunk 6.x Dashboard Examples" App and I am trying to implement the use of "Inline icons" or "rangemap", both of which have an example in the app. I have created a separate app...
View Articlemachine inventory - a saga
Hi folks, I am having problems integrating the Splunk Addon for Powershell. My goal is that I want to run a process that collections machine data once a day at a specific time across all my systems;...
View ArticleIs there a way to output a CSV value from a regex match?
I've got a lookup table that consists of two columns; "Description" and "PCRE". What I'm looking to do is search my proxy data and, if the regex from the PCRE column matches the _raw data, add the...
View Article