How to trigger a backend script via Splunk UI submit button?
We have a requirement to trigger a script based on a submit button (eg from the Splunk UI examples, our end-user requires a shell script to be run). Is it easy to do or require SDK's etc? (I feel its...
View ArticleWhy does the query using an absolute value return better results than the...
A query that uses the returned (single) value of a subquery is returning different results than if I simply type in the value as a hard coded string. **Query 1:** index=cfs_*...
View ArticleRegex Help
Need help in removing double quotes from extracted field value. EVAL-user = nullif(replace(user, "[^:]+:\s*(.*|\w+\,\s\w+\s\{\w+\})", "\1"),"") Sample Log: 2017-02-12 14:02:05,Virus found,Source:...
View ArticleBest practice for Splunk ITSI Deployment with mandatory Glass Table...
Hello Splunkers, Here's a simple Scenario: Entities: webserver1, webserver2, webserver3, webserver4 Service: Infra KPIs under the Service: CPU Util, and Memory Util. (2 KPIs only using the 4 entities)...
View Articlesetting the time format for timezone offset in props
hi, I would like extract the timezone offset in time format in props. example time format , 2017-02-05T01:20:10.049-0500: 0.855: TIME_FORMAT = %Y-%m-%dT%H:%M:%S.%3N-%Z But the above timeformat which i...
View ArticleSplunk DB Connect not ingesting all the events
Hi, I'm using DB Connect app to get the records from Oracle DB. I'm using timestamp column as rising column. and also I checked the missing events in Database. there are 5 events having the same time...
View Article"splunkjs/6.6.js was not found" error messages when launching custom...
Hello, I have a problem running my application on Splunk 6.5.2 (it is working on 6.3.9 and 6.4.5). When I open application there is a "Loading Results..." message forever and no results are being...
View ArticleCan Splunk DB Connect be suspended or suppressed during database maintenance?
We had an issue last night where the Splunk DB Connect Input queries tried to run while database maintenance was going on so they all failed and were auto-disabled. I had to go in and re-enable them...
View Articlehow to connect to SPLUNK server from SPLUNK ODBC driver using LDAP...
HI, I have installed SPLUNK ODBC driver in my desktop and i was able to connect to SPLUNK enterprise which is installed in my desktop. i used SPLUNK URL and admin/{password} to connect to SPLUNK ODBC...
View ArticleForwarder Having Issues
I have a heavy forwarder for all my syslog data sources. This morning I was unable to establish a SSH session to the server getting an access denied error. I called my Operational support folks and...
View ArticleHow do I create a table from 3 different lookup table and get the data to...
I have 3 lookups. 1 is primary users and a count of total users, 2 is primary users and a task, 3 is primary users and not doing task. I tried to combine their data using stats count to get the data...
View ArticleCompare three data sources
Hello I have three sources I should compare fields. Lets say index =A index=B and index=C. All the three sources have a unique field D. I should compare values that are in index B and index C to be...
View ArticleHow do I re-configure application tenant filters?
I cannot find any page to configure tenant filters again...
View ArticleBest practices for installing Splunk with a NAS
Hey there I want to install Splunk (standalone) on one machine that's got a NAS drive mounted. I know best practices say I should install or at least keep my indexes on /opt/, for performance matters....
View Articleunable to install splunk enterprise on windows server 2012 R2
![alt text][1] [1]: /storage/temp/187174-error.png
View Article| `incident_review` time incident was assigned / closed
If I run the following search from 'incident_review' I can establish certain fields, but I need to try and calculate exactly when it was an incident was either assigned or closed. The idea is for a...
View ArticleWhy does the SearchManager data event fire more than once in Splunk 6.5.2?
I've just upgraded to Splunk 6.5.2 from 6.3.1 and the data event of the SearchManager seems to be firing twice under certain circumstances. This behaviour was not present in 6.3.1. Is this a bug? I'm...
View ArticleHow to fix these errors which are popping out continuously in splunkd.log ?
Hi All, Can any one guide us in fixing these errors which are popping out continuously in our splunkd.log ? Below are the error details 02-21-2017 04:23:05.361 -0500 ERROR AuthenticationManagerLDAP -...
View ArticleNon Prod License installation
I have a non-prod splunk license with me. I have added it to the non-prod Splunk indexer. When I am trying to integrate it to a search head it is giving me an error i.e Please suggest that incase of a...
View ArticleGeneric search to pull Job Name
20170221/032119.169 - U0020408 UC4ALERT: External Dependency inside jobplan NEWREL.JOBPLAN.X. CLEAN.SET_PARA.RTH_FOR_LOAD, (Run # 22222222) has been executing longer than expected; Please investigate....
View Article