How can I parse XML with multivalue fields?
Here's a small snippet of an xml firewall event i'm trying to parse:1Temperature @ Ocelot0.060.0False36.01Temperature @ Switch0.060.0False37.5 Ideally i'd like to set up a process to extract the two...
View ArticleIs it possible to adjust a license pool retroactively?
We had a license violation in 1 pool, while our overall pool was within our license capacity. Is it possible to retroactively assign additional resources to the pool from one of the other pools that...
View ArticleHow to read a file and use the data inside in a eval function?
I am new using Splunk, sorry. I need to separate a lot of subnets by name. I would like (txt) to read a file kind of: 10.0.1.0/16 NAME1 10.5.0.0/24 NAME2 ... I am using this search now : | eval...
View ArticleHow do I display results of a Splunk alert before the message content?
I have an alert that has message content to be sent in an email: e.g. Message Message info here returned about the alert When the alert triggers the message info is returned followed by the alert. How...
View ArticleWhat is the correct earliest_time format for searches when programmatically...
I'm using Python SDK (or some other client) to query Splunk and its not accepting my date format. What is the correct format to specify for earliest_time?
View ArticleSplunk add-on for Unix and Linux - netstat, logs fields not extracted
Hi guys, I installed the Splunk App for Unix and Linux and the Splunk Add-on for Unix and Linux. I've a problem with the sourcetype = netstat . The fields of these events aren't automatically...
View ArticleHelp parsing out events - need to get timestamp, host and sourcetype to...
I have the following event: { [-] ident: vcap.cloud_controller_ng message: {"timestamp":1489461920.4637804,"message":"(0.000343s) SELECT * FROM `spaces` WHERE `id` =...
View ArticleHow do include the license pool name in my report
Hi, I have a search listed below which spans all pools (currently 4 and more coming) and shows the index usage for the past 30 days. Is there anyway to include the pool name associated with the index?...
View ArticleHow to set up in-page drilldown with different tokens
For a single in-page drilldown, the following codes work as expected from "master1" table. How can I set up an in-page drilldown from either either token from "master1" or "master2"?Process...
View ArticleDeployment client to Deployment server - config file
Hi, I want to know where the config files for connecting deployment client to deployment server is available. What is the path to the config files on the box? Thanks, Deepak
View ArticleSplunk add-on and app logs
Hi, I have a setup in which the deployment server pushes the Splunk_TA_NIX add-on, Splunk unix app and JMX add-on to the deployment client, but the data is not flowing in. 1) Which logs should I check?...
View ArticlePredict: show past events and future predictions
I'm using predict, and seeing good results, but I would like to clean up my visualization. What I would like is to see past data and future predicted data with no overlap. Using `eval...
View ArticleHow to hide input based on another input?
I have two different inputs, "by usage" and "by process", and I want to use a radio button to control the those inputs to be visible to end -user. How can I do that? Thanks.Process TrackingCategoryby...
View Articlecisco_ironport_web.log sample data needed
I am building an index and would like to get some sample data, specifically Cisco Ironport Web data that contains a user, URL and domain fields.
View ArticleRegex Question for Database Field Extraction
I am using DB connect and my customer has a need for an alert setup that runs the search string and looks to see if there are any new records in the table, if so, send an e-mail with all the details....
View ArticleOracle WebLogic App for Splunk Data Consumption
Hi All, Apologies if this question has been asked before - but is anyone able to provide some rule of thumb estimates for how much data Oracle WebLogic App for Splunk will pull if we capture all...
View Articlecreating a scatterplot with time on the x-axis
I'm looking to create a multi-series scatter plot where time is on the x-axis. An example would be something like this: ![alt text][2] Attempts to do this in splunk are failing. Given the format...
View ArticleHow to calculate memory utilization with perfmon KPI's ?
Hi I want to show avg memory utilization of windows servers using Perfom KPI's. Below are the perfmon kpi's avilable Perfmon: Memory Perfmon:Available Memory How do i calculate.. Please help with the...
View ArticleHow to Extract a particular string with the lowest respective Value in a...
Hello everyone, I am trying to identify the resultant ERROR from a given event. My search is in italics bellow and an example event is shown thereafter: *index="logs" process=beamCommonProcess...
View ArticleHow to list input name of DB Connect on a search?
Hello, I have DB Connect plugin configured for MySQL. If I search for a keyword, the occurences of the keyword appear however the name of the input (the table) does not (see the image below). ![alt...
View Article