How to force all users to use en_GB locale by default?
Hi all, I've been having some issues with users getting confused over the date format that's being used (in this example, someone said we didn't have to worry about something because it wouldn't expire...
View ArticleHow to create table with two variables? Regex
Hi, I am very rusty with my splunk. I have this query: index=nitros_prod_stores_servers sourcetype=_json OR sourcetype=xs_json host=isp** | rex field=_raw "locId(?.*)+w" | rex field=_raw...
View ArticleHow can I convert "2016-12-17T00:30:00.000+0000" to epoch time?
How can i convert 2000-12-17T00:30:00.000+0000 to epoch time? I tried using 1.) eval _time= strptime(_time,"%Y-%m-%dT%H:%M:%S.%3N%z") 2.) eval _time=strptime(_time,"%Y-%m-%dT%H:%M:%S") I would like to...
View ArticleHow to create cumulative chart separated by a field
I need to create a chart, looking like the example I added. the chart needs to show the cumulative number of tasks opened until the date, but separated by "Severity"., ![alt text][1] the following code...
View ArticleHow to calculate stdev for a count of one field based on another?
I am trying to figure out how to calculate the stdev of the number of emails a user sends. I have the following search so far where I am calculating the count of MessageId per SenderAddress:...
View ArticleWhy are some events not summarized in a data model?
I have an accelerated datamodel configured, and if I run a tstats against it, I'm getting the results as expected. However, if I add summariesonly=t to my tstats, some I get less results. I've tried...
View ArticleHow to position my two single value dashboards side by side?
Hello. I would like to position my two single values dashboards side by side like this. I need help on the xml code please ![alt text][1] [1]: /storage/temp/187349-mydashboard.png
View ArticleHow to generate a search of unique URI and all the client IP's hitting in a...
Am in a process of creating a report, in which i have URI's from many different hosts hitting from multiple IP's . Requirement : I would like to have report like this where IP's have a comma separation...
View ArticleHow to extract a string that starts with certain words or letters?
I'd like to use rex to extract the event string that starts with certain words or letters, possibly ends with certain words or letters. For example I have a event string like "blah blah blah Start blah...
View ArticleHow to convert a decimal into binary?
There doesn't seem to be command that will magically convert my decimal into binary. Any tips on how this can be done?
View ArticleUseful search queries for Hyper-V
I just installed the Hyper-V add on and am looking for some useful queries everyone uses. Any examples would be great.
View ArticleSplunk App for Web Analytics - Missing data
I've read several threads on this already, as well as have been over the documentation. I'm not sure what I've done incorrectly. Quick summary: Apache data is going into Splunk. Source type is...
View ArticleWebsite Monitoring not working
I install the application yesterday and it was working fine but for some reason, my dashboard only shows the data from the last 18hrs ago (index=main). But when I pull data from my new index is not...
View ArticleSplunk UF forwarder supports SSL conf.
Hi , Data is sent to splunk UF through the TCP connection. From UF data is forwarded to indexers. As we know SSL is supported by Splunk when Data is sent to Indexers. But can SSL config. is possible...
View ArticleGetting Proxy Error and Unable to Collect the Metrics
Hi, I'm getting proxy error. We don't have any proxy configured on the server. URL can be accessed directly from the server. I'm getting below errors in the log and unable to collect the metrics from...
View Articlemetadata will not rewrite
I am trying [once again] to rewrite metadata, host, source and source type from fields in my event. I have an event like: { [-] datasource: otherport ident: root message: This is a test orighost: play...
View ArticleHow do I install an app via REST using the /apps/local endpoint (as opposed...
Apparently, the apps/appinstall endpoint has not been kept up to date and we are supposed to be using the /apps/local endpoint instead. I don't see any good examples of uploading an app file using this...
View ArticleHow to plot a delta timechart of average response time
I have data like: timestamp, serviceName, responseTime(in ms) I want to plot the `per minute delta of avg. responseTime (difference between avg responseTime yesterday vs today) by serviceName`. Average...
View ArticleHow to use if condition along with count in a where condition?
Hi All, I need help on the splunk to find the count of the events. The base criteria was I will set of events from log file. I will group them based on myeventId and calculate the response time of each...
View ArticleSplunk Add-on for Microsoft Hyper-V: What are some useful search queries for...
I just installed the Splunk Add-on for Microsoft Hyper-V and am looking for some useful searches everyone uses. Any examples would be great.
View Article