How to edit my search with appendcols command?
i tried to run 3 searches using the appendcols command. the search engine of Splunk is displaying the error as Server error and restarting the Splunk server. query1 |appendcols [search query2]...
View ArticleHorizon Chart - Custom Visualization: How can I increase the number of rows...
For my search for the horizon chart includes: |timechart avg(R) as R by T. I have 18 values of T. However, the horizon chart seems to be limited to 10 rows. Is there an option to change the number of...
View ArticleREST API Modular Input: How to split out modular REST input into multiple...
I have a modular call made every 5 minutes to a performance checking API that validates all of our microservices are performing ok. Currently in our lab its onboarded as a single one line event....
View ArticleHow to create an email alert when a host stops sending data from a particular...
Hi, I have few sourcetypes which sometimes stops sending the data because of some indexer issues. Each hosts send data to multiple sourcetypes and I want to get an alert when any of the hosts stops...
View ArticleHow can I display hosts which do not have AntiVirus installed but require it...
All, Might just be lack of caffeine here. But I can't quite get this subsearch working. I have my assets.csv setup for Splunk Enterprise Security (ES) - dest_requires_av=True I can see hosts checking...
View ArticleHow to use values in lookup table not as fields but as search strings?
Using lookup table to search events but having some issues: |inputlookup router_lookup | rename Router_Name as DEVICE_NAME Router_Interface as INTERFACE | fields DEVICE_NAME, INTERFACE | format results...
View ArticleHow to parse Microsoft-Windows-TaskScheduler/Operational logs?
Can someone help me out with a regular expression to parse Microsoft-Windows-TaskScheduler/Operational logs? I don't think I am the first to want to extract fields from this log? I am pulling in the...
View ArticleHow to get duration of transactions within the earliest and latest time?
Hi all, Below is how the data I have. currentDate user _time 2017-02-01 aaa 8:00:00 2017-02-01 aaa 9:12:00 2017-02-01 aaa 11:15:00 2017-02-01 aaa 14:16:00 2017-02-01 aaa 17:00:00 As of now, I know how...
View ArticleSingle Node Splunk Cluster to Multi Node
Hi Team, We have a single node splunk enterprise cluster. The version we are running is on 6.4.4. This single instance acts as master, search head and also indexer. The data got indexed in intervals...
View ArticleWhy is "machineTypesFilter" not pushing to both Windows apps?
I've got an odd issues where my Linux clients are getting the 'forward logs' app, but my Windows ones are not. My Windows clients are properly getting the 'set input' app, though. I could cheat and put...
View ArticleHow to produce a dynamic number of panels in a dashboard based on a form input?
Need a sample code to produce a dynamic number of panels in a dashboard based on a form input. Anybody successful in achieving it? Thanks
View ArticleNested JSON in GUI
Hi. I have an JSON event that has nested arrays of objects within it. In the Search app, it "prettifies" the top level of the JSON event, but does not provide us with a "pretty" form of nested...
View ArticleHow to get Citrix NetScaler with AppFlow to actually be CIM?
Hi all, We have the Citrix NetScaler with AppFlow app working great and it's bringing in two sourcetypes. appflow and ns_syslog. The app says it's CIM but if you download the app and open it up there...
View ArticleIssues moving data from one index to another
I was attempting to move events from one index to another using this command index=main host=gpm source=/var/log/gpm/gpm.log | collect index=gpm sourcetype=gpm I checked the initial search to verify...
View ArticleHow to generate a search to calculate new column value?
Sample data below. I need to compute the col_3 based on col_1. It should give me the running sum of col_2 but should reset to 0 if col_2 is zero for a given col_1 value. col_1 col_2 col_3 A 1 1 A 0 0 A...
View ArticleWhy can't the Clustered Single Value Map visualization find my custom KML?
Per the documentation, I placed a number of KML files in `$SPLUNK_HOME/etc/shcluster/apps/leaflet_maps_app/appserver/static/visualizations/leaflet_maps/contrib/kml` on my search head cluster deployer...
View ArticleWhy am I unable to start the Splunk Monitoring Console?
Every time I try to enable the Splunk Monitoring Console, I get the following error: User 'splunk-system-user' triggered the 'disable' action on app 'splunk_monitoring_console', and the following...
View ArticleHow to combine additional events to an existing Transaction?
Hello, I am trying to organize various types of events into single events. Currently I have a transaction set up to capture particular types of ERRORS in our system logs. But there's additional...
View ArticleCan I chart values without aggregation?
I'm trying to chart values where there are multiple values per comparison_category. Splunk doesn't seem to like it unless I aggregate those values somehow. e.g. avg(*_field) For example: Vegetable,...
View ArticleF5 Networks - Analytics (New): How do I get the rest of my data into the app?
I'm looking to see what I need to do to get the rest of the data in the F5 Networks - Analytics (New) app. I currently am not getting any data for the expiring SSL certificates, recent virtual changes,...
View Article