Is it possible to show a custom tooltip whenever a user hovers over a slice...
Is it possible to show a custom tooltip whenever a user hovers over a slice of a pie chart, or column in a bar chart? I have been looking at this [blog about adding custom tooltip to a table][1], but I...
View ArticleIs there any way to to compare two different log sources to get the output
Hi Experts, I need your help to create query to show output when a system is infected with any malware\virus (**Source anti virus**)and same is generating traffic (**strong text**source firewall)...
View ArticlePowerShell Modular input doesn't process my sourcetype for the data.
I had a scripted input with power-shell as simply, *.bat files pointing to *.ps1 files and I was able to use my sourcetype by inputs.conf and props.conf. We recently upgraded our system to Splunk 6.3...
View Articlebreaking large JSON array from REST input into event
I have a REST API which returns a very large, but valid, JSON payload. The structure of this JSON is a single array of many objects. Last I checked the response is around 1.2mb or roughly 1million...
View ArticleHow would I generate a Report to Display any delta (By ID, by _time) in FIeld...
So a sample of the data I'm working with is as follows TImestamp | ID | Amount 2015-12-30 09:50:45 | 1 | 28668 2015-12-30 09:50:45 | 2 | 24399 2015-12-30 09:50:45 | 2 | 904 2015-12-30 09:50:45 | 4 |...
View Articletable order with eval
I've got a search that does a |table prior to doing an |eval for ldapfilter. The search results are displayed in a seemingly random order (not the order specified after |table). Is there a better way...
View Articleusing less css in simple xml view
Hi everyone Is it a way to use less css pre processor in splunk simple xml views? Any link or ressource on how to use less in splunk will be welcome. Thanks
View ArticleUnix App and /tmp
We're monitoring a large number of RHEL boxes with the Unix App, and I notice that on some in the df sourcetype the MountedOn=/tmp information does not get forwarded. I think this depends on what...
View ArticleRemove default attribute
I have an environment where I want to use apps like Splunk for Nix, but have the logs go to different indexes. Splunk_TA_nix/default/inputs.conf: [monitor:///var/log]...
View ArticleIIS log files are not read properly - parts of multiple lines getting put...
I have a report that groups webpage request by from an IIS log by SC_STATUS. The results are really bad because splunk appears to be getting confused on what line and what part of a line it's reading,...
View ArticleWhere can I find more information about how to use the interesting ports...
I've been reading this link here http://docs.splunk.com/Documentation/PCI/2.1.1/Install/Configureinterestingports and I need more information on how I can create a search using a network datamodel. I...
View ArticleHow do I perform a match on a field ONLY on letters that are followed by...
Suppose I have a field like this: `a1234` Is there a way to grab all the letters that are immediately followed by numbers? I know I can substr the first position but I want be able to work with this...
View ArticleCan't see Dashboard Visualizations in New App
Hello esteemed Splunkers, I am trying to create a new app with dashboard visualizations. Previously, I created my own dashboard in the `simplexmlexamples` app, using `table_icons_inline.js`, and it...
View Articleiplocation/mapping
Is it possible to create a lookup such as below ip,location 10.10.20.x,london 10.10.21.x,brazil 10.10.22.x,miami And show it on the map? Then when clicking on the name will have results of all the...
View ArticleDashboard is not populating
My App: Palo Alto Networks is not populating any data. I am able to do searches on my index="pan_logs" and also the host="x.x.x.x". Any ideas where I can start troubleshooting? Any help is appreciated....
View ArticleHow to get previous search results as a sub-search
Hi all, hope you can help me with this question. What I'm trying to do is, given the information Splunk keeps about triggered alerts in index=_internal, create a dashboard with the alerts triggered in...
View ArticleNewbie question on a search string to produce a line graph of multiple Y values
Hi, I've never written a search string for Splunk and some of the answers that I think are for my question really confuse me, so pleae bear with me, as this is probably a really dumb question. I've got...
View ArticleXML Data Parising
This question seems to need more details. Clear and complete questions are 30% more likely to get answers. Got it, post anyway You don't have enough karma points to post links; if you post any link...
View ArticleSplunk XML data formatting
I trying to split the xml data while pushing into splunk. I had a tough time working on this as this a combination of XML and CSV format. Input: 10:26:10 PST 16 Nov 2015 AA;systems engineer;seattle...
View ArticleHow to add and parse the xml data into splunk
Structure of the XML file looks like this 10:26:10 PST 16 Nov 2015 AA;systems engineer;seattle 1:26:10 PST 16 Nov 2015 BB;Lead;seattle CC;Tech Lead,Redmond 6:26:10 PST 16 Nov 2015 DD;data...
View Article