How to trigger command prompt pop up upon trigger?
Hi, is it possible to do a pop up alert when search is triggered? I tried putting a alert.bat file in \Splunk\bin\scripts with commands below but it did not pop up.
View ArticleHow much RAM do I need to avoid I/O problems?
I have noticed a correlation between RAM usage and I/O on my indexers. Whenever RAM usage goes around or above 50%, I/O usage goes crazy. My understanding is it's because spare RAM is used by the OS as...
View Articlerpm upgrade not working...
I inherited a Splunk server that I'm trying to do an upgrade on, but the rpm keeps hanging. rpm -Uvh splunk-6.1........ and when it tries to upgrade it hangs at: This looks like an upgrade of an...
View ArticleCouldn't able to add Splunk Apps in Search Head since it throwed an error as...
Hi Team, We are using Splunk 6.5 version and when i tried to navigate to Apps manage in Search Head server and when i tried to add more apps it loading for very long time and it finally throwed an...
View ArticleCisco eStreamer for Splunk not logging
Hi. I have new install Splunk 6.6.1 and Cisco eStreamer for Splunk 2.2.2 on Windows Server 2012 R2. I configured eStreamer, but no success result. I add option "Verbose, debug-style logging" in...
View ArticleWhen using Powershell Resource kit MaxReturnCount max value
I'm running a search using Powershell Resource Kit, I've set MaxReturnCount to 100,000 but the search only returns a max of 50,000. Could you let me know if there is a way to increase this limit?...
View ArticleSplunk role capabilities needed for splunk apply shcluster-bundle
Hi, I have to create a splunk role for an "operator" user who must be able of launching the CLI command "splunk apply shcluster-bundle". What capacilities should I have to attribute to this role ?...
View Articledatamodel query with time specifier for DB_Output
I'm having a search query with datamodel command, and I want to use the results of this query in Db_Output. The query should be run specific time range. The problem is, after configuring the DB_output...
View ArticleCan I set individual tokens for both the fieldForValue and fieldForLabel?
I want to have a token for both the form input value and label fields which differ (fieldForValue, fieldForLabel), is it possible to do this? Or is there a way to access the label from a token (e.g.,...
View ArticleRounding in chart with by clause
I've just encountered a strange thing that doesn't seem to be covered by an Answer or the docs. If I have a chart command without a 'by' clause, the standard method of rounding works: [search]| chart...
View ArticleSearch query is truncated when clicking on "open in search" from a...
Dashboard are running fine. When I click on "Open in Search" a tab open with search but the SPL query is truncated resulting in an error or incorrect search query. It truncates at about 1385...
View ArticleHow Do We Convert Our Heavy Forwarders to Universal Forwarders
When we first rolled out Splunk to our forwarders we installed the full version. We would now like to convert them to Universal Forwarders to reduce the footprint on the servers. All the documentation...
View ArticleHow to dynamically update table based on selected pie chart slice?
I have a dashboard with 1) a pie chart the shows clear groupings of my data and 2) a table that shows all of the original data. I would like to enable a user to click on a single pie slice, and have...
View ArticleFormatting my date
Below is my report but my date output is blank, i am searching for powershell events on my network and need to know what date these events occurred, any suggestions? sourcetype="symantec:ep:risk:file"...
View ArticleTime Conversion - Elapsed Time
I have time stamps in the format of H:MM. But when the minutes reach 60 they don't add an hour only when the number reaching above .99 does it add an hour. This makes the timestamp hard to read. What...
View ArticleCSV lookup table incorectlry loaded into "Statistics" tab.
Hello Splunkers! I have a CSV that I can have loaded into Splunk. Unfortunately, all of my data has been loaded into the "Statistics" tab, rather than the "Events" tab. Is there a way to force Splunk...
View ArticleIgnoring header in the csv file
I want to index and search csv files in splunk. Each file has a header at the first line: number1,number2, number3, 1,2,3 4,5,6 I've created a custom csv sourcetype in props.conf and defined custom...
View Articlechart - how to display count of each bar on top of it?
how can i display count of each bar on top of it? index=* ......|chart count by _time how to display number of events of each bar in the graph?
View ArticleSplunk Uninstall
Trying to get Splunk off a box so I can install with what I hope to be better knowledge so I can improve our documentation. for the command rpm -e splunk_product_name what does splunk_product_name...
View ArticleFree splunk weird behavior on license usage
I am using Splunk free to record few events from my website - i.e. my own analytics. I have an average daily usage of 0.3% of the free quota. Then ocassionaly the system reports quota overage of about...
View Article