Is it possible to schedule a dashboard to run panel searches at 12:00AM, so...
I have a dashboard with close to 20 panels. (Each search is taking anywhere between 1 to 5 min to run) The dashboard doesn't have any form elements. For all the panels, the time range is one of the...
View ArticlePrediction algorithms
How can i do prediction with the different algorithms like Clustering , Sequence Clusterting etc in Splunk. Splunk uses Kalman filter, but i need to try with different algorithms. Can anyone help.
View ArticleGotchas setting up Hunk Search Head Clustering over both an Indexer Cluster...
Is there anything to take into account for setting up a Hunk SH cluster both with virtual indexes mapped into HDFS as well as a standard Indexer Cluster? Currently our DataNodes count/YARN queue could...
View ArticlePDF report not displaying js chart
Hi All, My dashboard is with custom js script, and while sending the pdf report, my graph which is from js script is not visible. Please help me out on this. Thanks,
View ArticleHow to configure nullQueue to filter out repetitive lines from a log file...
Splunk 6.1 Linux indexers feeding server with master license. I am trying to filter out repetitive lines from a log file before they are indexed. Need to configure the 3 conf files: inputs, props and...
View ArticleHow to configure a Windows Splunk forwarder to pick up where it left off if...
I am in the process of adding the following to an inputs.conf file with the intent of forwarding events from a Windows Event Forwarding Server: [WinEventLog://ForwardedEvents]...
View ArticleIs it possible to use a lookup table to populate a search where the values in...
Right now I am tasked with creating a report for a department showing who is using elevated privileges in Linux and for what commands. That search looks somewhat like this (I've anonymized the server...
View ArticleSplunk for monitoring the CA Siteminder.
Was any using the splunk for the ca siteminder log monitoring. can anyone give some idea on developing the dashboards for the secureproxy server, policy server and web servers.
View ArticleLooking for a method to display process progress in a dashboard
I have a process that I need to create a dashboard to monitor. The process logs to a file and contains easily searchable segment identifiers, such as: Process started Download started bla bla Download...
View ArticleHow can I increase the max number of searches on my dashboard in Splunk...
I'm running Splunk Enterprise on my Windows machine and am facing an issue in loading my dashboard fully. The dashboard contains 2 tables and 14 scatter plots. When I load the dashboard, 6 of the 16...
View ArticleAfter adding a new index in indexes.conf, why is this index not being...
Hi!!! I have a big problem with the index replication in the Indexer cluster. I add a new index in the indexes.conf file (splunk_home/etc/system/local). I did this in the master node, however, the...
View ArticleHow many resources do I commit to a master node in distributed multisite...
I am in the process of setting up a distributed clustered deployment that spans 3 different sites. The deployment will live on virtual environment using VMware vSphere. I have determined the resource...
View ArticleCounting by error text
Hi everyone, I am trying to do the following in splunk but its not working: index=MRM eventtype=MRM_ERROR | eval Description=case( like(search, "%error1%"),"error1", like(search, "%error2%"),"error2" )...
View ArticleJoin Two Searches Which Include Regex
Hi, I wonder whether someone may be able to help me please. I have the following two queries: index=main auditSource="agent-f" auditType=ServiceSentResponse detail.referrer="*deletion*"...
View ArticleHow do I know and change at what time is splunk indexing the data from local...
Hello all, I have a question. Every night, between 00:00 and 01:30 at ngiht, the data is being actualized by scritps I've done for exporting and getting the data in the host. When It does the exports,...
View ArticleInteractive Dashboard Question
Hi helpful people, I have an interactive dashboard which can search different time scales and drilldown on users. Next, I wish to drilldown on two different locations; more specifically, two different...
View Articleseparate transaction results
Hi at all, I have to separate the results of a transaction to separately show each event. I'd like to do this because I have to aggregate events into a transaction to verify some rules (eventcount),...
View ArticleHow can i add more machines under the Resource Usage: Machine dashboard
Using the built in dashboard "Resource Usage: Machine", how can i add more machines in the drop down menu ? Thank you in advance.
View ArticleSearch and Reporting app Data Summary Earliest Event 15 years ago
Hello everyone I'm trying to track down the reason my Data Summary in the Search app is reporting BILLIONS of events going back 15 years. Any ideas on how I can track down where the issue is? What to...
View ArticleHow to get unlimited number of events using Splunk Java search API?
Hi, I am trying to search using Splunk Java search API. I have seen there is a limit in number of events retrieved using Splunk search job. By default 100 and we can create up to 2 power 31 minus 1...
View Article