Blue Coat Proxy Logs - User Agent Field Extraction
I can't find how to extract the User Agent field from the Blue Coat proxy logs. I couldn't find the correct answer yet on the forum. All of the answers I went through had regex that didn't work...
View ArticleLookups vs Events Questions
I'm trying to understand what, exactly, lookup tables are. It seems like getwatchlist just populates Splunk like any other data import by outputting csv formatted data into Splunk. I didn't see...
View Article6.3.1 populate dropdown with query results?
Can anyone post a complete dashboard example, with a dropdown populated by query1, and a pie charting counts based on the dropdown selection? I've been trying for 2 days now to build this - but in...
View ArticleCompare 2 indexes and 2 fields of IP addresses with different field name...
So I have 2 separate indexes with both having ip-addresses as events. On index A the ip-addresses are under **ipaddr** field and on index B the ip-addresses are under **host_ip** field. What I want to...
View ArticleWebsite Input: Another device to scrape information from
Hi, I have a WiFi Central Heating and Hot Water controller and I have put the page source of what I want to extract information from as code at the bottom of this posting. How difficult would it be to...
View ArticleAre you allowed to use one OinkCode for Two splunk instances?
This is a basic question: Are you allowed to use one OinkCode for two different splunk instances?
View ArticleWhere does Analytics for Nagios get sourcetype="nagios:hosts" data from?
I have Analytics for Nagios (4.0.0), Splunk Add-on for Nagios Core (1.0.0), and Nagios (4.0.8) with mk_livestatus installed on some UNIX systems. Many of the Analytics for Nagios dashboards work fine...
View ArticleCan't send file to Splunk
Please help, i have some problem, i can't sent from SDP data files To Splunk . The latest data on only until 14 December 2015 . Thanks a lot Best regards, Ramadhani
View ArticleBar Chart Visualization
I would like to know if there is a way to display the total number of events at the top of the bar chart instead of using mouse over to see the exact number of events. Thanks.
View Articleunable to export or save Dashboard PDF to local?
Hi, Recently we upgraded our splunk Enterprise 5.0 to Splunk Enterprise 6.0, After this upgrade process we are unable to save that PDF generated in the browser window either via the save icon or by...
View ArticleHow Can I supresss the Barner Messages(Unable to distribute to peer named...
How Can I supresss the Barner Messages(Unable to distribute to peer named INDEXER at uri https://SHEAD:7777 because peer has status = "Peer member of cluster and in distsearch.conf") for Users. Our...
View ArticleScheduled PDF alert not delivering pdf but delivering .csv with the the only...
Hi, I was running a scheduled alert for a dashboard everyday which it will sent mail with PDF attached, recently it was not delivering PDF but delivering .csv file with "No Results Found", Please...
View Articlewhich dashboards have been configured for pdf delivery?
Is there an easy way to find out all the dashboards that are currently configured for pdf delivery? I know of only Search -> Dashboards -> <MY_dashboard> -> Edit PDF Schedule But I have...
View ArticleHow do you count multiple fields with the stats count command?
Hey guys, Question for you. I have a query where I am searching for multiple field names inside of the query - `sourcetype=testing PhpFatal="PHP Fatal error" OR DrupalPHPFatal="Error: PHP FATAL Error"...
View ArticleSearch by source name in virtual index does not show results
Hi, i need to get the raw data of file based on source file name. For that i have used below query. source="xml_file_1.xml" | table _raw This is giving results only for local indexes, but not the...
View ArticleSearch a field for each word in a token separately
Is there a way to search a field for each word in a token? Let's say that a user enters: $mytoken$ = "value1 value2" into a dashboard form and you want a panel to: index=myindex $mytoken$ | search...
View ArticleSort by subtotal
Hi at all I have to show the subtotal of a stats command, but the problem is to sort the results: my search is tag=GP2 | stats count by code day | appendpipe [stats sum(count) AS Totals by code ] |...
View ArticleHow can I do a cidrmatch against a datamodel field
I'm working with Enterprise Security and I'm trying to build/refine correlations against the Network Traffic Data Model. I want to exclude destination addresses in RFC1918 space. When working with the...
View Article6.3 Search Head Clustering & Job Scheduling
We recently upgraded to a 3 node shcluster, of 8 core boxes. Our limits.conf across the cluster is: max_searches_perc = 50 base_max_searches = 10 max_searches_per_cpu = 10 So according to some splunk...
View ArticleWhat tables are available in ServiceNow?
How can I validate that new tables exist, and contain the right data prior to adding them into the ServiceNow Add-On?
View Article