How to parse an event and get a table
I have a error event in this format indexed in splunk Error for batch element #1: One or more values in the INSERT statement, UPDATE statement, or foreign key update caused by a DELETE statement are...
View ArticleHow to Remove 'First time signing in?' message?
Hi Splunkers, after an upgrade to the latest version we keep receiving the following standard request on authentication page at every logon (the password for admin was changed long ago): 'First time...
View Articlestat results using lookup and index fields, event count =0 or more
Many fine examples on how to present stats results even if a zero output, but for some reason cannot get it to work in my environment. Not sure if there is a loop causing false output or not. One of my...
View ArticleConvert Multiple Values in single field to multiple fields
I am needing some assistance with the following issue with a field with multiple Values. Since this is coming from a database input I am having some issues trying to get this fixed. I have a field that...
View ArticleHow to monitor files using SPLUNK SDK c#
Please let me know , how can i monitor files using SPLUNK SDK in C#, is there any pre defined modules for it.
View ArticleReducing the margins surrounding a pie chart
When certain chart types are created, they seem to have too much whitespace surrounding them. This is especially noticeable with pie charts when embedding them in other apps or programs, but is...
View ArticleAny Alternates for Splunk Outer Join?
I set up a savedsearch to monitor the status from some critical reports (from a "critical_reports.csv" lookup) within a certain time range such as 7 days. I used outer join to find out if the reports...
View ArticleLeft Join nor working properly in 6.6.2
Join not working properly in version 6.6.2 I am writing a simple query using join. But it doesn't seem to give the correct result. Objective of query: To list the host names that are present in lookup...
View ArticleFetching search strings from database.
Hi, I am having a RDBMS connected to Splunk via DB Connect. Inside that RDMS there is a table which stores queries that I have to excecute on splunk. For example: one row is like this **Id**...
View ArticleGetting error while uploading splunk app to splunkbase
Error: No "version" field was found in app.conf, The "check_for_updates" field found in app.conf must not be disabled, Splunk Packaging Toolkit error: Expected a semantic version number as the value of...
View ArticleDifferent Search Results should be in one column
Hi together, hope you can help. I have the following search: index=rb_idx_default_summary (report=EXCHANGE_Mailboxuser OR report=ESA_textmail) (NumberResourceMailBoxes=* OR NumberSharedMailBoxes=* OR...
View ArticleHelp with host not reporting search
`Looking for assistance with a search - | metadata type=hosts | rename lastTime as "Last Event"| search host=**** | fieldformat "Last Event"=strftime('Last Event', "%c") | table host "Last Event" |...
View ArticleKMZ file with markers on map
Hello, I am using a geospatial lookup with a kmz file, it works and shows the polygons on the map, but I need more details on the map I want to show alarms with markers on the polygons. I need your...
View ArticleHow do I remove all double quotes from splunk data?
My data read into splunk with all double quote around them. How can I delete all of these double quotes from splunk? This is the data: ![alt text][1] [1]: /storage/temp/208812-fa.png
View ArticleHow to append results of an alert to output file instead of overriding each...
I am trying to modify an alert which will provide server logon details with specific username each time login is successful. I have scheduled alert for every 1hr. But each time alert is triggered...
View ArticleSplunk Regular Expression
I am trying to extract a filed using. | rex field=_raw I used regexr to create a regular expression with an exclude group and a capture group. I have this working, but can't seem to format this for...
View ArticleAlerts not taking action once they are in triggered state
I want the capability to detect if an alert is already triggered then skip sending out the email/action when a subsequent triggering of the alert happens. I understand about throttling, but that is not...
View ArticleWhy do I get data on Events NOT in the whitelist of Inputs.conf?
I'm getting lots of data back from forwarders that are for Event ID's not listed in my Inputs.conf whitelist. Why? It's about 30% of my returned data and now I'm getting data I don't want and it's...
View ArticleHow can I measure the average duration per GUID event using different message...
Hi, I have messages in Splunk like: { [-] guid: ABC level: warn message: Analytics Audit: analyticsLoaded source: client timestamp: 2017-08-07T16:38:38+00:00 } { [-] guid: BAC level: warn message:...
View ArticleCan you copy over the CIM compliance stuff from the dashboard app to this TA?
This TA has field extractions, inputs, index time props. However it is missing the CIM related eventtypes and tags. These are in the dashboard app. However, it would be nicer to just move those into...
View Article