Floating column chart using simple xml
Hi Experts I am trying to build floating bars in a column chart. The y axis is fixed from 0-24. I want to start the bar from 6 if the value of the field is 6 and then there are 2 other stacked columns...
View ArticleJava Bridge Server is not running
![alt text][1] [1]: /storage/temp/208817-java-bridge-server-not-running.png
View ArticleHow to retain the state of a variable in Splunk Add-on built via python-sdk?
I built a sample Splunk add-on with a simple logic of generating events with such data: {'current': 2, 'previous': 1} {'current': 3, 'previous': 2} {'current': 4, 'previous': 3} When I add the new...
View ArticleHow to convert string date format to other date format?
I have string like this 08Aug2017 10:12:55 CDT" I want date format like = 08-Aug-2017 10:12:55 CDT
View ArticleHelp with query, transactions and percentage. Need it for Alerting.
Hello, I need help with this query. Cpu_percent field return values in percentage, so it might be a problem. Basically i need to find all containers where cpu_percent usage is above 50% during 5mins...
View ArticleIIS 8.0 log entries cut
Hi I've got very basic app to gather logs from IIS 8.0 based website. There is nothing fancy on the forwarder (6.3.5 - can't use any newer) apart from the throughput setting that was increased to 2MB/s...
View ArticleSplunk license master
We have a distributed deployment of Splunk were we have to segregate Indexers between 2 different datacenters .One of the data center hosts few indexers and other hosts few .We have different Master...
View ArticleHow to install separate Splunk Indexer in AWS?
Would you be please able to provide me with a steps how to install a standalone indexer in AWS account? Should we use the same AMI as for Splunk Enterprise? Thank you for any help.
View ArticleSplunk-ServiceNow Integration : Getting Error while generating tickets.
Hello , I want to generate ticket into ServiceNow through Splunk . I am getting error while generating ticket . Version Of ServiceNow : Helsinki Version of Splunk: 6.6.2 ServiceNow App Version :4.0.3...
View ArticleResponse Time Calculation between 2 different events
Hello, I am trying to find response time between events in different sourcetype but not able to figure out how to find time difference. For some it is coming correctly but for some value is coming...
View ArticleWhy Is My Capacity Planner in Splunk App for AWS Blank?
I have been configuring my Splunk App for AWS for the last few days, all my dashboards show data, but my capacity planner under the Usage drop down menu does not. I was wondering if anyone can explain...
View Articleworkflow action to polpulate macro
how to create a workflow action to populate a macro? Use a workflow action to grab hostname/IP from event and pass that to a macro for later use in follow on searches.
View ArticleLoad Balancer vs Single Search Head time format issue
Hi guys, This might sound like a strange question but I've noticed that when I log into Splunk ES from my loadbalanced address (Search Head Cluster) the date format is correctly in UK format...
View Articlespan not working with db query
i have a search like so : | dbxquery query="SELECT some select statement | eval u_total_time=u_total_time/1000 | chart avg(u_total_time) over u_real_hit_time by u_short_description span=1m However the...
View Articlehow to show thew percentage of unique values
Hi, I have a simple query that uses top to get the top 10 country search ........ | top Country It will give the top 10 Countries and percentage How can I get the same, but look at the top 10 Countries...
View ArticleWarning message tracked down to Microsoft Cloud Services app
We are seeing the following warning message over and over: IndexOutOfBounds invalid The FORMAT capturing group id: id=3, transform_name='error_info' The only app that I could find that has this...
View ArticleOneshot and Kvstore update
Need to upload the contents of a CSV that exceeds the size allowed in our web.conf. Will modify this as a last resort, but..... Ultimately need to populate a Kvstore with the contents of a 100+MB CSV....
View ArticleIs there any way to speed up eStreamer eNcore data collection?
Hi, We are running the eSteamer eNcore app with default settings but it looks like it's not able to catch up with the FMC. Currently we are receiving data with time-stamp of Aug 7th 7:53 PM. We do see...
View Articlesignature_version seams to use wrong field
Hello I'm using Splunk Add on for McAfee 2.0. CIM Model supported is 4.8. The fieldalias for signature_version used dat_version. see props.conf `FIELDALIAS-signature_version_for_mcafee_epo=dat_version...
View ArticleStreamstats count
I want a cumulative count of a field that has multiple values. Somehow this isn't working: base search| streamstats count(State) as dur time_window=1w| timechart sum(dur) by State span=1w
View Article