How can I change the order of the fields in my piechart?
I have the following search: ....| eval "cs"=case(CallRate<=250,"Under 250 kps", CallRate<=500,"Under 500 kps", CallRate<=750,"Under 750 kps", CallRate<=1000,"Under 1000 kps",...
View ArticleHow can I change bar chart interval to time duration?
I have the following search: ...| convert dur2sec("Call Duration") as "CDinsec" | stats sum(CDinsec) as "totalCDsec", avg(CDinsec) as "avgCDinsec" by Company which give me this result: ![alt text][1]...
View ArticleHow do I write a search with a subsearch?
Hey everyone, Trying to write a search to find Firewall allows by Previous Drops I am very new to Splunk (love it so far) and am trying to write a search with a subsearch. Basically I want to find IP...
View ArticleHow to filter results based on user value or lack of user value?
I am looking to filter results based on the users. The problem is some of the data doesn't have user value. Currently, I am using below condition User = $user_token$ OR NOT User = * Condition 1: To...
View ArticleAlerts aren't sending emails: error - "501, 'Syntactically invalid HELO...
I have created an alert in Splunk which when triggered sends an email to a specified mail id. But sadly, the mail is not getting sent. I checked the python.log file to find this: **501, 'Syntactically...
View ArticleWhat port should I use to connect to a private server (Azure)?
I want to connect the server which is in Azure (private network) to Splunk indexer server , which port should be opened in order to establish the connection?
View ArticleCreated a scheduled search containing dboutput, but the search is not running...
I am trying to use Splunk DB Connect to copy data from Splunk to Database. The following are the steps that I followed: 1. Create an identity 2. Set up a connection to the database 3. Create an output...
View ArticleSaving scheduled searches: what's the difference if it's saved as a report or...
I have some scheduled queries for which the only purpose is to maintain a lookup table (or maybe summary index after I figure out how to do those). Splunk only allows me to save these scheduled...
View ArticleIs there a way to trim URL string from a table?
So, I want to create a table where it shows the time, source IP, and URL. sourcetype=* src_ip=* url=* | table _time, src_ip, url The search runs fine however the URL comes back with a long string....
View ArticleIs there a built-in feature to show log records on a HTML page?
I would like to know if Splunk having in build web service features to show few Log records on HTML page? If yes, how is it possible? I am pushing Log files to Splunk Enterprise. I have a plan to write...
View ArticleGetting response from REST API URL but Splunk log says "503 error"
Hi, I installed the REST API Modular Input app and when hitting a URL it returns this output "{"status":"DOWN"}". I would expect to see this in Splunk so I can create a dashboard, but its not in there....
View ArticleTried to add a search peer: Error while sending public key to search peer: No...
(attempting 1 Indexer, +1 SH setup) Tried the Following the Instructions from Splunk 1. Log into Splunk Web on the search head and click Settings at the top of the page. Click Distributed search in the...
View Articlequery to find out unused indexes
I am looking for indexes which are utilizing only 10%-20% of storage allocated to them. Can i please know is there any query to find out that.I know that we can look into DMC but i specifically need...
View Articlereturn function on field with spaces
Hello - searched, but no answer found. ...| return 10 "Name of Field" Gives: Name="" of="" Field="" I know that I can rename this field, but the goal is to get the actual correct name with spaces as it...
View ArticleLike function overview?
I am new to Splunk, Can someone please explain me what below query is doing and what does 1 mean at the end of Sourcetype and LIke and what 1=1. Thanks in advance | eval UseInSummary=case(...
View ArticleWhy does splunk give an error with my external scripted lookup when I import...
I have an external scripted lookup that works when I run `| lookup privuserlookup username AS USERNAME` and this is very similar to the dnslookup that comes with splunk and is described here:...
View ArticleIMAP Search Real Time?
Does the IMAP app search run real time? or does it only work if you execute the script manually? Can I control how frequent the backend process checks for new mail?
View ArticleWindows Infrastructure App Drilldown to Wrong Account
While using the Windows Infrastructure App I discovered an odd behavior; when at the Failed Logins screen, if you click on an account for drill down, it takes you to the account audit page. When you...
View ArticleHow to Use Static Dropdowns in Dashboard
Hello, So I have data with Regions and as of now- I have a region called A that needs to be mapped as region AA and AB. Region AA and AB have different countries in them. I want to filter my report on...
View ArticleIs it possible to create a view showing all events coming from an IP and/user...
I'd like to create a dashboard where I could easily search for events coming from a specific IP address or username. For example: It would show where that specific IP address was logged on to, URL it...
View Article