The hostname for a Splunk forwarder on a domain controller appears in...
Hi everyone, I have an issue with one of my forwarders which for some reason will appear with its correct hostname in the section of forwarder management, however, when doing a search with the field...
View ArticleHow to change the line color for a pie chart via XML?
I would like to know if we have any options to change line colors in a pie chart. I have a pic which is highlighted to change the color. Any help would be appreciated.
View ArticleHow can I stop screen jump on auto refresh of a dashboard panel?
Hi, Could someone please advise how we can stop screen jump on autorefresh for a dashboard panel. Screen jump doesn't look good for every refresh (Our refresh window is 30sec) . As we need to present...
View ArticleHow do I get my Alert Level column chart results change color based on the...
Hi All, I want to have search results (Alert Level column) with colors, so the Alert Level result should show Critical as RED, Warning as AMBER, and Normal as GREEN. How do I create a dashboard result...
View ArticleHow to forward WebWatchBot logs to Splunk?
Yesterday, one of our analysts came to me looking for some Splunk events he could use to relate an outage of one of our websites to other events in our environment. The website monitor is using...
View ArticleHow do I deal with missing time for multiple sources?
I need to report for each minute during a given month for numerous sources. My issue is dealing with missing transactions; exactly what I need to report on. If I use `timechart span=1m count`, I get...
View ArticleScheduling a saved search to run every 30 minutes, how do I get results from...
Hi All, I have 3 saved searches set up to run every 30 mins. These searches run fine and the data gets created without issues. I can then display the results on an external site by using the REST...
View ArticleAfter a user searches and selects an event, how to send the user to a URL web...
Hi, My scenario is the following: I want the user to be able to, after doing a search and selecting an event, be able to right click and click on an option (or click on a button on the panel) that...
View ArticleUsing my custom app with only one sourcetype included, is it possible to...
I am in the middle of the development of the XXXX Splunk App, which is built on top the TA XXXX I built before. Obviously I have a sourcetype in this app called XXXX-CEF, thus that all the XXXX events...
View ArticleFortinet Fortigate App and Add-on for Splunk: Why are dashboards not showing...
Hello, I'm having some problems while configuring the app. I've configured it according to the documentation in Splunkbase (both Add-on and App). I'm sending the logs through udp:515 (I have udp:514 as...
View ArticleWhy is my inputlookup search suddenly producing error "regular expression is...
We use inputlookup to run large numbers (thousands) of indicators against network traffic in our org. This has worked well for some time. [|inputlookup indicators.csv | fields foo| rename foo as...
View ArticleGenerate PDF from View in REST API
I am using Splunk 6.1.1 and currently have a form that takes an integer input (foo) and timerange. The URL for this view after entering the values is...
View ArticleClean Install of the Palo Alto App, still problems
I decided to install the latest PA app but wanted to ensure no residual problems as others have had in the community so I deleted all PA related apps/add-ons, TA's, and the index. Clean sweep. I combed...
View ArticleHow to load two CSV files into Splunk to compare both and present the results...
I want to load two CSV files into Splunk to compare both and present the results using bar graphs/charts. Suggest me the commands for the same please.
View Articlehow to set the search result as email alert?
how to set email alert for the search result for this search "sourcetype="rum" u=* |where t_done >10000". i tried as per the email setting procedure.but i didnot get the email. please say the step...
View ArticleIs it possible to center an app's logo?
Hi, I added a custom logo to my app bar by placing the logo in static and adding the following css: .appLogo { background: url("appLogo_2x.png") no-repeat 0 0; background-position: center !important ;...
View ArticleStandard CIM/Data Model for money?
All, Is there an existing data model or CIM standard for $$ related items? In an existing app or what not? Would rather take someone else's work here than have to reinvent the wheel. thanks -Daniel
View ArticleSplunk php sdk error fopen(https://localhost:8089/services/auth/login):...
Getting started with the splunk api using php and am encountering this issue. Curl works with -k as one would expect. Login to web ui works on port 8000?
View Articlewhy won't my timechart work
Hi, I have a search where Splunk data is joined with a lookup, and I need a timechart on one of the fields provided by the lookup, but I can't get it to work. Not sure what I'm doing wrong... Here's...
View ArticleHow to pass multiple searches from a form?
Hi, I have a search that crosses multiple indexes and sourcetypes, and the customer wants the ability to choose these searches (all or multiple) and have them run. I have macros setup for the searches,...
View Article