Add-On for MAC lookup -- target URL results in a 404
I'm trying to use the "Add-On for MAC Lookup " and it errors with 'command="maclookup", : failed to setup the URL! Using https://www.macvendorlookup.com/api/v2/ as URL and d0-c5-f3-99-62-38 as MAC'....
View ArticleReport is missing first column of data
I have three reports that are based on transactions. The transactions are similar they report different process states. One of my reports does not show the first column of data. For instance I have...
View ArticleDo I even need cold storage if I am using the same disk?
All, Is there any value or having cold storage for my indexes if I am using the same disk? Why not leave everything in warm storage?
View ArticleIs it possible to mount HOT to a ram disk for performance?
All, Just day dreaming here a little as I read the indexes.conf file documentation a bit. I was thinking, assuming you're willing to risk the data loss wouldn't it make sense to house your Hot buckets...
View ArticleHard disk requirement for Splunk heavy forwarder
Can you please share the hard disk requirement for Splunk enterprise and Splunk heavy forwarder
View ArticleHow to show data in a range grouped by specified time period?
i have below data. i want to represent in a range to group date for 5 days and i want date field to represent(16-08-16 - 16-08-30) count. pls help date count 16-08-26 14 16-08-27 4 16-08-28 14 16-08-29...
View ArticleKnowledge Object vs. Global Knolwedge Object
Whats is the difference between **Knowledge Object** and **Global Knowlege Object**? and who can able to create Global Knowlege Object?
View ArticleEvent Count keeps increasing when monitoring CSV file
I have configured a CSV file path using Monitor files and directories option in the Add Data feature. That CSV file having 1,20,742 records(events). But when doing search in splunk, this event count is...
View Article_time not giving correct results in an eval condition
I am using the below query to show the number of plans in a particular month. However, there are approved dates of future month like in this below query there are approved dates in October as well. I...
View ArticleIs there an option to do an event break at the end of file (txt file)?
I have a folder which contains multiple text files. I want to import these files into Splunk as events. which means each text file is 1 event. Each text file may have around 200 lines or less. Splunk...
View ArticleIs Splunk Hunk supported on Microsoft Azure HDInsight?
As shown bellow Hunk with Amazon EMR looks work and supported. http://aws.typepad.com/aws_partner_sa/2015/04/esp-for-aws-splunk-hunk.html But can I use Hunk with Microsoft Azure HDInisght ?, Is it...
View ArticleHow to transpose CSV into separate columns
I have the below two csv files: 1. ProductSales.csv 2. RegionalSales.csv ProductSales.csv ************** ProductId,Product_name,Price DB-SG-G01,Mediocre Kingdoms,24.99 DC-SG-G02,Dream Crusher,39.99...
View ArticleBug in Splunk Lookup- not functioning properly
Hello, Whenever I click on the third page in the lookup definitions window of my Splunk instance when searching for All App contexts. I get thrown this error: 500 Internal Server Error Return to Splunk...
View ArticleGet source machine timezone in events
Is there a way (if possible) to stamp the time zone of the machine running universal forwarder in the events (Windows eventlogs)? Both our indexers and UFs are on V6 and we get the source machine...
View ArticleIndex strategy? Single index or multiple indexes?
Hi there, I have around 80 servers and about 300 folders in all of them. Should we use a single index or use a multuple indexes while adding every folder as sourcetype? I also want to give access to...
View ArticleHelp in timechart
Hello I have the below two queries QUERY1 index=abc NOT *UNKNOWN* HTTP_Code=404|stats count by HTTP_Code AS "ACTUAL COUNT" OUTPUT HTTP_COde Count 404 50 QUERY2 index=abc *UNKNOWN* HTTP_Code=404 |stats...
View Articlechart over multiple fields
hello splunkers, We are trying to get the chart over for multiple fields sample as below , we are not able to get it, kindly help us on how to query it. Month Country Sales count 01 A 10 02 B 30 03 C...
View ArticleAverage of web requests blocked - span of 10 minutes
Hi mates, I'm trying to get the most 10 IP addresses with blocked web requests during a month, but the threshold should be using the count of requests during a 10 minutes window. This is my query so...
View ArticleCan any one answer my questions please, how to auto restart splunk.
1) How to auto restart Splunk. 2) How to upgrade Splunk 6.5 to the latest version. we currently have 325 GB license. Any suggestion. 3) How to add license after installing Splunk.
View ArticleSystem requirements like RAM & cores etc if we use the departmental...
Hi, What are the system requirements like RAM & cores etc. If we use the departmental architecture in Virtual machine.
View Article