Events may not be returned in sub-second
All, I am reading other posts about this error. But what is not clear to me. is my customer still get 100% of the requested logs. Just slowly? · [Server] Events may not be returned in sub-second order...
View ArticleHow to extract the json data from text log files in splunk
Hi We have the below data, out of which i wanted to extract specific data from the json format. 06/Feb/2016:16:10:06.501 [bd5d5700] { "success": { "success_code":"200", "request path":"/testedata",...
View ArticleSplunk Enterprise Security doesn’t recognize eventtypes from custom TA
I’ve created a custom TA in order to make it work with Enterprise Security and packaged it with 'TA_foo' deploying it on my Splunk instance. The eventtypes worked fine on Search & Report app,...
View ArticleHow to load two CSV files into Splunk to compare both and present the results...
I want to load two CSV files into Splunk to compare both and present the results using bar graphs/charts. Suggest me the commands for the same please.
View ArticleHow to set the search result as an email alert?
How to set an email alert for the results of this search: sourcetype="rum" u=* |where t_done >10000 I tried as per the email setting procedure, but I did not get the email. Please say the...
View ArticleSplunk php sdk error fopen (https://localhost:8089/services/auth/login):...
Getting started with the Splunk API using php and am encountering this issue. Curl works with `-k` as one would expect. Login to web ui works on port 8000?
View ArticleWhy does my timechart search return "No results found"?
Hi, I have a search where Splunk data is joined with a lookup, and I need a timechart on one of the fields provided by the lookup, but I can't get it to work. Not sure what I'm doing wrong... Here's...
View ArticleWhy am I getting error "Events may not be returned in sub-second order due to...
All, I am reading other posts about this error, but what is not clear to me, is my customer still gets 100% of the requested logs. Just slowly? [Server] Events may not be returned in sub-second order...
View ArticleHow to extract fields from JSON data in Splunk?
Hi We have the below data, out of which I wanted to extract specific data from the json format. 06/Feb/2016:16:10:06.501 [bd5d5700] { "success": { "success_code":"200", "request path":"/testedata",...
View ArticleIs it possible to have one checkbox that can be toggled on the dashboard panel ?
I need to select two different queries for my table based on the toggle option . Please help
View ArticleHow to calculate peak rate of certain transactions as well as avg/min/max
I have a log that records a transaction name, channel and timing information and need to calculate the maximum rate/minute for each transaction. Something along the lines of index=web_load...
View ArticleExtract Milliseconds
Hi, I wonder whether someone could help me please. I'm using the query below to extract information about searches that have been performed. |rest /services/search/jobs |rename custom.search as...
View ArticleGet top 20 countries from Cisco ASA events
Hi, I am searching my Cisco ASA logs to count where an IP originates from by country. It looks like this: eventtype= | iplocation src_ip | stats count by Country It works well to give me a count of all...
View ArticleSplunk Common Information Model 4.3.1 and Application State model - Are there...
Hi, **In 4.3.1 version of SA-CIM, The documentation for the data model "Application State" available at:** http://docs.splunk.com/Documentation/CIM/4.3.1/User/ApplicationState Mentions for the...
View ArticleWhy do one of my sourcetypes have a time field and others have a _time field?
Hi, I have two different sourcetypes, and I noticed that one of them always has a "time" field, and another has a _time field. Neither one are provided by the vendor, or are key-value pairs, so I'm...
View ArticleHow to search for transactions with an ordered sequence, BUT with...
We have several problems that we weren't able to resolve with Splunk's SPL. Problems are listed below. Any suggestions is greatly appreciated. Let's say we have several event types: A, B, C, D, E. Each...
View ArticleHow to configure HTTP Event collector to log client/source IP?
My team has a growing interest in looking at geo location as a function of client IP address. I've installed a plugin to help with this, but I was a bit stunned to realize that none of my HEC records...
View ArticleSplunk Web SSL - Error with a Certificate
I've been trying to enable SSL in Splunk using the internally signed certs but this is the error I am getting: 02-08-2016 22:55:03.017 +0000 ERROR HTTPServer - SSL will not be enabled date_hour = 22...
View ArticleREST API Modular Input: How to integrate Salesforce with Splunk via Rest API...
I installed Rest API Modular Input add-on in Splunk and wanted to integrate Salesforce logs via Rest API calls, but I am little bit confused where to get the needed data from. I would need the...
View Article