perform an operation within a "group" of events
I have data events which share the properties of index, location, drink_type, drink_available example data: 1) index=common, location="A", drink_type=lemonade, drink_available=yes 2) index=common,...
View ArticleUncaught TypeError: Cannot set property 'loadParams' of undefined at local:8199
Hello, I have noticed that the black bar at top disappear depending on the screen I go to. It shows the following error when running the dev tools. Uncaught TypeError: Cannot set property 'loadParams'...
View ArticleDepartmental architecture
Hi, I want to setup departmental architecture because we are getting daily data volume is 1 GB/day. As per the splunk documentation about departmental architecture they said required only one single...
View ArticleHalf event to index queue and half event to null queue
Hi All, Is there a possibility to send half of the event to index queue and half of the event to null queue?? Can this be done based on the size of the event, for example only 1Kb event should be...
View ArticleHow can I pull the duration or datetime difference with the given value?
I am trying to extract the time duration in tabular format of check-in and check-out value, can someone please help. I am adding these value in my base search query: index=* sourcetype=* host=* chkin=*...
View ArticleCreate search shows hosts status from Down to up
We need to send alert shows if hosts status change from down to up please help me how we can do this
View Articlehow to change 5 minute timeout on script run from saved search
I have a saved search which runs every day and this calls a script through a windows batch file. This is triggered successfully each day, but the script is killed after 300 seconds. The script does...
View ArticleHow to Migrate a lot of old data?
So looking at the docs moving the index buckets is generally how you move data. However, I'm migrating a lot of data from multiple servers to one server and apparently moving the index buckets will be...
View ArticleHow to Migrate a lot of old data (tb)?
So looking at the docs moving the index buckets is generally how you move data. However, I'm migrating a lot of data from multiple servers to one server and apparently moving the index buckets will be...
View ArticleSplunk is ingesting archive files of syslog data that has already been ingested.
our setup 2 SH, 1 deployment server, 1 license server and 2 indexers , our two indexers are also syslog servers and they read the input file directly from syslog folder for indexing i suspect Splunk is...
View Articlehow to remove 0 bar from stacked bar
we have our own stacked bar visualization, where we need to eliminate bars with 0 values. I tried removing this property from the js minPointLength: 0, ![alt text][1] However, this just eliminate the...
View ArticleSame query send to Splunk multiple times
Hello, I have an external script which sends queries to Splunk via API. My script sends 10 identical query same time. In jobs inspector, I see them as 10 different inputs. I assume that because they...
View ArticleHow to dynamically increase the panel based on multiselect
I have a multiselect box which is getting populated with Release numbersRelease(s)|inputlookup ReleaseCalender.csv |sort Release DESC | table ReleaseReleaseRelease(Release ="" OR ) The query here is...
View ArticleSplunk predict command period vs future_timespan?
I am wondering if anyone has an explanation of exactly what period is and what future_timespan is? I already read the document...
View ArticleHow can I please display all dashboard titles with the associated roles that...
I am using |rest /servicesNS/-/-/data/ui/views for dashboard details but I can't see the permissions. Thank you.
View ArticleHow to return value without match in lookup without using lookup advanced...
Hello, I want to return the all of the location values in my data even if there is no match to the location in the lookup. I created a lookup table and used the advanced options to specify a default...
View ArticleAdd static HTML panel to simple HTML dashboard and reference local static...
How do I add a static HTML panel to a simple HTML dashboard and reference local static content, such as images or PDFs? I'm on splunk 6.5+ and I'd also like to use a dynamic variable for the app name...
View ArticleHow to configure spluck to collect nomon data and shows analysed reports in AIX?
I have installed splunk-6.2.13-278211-AIX-powerpc version and now wanted to configure splunk in such way that it should collect nmon data and I should be able to see post and current utilization of...
View ArticleSplunk cannot display value in y-axis column chart as duration
The following is my search + result + visualization from Splunk. ![alt text][1] [1]: /storage/temp/211640-2.png For some reasons, I cannot get Splunk to display the result (in duration) on my column...
View ArticleLooking for network traffic from a list of domain names in firewall traffic...
I have a csv file with domain names. I need to search my firewall traffic to see if any traffic matches to/from any of these domains. The firewall logs only contain IP addresses, so I have to convert...
View Article