DBConnect 3.1 query with JOINS, Alias', non-* and Rising Column
Struggling a little bit with this, essentially I'm trying to pull some specific fields from multiple tables to form "log messages" however I'm having issues when my SQL statements become "Advanced"....
View ArticleLoad Balancing at Universal Forwarders as intermediate layer
In current design, we proposed two load balanced HFs to collect the data from 200+ end-points and pass it to next level of heavy forwarders at Splunk hosted environment. However, with concerns around...
View ArticleEval with an If Statement
Hello, I am trying to use and eval and if statement to calculate a percentage and I am not sure if I am doing something wrong or possible using the wrong spl or functions for this calculation....
View Articlehow can i get the total count of payments and total amount of payments?
index = elm-retail-rws source="/opt/app/jboss/current/standalone/log/PosMultipaymentProfile.log"
View ArticleTimerange picker: Change the value from _time to Reported date
Hi All, Thanks in advance. By default time range picker is using _time. I want to change the value of time range picker value from _time to reported_date. So, please help me out.
View ArticleAbout Debug of File monitoring
I want to get debug log of file monitoring. So I configured the following settings in "log-local.cfg". category.TailingProcessor=DEBUG category.WatchedFile=DEBUG category.FileTracker=DEBUG...
View ArticleSybase ASE(jConnect) Connection with additional JDBC Driver properties
Hi Experts, how can we configure a Sybase ASE(jConnect) connection with additional JDBC Driver properties like ENCRYPT_PASSWORD=true RETRY_WITH_NO_ENCRYPTION=true...
View ArticleReslut miss from same search
Hi, I use the below search to get the row with max value; (index="indexa" OR index="indexb") sourcetype="sourceA" | table _time,money,user | eventstats max(_time) as mtime by user |where _time=mtime...
View ArticleInputlookup and match only whole word in field text
I want to use a keyword list (inputlookup) to find a keyword (**whole word only !**) in the event text. Sample Event text (field name is 'data'): Lorem ipsum dolor sit amet, consectetur adipiscing...
View ArticleHow can I fix my outputcsv to a particular IP in search head clustering ?
We are generating 4 reports from Splunk SHC. We want to append all the results of a search query into one particular CSV. I Tried with append in Splunk command but it is failing as the queries are too...
View ArticleMaking sense of data
Hi guys, more like a generic question: how do you make sense of events which are not necessarily linked by a common field? For example, one of our applications produces logs that generate many...
View ArticleOption _TCP_ROUTING is not compatible with this Modular Input ?
Hi All I have an error message saying : ERROR The input stanza 'file_meta_data://Valo_indus_Import_test' is invalid: The parameter '_TCP_ROUTING' is not a valid argument how can i force the output ?...
View ArticleGarbage collection logs field extraction from log file
Would like to extract fields from the below log by using reqular expressions. Can some one help me 28820.220: [Full GC (System.gc()) 8832K->8624K(37888K), 0.0261704 secs] 29372.500: [GC (Allocation...
View ArticleHow to prevent injection from field in a dashboard?
I create a simple dashboard and put a text field (token: field1) and a panel with shows result search query.field1*index=main "$field1$" If user input the following keyword in the field " OR...
View ArticleHow set severals request in one input ?
How set severals request in one input ? i must firsty authenticate to the rest api, then pass the query and at end close the session Regards
View ArticleIs it expected : Workflow action visible under action for notable events on...
1. I had a add-on created with preffix TA-XYZ(having Adaptive response action) and one app say "ABC", which has workflow action defined. 2. When I merged TA-XYZ code to ABC I am now seeing the workflow...
View ArticleIndex-time fields extraction issue
Hello all, I'm a bit stuck with my issue. I do have this splunk infra : Sources ==> UF ==> Indexer cluster (3 + master) Search head cluster. I'm trying to extract fields at index time to...
View ArticleHow do I debug 400 error between Search Head and Peer?
Hello, currently I have 3 vms on the same data center same RHEL version and same splunk*.rpm installed on them, one is supposed to act as Master, a SH and an Indexer. On the SH I get this on the Search...
View ArticleSplunk wont open on localhost:8000.
Im getting a "not found" error. On trying to start splunk in the 'bin' folder I am getting am error. Any help appreciated! C:\Program Files\Splunk\bin>splunk start Splunk> Like an F-18, bro....
View Articlekvstore, inputlookup and time-bounds
I'm trying to set up a kvstore lookup where the results from inputlookup can be filtered using the regular time-pickers available on the web GUI or with the latest= and earliest= modifiers. $...
View Article