Results for each minute in an hour (even if there's no data)
Hello All, Suppose I want a search results for past 60minutes, how spunk works now is if there is any event in past 60mins then that is displayed. But what i want is Suppose time is 4pm and I give past...
View ArticleExtraction regular expression
I am using the extraction (regular expression) option to extract a particular field from the events. The issue I am having is the extraction works only for the previous events and not for the current...
View ArticleLookup Fields not updating in the Datamodel
I have built an accelerated datamodel with lookup fields. There is a report that is scheduled to run everyday to populate the lookup. The datamodel does not get updated when lookup file is updated. But...
View ArticleCount events per month until a certain day
Hi community, I need your help!!! It is possible to make a report that counts the number of events grouped by month but until a certain day, that is, if the current day is 9 then the events are counted...
View ArticleOutput for scheduled saved report
Hi, I am new to Splunk. Trying to understanding the scheduled saved reports. What will be the output of scheduled saved reports? will it returns a fresh results or returns the last time the report what...
View ArticleHow to get earliest datetime
I have a field which contains first_found_date and due to some reason it keeps on changing for some of the assets. Example: If an asset "A1" has 3 first_found_date over a period of time: 2017-06-20...
View ArticleHow can I get splunk to run "ps aux" and check for a specific process?
Hello all, I have a simple flask webhook running on my splunk server that is managed by supervisord. Since I'd like to know whether the supervisord process is running, I'm looking for a way to get...
View ArticleI want to use JQuery in Splunk Dashboards.In which directory I need to keep...
I want to use JQuery in Splunk Dashboards.In which directory I need to keep the JQuery files and what changes need to be done in dashboard XML? Please explain with an example. Thanks
View ArticleCount in message string
Hi there This a part of my logs: message="Databases are old: the latest database file is 272 days old." I want have top hosts that database are old more than 7 days. How I can do this? Thanks
View ArticleWhy are some of my log file data are indexed multiple Times in Splunk
I have a file, service.log, that is configured to be monitored and indexed in Splunk. When checking in Splunk, some of the events in the log file are indexed multiple times. The Splunk version of my...
View ArticleBucket repair while Splunk is running
We have a clustered environment and users experience JournalSliceDirectory errors. Reference documentation states that this is due to corrupt buckets and that a fsck repair is the solution. Accoring to...
View ArticleIs the Splunk predict command useful?
So, I have a graph that shows the total user logins per day for an application and I thought it would be cool to show the ability to predict what the total number of logins for the next month would be....
View ArticleVisualize json array of array
Hi guys, I would like to convert the following event into a table: { Id: 1505207351 Start: 1505207651 Resource: res Nodes: [ [ res1, 1 ] , [ res2, 3 ] ] } The output should be a table like this: Id |...
View Article[SPLUNK4JMX] add Customer MBeans
Hi, I have a customer, with some customer Java MBeans with a hierarchy in 3 levels. This looks like root-Level 1. Sublevel 2. Sublevel and the MBean with attributes and values The configuration for...
View ArticleSplunk Hadoop Connect: Field names missing during export
I am fairly new to Splunk Hadoop Connect App. Have installed it on Splunk Enterprise on Ubuntu (16.04). Also using Apache Hadoop 2.8.1 in my environment to save data. I am able to connect, export,...
View Articledashboard drilldown to execute a query with selected value
Hi, I need to create a drilldown for my dashboard. I need to give the ability to the user to click on a value, and then run a new query and use the value that returned from the query to open a new web...
View ArticlePlugin for Internet Explorer to get performance metrics on user behavior.
HI We would like to monitor the end users experience in Internet Explorer, primarily to find response times including page load on SaaS like solutions where we are unable to get data from the...
View ArticleSearch pattern from one file in another file in same time frame
Hello, I have a pattern in one file that I need to check if it has occurred in another file. The two files are like: file1: aaa bbb ccc STRING I NEED 1 ddd some random text aaa bbb ccc STRING I NEED 2...
View ArticleForescout compatibility
Hi, I want to install Forescout app in my splunk enterprise 6.6 but I see in base splunk that it is compatible but in the documentation...
View ArticleCalculating percentage
I have a below query: index=idx1 | search 'apiname' = AccountSec | eval TotalTime=Start-End | stats count as "TotalRequests",count(eval(StatusCode like "2%")) as "SuccessCount",count(eval(StatusCode =...
View Article