Dashboard Token Eval Not Working After Upgrade
We have a dashboard that is specific to 2017. So the latest time needs to be either the start of the current day or 12/31/2017 (once we reach 2018). We are using the below eval statement to set the...
View ArticleWhy does Splunk think this is a single event?
It recognizes the datetime correctly based on the first line, but it seems to randomly be grouping up lines. Example log that has wildly different times, but Splunk thinks is a single event...
View ArticleHow to send an alert email with cluster map visualization?
I have a saved search of last hour activity from our firewall and using the cluster map visualization plugin. When I create an alert for this search and enable attachment of pdf, it shows this weird...
View ArticleWhat could be causing intermittent "NetFlowDecoder::decodeFlow Unable to...
Hello, I recently set up splunk stream to receive netflow v9 data from a few sources. Everything seems to be working fine so far, but every so often I'll start getting these messages in my streamfwd...
View ArticleSplunk Mobile Access For windows 10 Tablet Mode
Hallo together, For iOS and android "Splunk Mobile Access" exist which display and organise the dashboards for tablets in a optimized style. Exist these APP or a alternative Presentation Mode also for...
View ArticleCorrect my Query or identify where the mistake is please.
I have a query as follows | inputlookup ABCD | search Forward="Yes" | table Region,IPHost, ip_address | rename Region AS my_region, IPHost AS my_hostname, ip_address AS my_ip | join type=left...
View ArticleCannot forward data from universal forwarder on a VM network
Hi, I'm trying to set up a universal forwarder on a VM network. I've set up the inputs and outputs configuration files on the forwarder: In inputs.conf: [monitor:///var/log/syslog] sourcetype = syslog...
View ArticleTime filter issue when executing drilldown on a timechart dashboard
Hi, I have a problem to execute a drilldown on a timechart dashboard. This is the search for my source dashboard: source="SDC_GUI_DEN_ER_V" | timechart span=1d count I have to click on the date (format...
View ArticleDashboard token eval statement not working after upgrade (v6.3.5 > v6.6.3)
We have a dashboard that is specific to 2017. So, the latest time needs to be either the start of the current day or 12/31/2017 (once we reach 2018). We are using the below eval statement to set the...
View ArticleLog that has wildly different times, but Splunk thinks it is a single event
It recognizes the datetime correctly based on the first line, but it seems to randomly be grouping up lines. Example log that has wildly different times, but Splunk thinks is a single event...
View ArticleWhy do we get a "Failed to create a bundles setup with server name GUID"...
We get a message such as - *[indexer name] Failed to create a bundles setup with server name GUID : Using peer's local bundles to execute the search, results might not be correct. * Search results seem...
View ArticleSplunk Mobile Access compatibility with Tablet Mode in Windows 10
Hallo together, For iOS and android "Splunk Mobile Access" the display and organization of the dashboards for tablets is presented in an optimized style. Does this sort of feature exist for Windows 10...
View ArticleSearch help -- my search is inaccurately showing if hosts have been online in...
I have a query as follows | inputlookup ABCD | search Forward="Yes" | table Region,IPHost, ip_address | rename Region AS my_region, IPHost AS my_hostname, ip_address AS my_ip | join type=left...
View ArticleOn which components does the Splunk 6.x Dashboard Examples app need to be...
I've installed the Dashboard Examples app on our search head and our index cluster. Did I really need to install it on the index cluster? Or is this app just for search heads? ,I've installed the...
View ArticleUnique users by application over time periods
As a example, I have a search that calculates "Unique Users per Application" and this can be constrained to a particular timeframe with either a timerange picker or earliest/latest fields. | stats...
View ArticleHow do I make fields with a replacement for an argument work inside a saved...
I'm sure there's a really easy answer, but it isn't coming to me so I'd greatly appreciate some help. If I define a saved search test as: | makeresults | eval foo="cat", bar="dog", baz="moose" | fields...
View Articlehow to calculate the percentages of the field values(yes/no) in a field ?
Hi I have a splunk search as follows My search | table host_name, last_seen_in_24hours which displays the result as follows ![alt text][1] Now I'm trying to see the percentage of YES's and NO's in a...
View ArticlePerform stats count based on the value of a field
What I am looking to do is something of this nature: | stats count(eval(if(action=success))), count(eval(if(action=failure))) by computer but it has not been working out as I had hoped. Can anyone fill...
View ArticleThe log has been line breaking twice.
In my environment the following servers exist. windows 2012 R2 Splunk 6.5.2 On this server, when trying to export logs in csv format on Splunk web, the line breaking twice and outputted with blank line...
View ArticleSplunk limiting concurrent session logon
Hi, I would like to check if splunk is able to limit the concurrent session login. Meaning to say user account Alpha is already login on Computer A and if the same account is used to login at Computer...
View Article