Can a search head cluster can be implemented without integrating with deployer?
I have a standalone search head connected to only one search peer. Now I am introducing another search head to the environment and trying to implement a search head cluster with two search heads. Now...
View Articlei want help in regular expression.
i have the below expression and which is a keys and i want to check whether the same keys are matching so help me in building regular expression....
View ArticleSet Value if there is nothing found
Hi, I'm running Splunk 6.6 and I like to set something like a "default" value in the case that there was nothing found with the SPL querry. The result I get is: SystemA_primary 4000 SystemA_secondary...
View ArticleHigh disk usage in /opt/splunk/var/run/splunk/srtemp
Hello , I have splunk search head installed on Linux server . I received an alert for high disk space usage. While troubleshooting , I found that **/opt/splunk/var/run/splunk/srtemp** has two directory...
View ArticleHow to pass token from a pie chart in dashboard to another dashboard which is...
I have a panel with Pie chart which has drilldown. Below is the code on the samePlatform Error Distribution - $tokPanel1$index=app host="prod*" error $tokPanel1_release_timerange$| eval...
View ArticleHow to use "where" and "not in" and "like" in one query
I have the following query : sourcetype="docker" AppDomain=Eos Level=INFO Message="Eos request calculated" | eval Val_Request_Data_Fetch_RefData=Round((Eos_Request_Data_Fetch_MarketData/1000),1) Which...
View ArticleHow to ingest the data into splunk from different servers
While ingesting the data all the logs from the server are falling into single source type. Can any one suggest me how data should be ingested so that source type are classified?
View ArticleGet metadata results as search events
I need to obtain `| metadata` generated results as search events because I need to associate an alert to `hosts` with a too old `recentTime`. What's the search corresponding to: | metadata type=hosts...
View ArticleRegex parsing xml
Hi! I can not extract three fields from xml using regex. Please tell me how it can be done Thank you P.S. Also there is lines like this: Does it work for everything?
View ArticleFour Single Values in the same panel is it possible to fix alignment?
Hi at all: I have a dashboard divided into three columns. In one of this columns I have a panel with four Single Values, two for each row. I'd like to maintain this alignment also with different...
View ArticleAdding simple Javascript,css, html in splunk dashboard
Dear Splunkers, Please check this https://codepen.io/tieppt/pen/vKJNaE . question is can i have that sonar animation in splunk dashboard using splunk js or any other method. Thanks in advance .
View ArticleRearranging the columns
![alt text][1]I want my to rearrange the columns of my query in a particular order as shown below ,but due to dates (01-jun-2017) ,the first part of the query is working fine but other columns are...
View ArticleUnable to load Algorithm in Splunk ML Toolkit
I followed the link (http://docs.splunk.com/Documentation/MLApp/2.4.0/API/Registeranalgorithm) to load an algorithm MLPRegressor from scikit into Splunk. I did the entry in algos.conf as...
View ArticleStats Values Into Timechart
Hi, I wonder whether someone could help me please. I've put together this query: | multisearch [ search `frontenda_wmf(Payments)` detail.dueDate="2018-01-31"] [ search `frontendb_wmf(RequestReceived)`...
View ArticleSplunk Enterprise free downlaod
Team, I've installed Splunk Enterprise free version in my machine since i am learning splunk, installation was successful but getting error whevever i launch spulnk. =========== Splunk> Another one....
View Articleif and statement
Hi, How can I use a combination of an IF statement along with AND. I'm looking to run a count whereby IF the _hour is greater than a certain time, AND a server name matches a list, dont include the...
View Article{"customized_settings"{}}
Hi, I've a fresh Splunk installation. 1 SH which is also a Master for an indexer cluster with 2 indexers. I just installed the Palo Alto Add-on and App on the SH. I then deployed to my indexers as a...
View ArticleHow to rearrange table by values in a column
So I have the following data as output statistics from a search: User Group Number Andy A 123 Andy B 123 Andy C 123 Bob A 123 Bob B 123 Cam A 123 Cam B 123 Cam C 123 How can I rearrange it so that it...
View ArticleQuery about WEB datamodel
When I restart Splunk, accelerated data in data-model WEB is deleted. I update the WEB, then the model gets the data slowly. if the Splunk restarted, and the data will be deleted again by the Splunk...
View Article