Can we update splunk drill now URL in alert actions
Hi , I have splunk enterprise in linux environment . And I am using with service-now integration. For that i am using Splunk add-on for service-now. For creating incidents in servicenow from splunk i...
View ArticleSplunk Inactive Users
Hi, I wonder whether someone could help me please. I'm trying to create a query which identifies inactive users over the last 12 months (time period selected by 'time picker'). I found the following...
View ArticleWhy Embed Report showing Error : FATAL - Permission denied ?
Hi all, I'm facing an issue with embedded reports. I have placed generated iframe tag in my HTML page. When I'm runing page it gives an error on console for below URL. URL :...
View ArticleUsing multiple tokens/token values in a checkbox?
I want to put a set of checkboxes on a dashboard, and display panels according to the checked checkboxes. I have 3 panels, with a attribute. I want to create one single checkbox input element, with...
View ArticleHow do I set my app's start view to be the dashboard?
Hello, I want to tweak my app so that a dashboard view from the file "MyDashboard.xml" is the default view, and the user won't have to click on "Dashboards->MyDashboard" menu items. I searched the...
View ArticleWhy am I unable to pull a large report of deployment clients using API and...
I am trying to pull a listing of the deployment clients using the API from a version 6.1.3 instance. I can use curl and get this in json, but was looking to use the python-sdk, but it only returns the...
View ArticleHow to execute searches successfully for multiline events with truncated text?
I am facing a problem and I need some advice/help. I am sorry if it sounds silly but I am new to Splunk and couldn't find an answer so far. I am a regular Splunk user with no access to the server at...
View ArticleHow to write a search to produce a table with specified fields based on...
I want to build a table with different fields depending on the search result. If a certain tag or another tag is found, I need to produce a table with certain fields OR if other tags are found, I need...
View ArticleUnable to render PDF. Bailing out of Integrated PDF Generation. Splunk v6.2.1
Unable to render PDF. Bailing out of Integrated PDF Generation. Exception raised while preparing to render "Untitled" to PDF. Unicode strings with encoding declaration are not supported. Please use...
View ArticleHow to parse JSON data at search-time?
I am getting different types of data from source. It can be XML or JSON. For XML, I am just indexing whole file and later at search-time, I am using xmlkv + xpath to parse and get the data that I want....
View ArticleHow do I set my value_tok (click.value2) to "*" if the drilldown is on a...
I have the following drilldown:Cost ($) over time***mysearch***lineconnect When I click on a chart data point, then my value_tok token is set properly. The problem is when I click on a chart legend,...
View ArticleHow to show stats sum for a field using a value produced from an eval statement?
Hi, I have one field with values for each month, and this eval gives me the current month name(current February); eval mnd=strftime(_time, "%B") Field1 is named January, Field2 February... But when I...
View ArticleCan you trigger index replication for a read-only index?
I've added a new indexer to the cluster and I would like to force replication of some older archived indexes. I'm curious if there's a way to trigger Splunk to replicate the indexes, since they are not...
View Articlecachefilesd goes beserk
Is anyone else having problems with cachefilesd? We've got some files on an nfs mount. Sometimes, cachedfilesd seems to break. It doesn't free up the space it's using. When free space gets low - below...
View ArticleHow to extract a field within quotes and extract its value based on the...
Hi Guys, I am new to Splunk and regex and trying to extract a given field plus its value. So in the example below, the field is user and the value is 11111111, but this could be anything like a name or...
View ArticleHow to get the dates which are not present in output for every ID?
Hi, I have ID and dates in my output. (consider this is the data from 02-07-2016 to 02-10-2016) e.g ID Ingestion_Date 1 2-10-2016 1 2-09-2016 1 2-07-2016 2 2-10-2016 2 2-08-2016 Now, I want to find the...
View Articleマップ(map) で、OpenStreetMap はインターネット接続なしでも使えるのでしょうか?
OpenStreetMapとSplunkタイルは、インターネット接続なしでも 使用できると考えておりますが、正しいでしょうか? プロキシが必要な環境で、プロキシの設定を行わずにOpenStreetMapを使用した結果、地図が正常に表示されました。
View ArticleTrack stored procedural call from Middleware to DB
Hi Team, We have a requirement where Middleware need to execute stored procedural call(read only) against DB and that need to be tracked in Splunk. The client doesn't want to log the invocation call...
View ArticleUpgrade to 6.3.3 and App for Windows Infrastructure
Hi, after upgrading to 6.3.3 the following problem is displayed when starting Splunk Checking conf files for problems... Invalid key in stanza [ui] in...
View ArticleSplunk Add-on for Cisco ASA 3.2.4: How to configure transforms.conf to...
I am currently running Splunk 6.2.3 with the Splunk Add-on for Cisco ASA version 3.2.4. When I look at Cisco ASA firewall events (sourcetype=cisco:asa) I have noticed that the **dvc** field is properly...
View Article