Bamboo add-on was not able to get the index or sourcetype in the search. In...
I have configured the bamboo addon and In the logs its connecting to the bamboo server via http connection and generating the api url. But at the end Its throwing "Not writing this event because it is...
View ArticleHow to get a complete pull of Qualys KnowledgeBase from the TA
Hi guys, I'm trying to get the full knowledge base downloaded from qualys onto my search heads. I currently have the "basic" knowledge base being downloaded fine. However, I don't know which parameters...
View ArticleSum to have a value as zero in case not found
Hi All, I have some search criteria followed by stats as: Search ns=app1 Error | stats sum(eval(AcctNo="'1000394'")) as "FailedOccurences". In case if that AcctNo is not found in the Search, it does...
View ArticleExtract value within quotes and plot on timechart
Hi, I am very new to splunk and i have data like this below: "salary": "2000" I have 1000's of events like this, I would like to extract only the integer 2000 and plot the value on timechart....
View ArticleHow can I change the interval time between performance measures?
Hi, I'm editing nmon.conf in order to increase the time between measures of performance. Default is: **fifo_interval="60"** fifo_snapshot="1440" but I wanna change the interval to...
View ArticleCreate a table with _time and a custom fields
I'm lost. I'm trying to capture the _time and UserName (custom field) from a search and use the _time to find events within 1 second in another search. I would then want to report the result in a...
View ArticleAdd my CSV file into SPlunk
I have: 1 Searchhead 1 Deployment Server 4 Indexers (Non clustered) This is the raw CSV file:...
View ArticleCustom fields in alert action
Hello, Hello Support Team, I am trying to integrate servicenow app/addon on Splunk and would like to enable the ServiceNow Event Integration for the trigger action. However, I am wondering if there is...
View ArticleExtract failed when extracting "caused by" entries -- "try removing one or...
Hi, Would like to extract the below from the error log. only some text I am posting here from the entire log4j.Multiple caused by entries will appear for each Error. for example Caused by:...
View ArticleQuestion on TZ setting in props.conf
In our Slave-Apps directory on the 2 peers/indexers we have a custom app created by the prev admin which has setting for TZ to UTC for network devices that are on UTC. Now i am adding new data source...
View ArticleOnly run search query if token is filled
I have a dashboard with textbox used for a search. I would think this is simple but don't see any examples of this out there. I only want to run the dashboard query if the token (textbox) has a value...
View ArticleSplunk real-time data input from html page not working
I've been trying to look for a way to for Splunk to input real-time data and I come across Rest API thinking it could be a solution to my problem. But after I set it up a Rest api base on the...
View ArticleSplunk ML - forecast time series
Hi there, I started using splunk machine learning but trying to understand on how to use forecast time series.Can someone please explain what is the holdback , future timespan. When i read the...
View ArticleCPU Utilization by a process
I am trying to get CPU usage for a specific process in windows. My swearch looks like this: host=host1 AND sourcetype="Perfmon:Process" AND counter="% Processor Time" AND process_name="server*" | table...
View ArticleSplunk App for ServiceNow: Can we implement custom fields?
Hello, Hello Support Team, I am trying to integrate servicenow app/addon on Splunk and would like to enable the ServiceNow Event Integration for the trigger action. However, I am wondering if there is...
View ArticleRun search in a dashboard if a token has a value in it
I have a dashboard with textbox used for a search. I would think this is simple but don't see any examples of this out there. I only want to run the dashboard query if the token (textbox) has a value...
View ArticleHelp with an eval statement?
I am trying to build a base search for the field message.device.category , it has 3 values: desktop , mobile and tablet. Using `eval` I am trying to divide the field with separate values. `search |...
View ArticleProps.conf timezone settings for Eastern? And do I need to reboot any peers?
In our Slave-Apps directory on the 2 peers/indexers we have a custom app created by the prev admin which has setting for TZ to UTC for network devices that are on UTC. Now i am adding new data source...
View ArticleSplunk real-time data input from HTML page not working
I've been trying to look for a way to for Splunk to input real-time data and I come across Rest API thinking it could be a solution to my problem. But after I set it up a Rest api base on the...
View ArticleSplunk Machine Learning Toolkit - How do I use forecast time series?
Hi there, I started using splunk machine learning but trying to understand on how to use forecast time series. Can someone please explain what is the holdback , future timespan. When i read the...
View Article