How to create a drilldown for a single value panel?
Hi folks, I'm trying to create a drilldown for a single value panel, but it doesn't seem to be in the options. I just want my user to be able to click on the value, and it will take him/her to another...
View ArticleHow to modify the "View Results in Splunk" link from Scheduled Reports
We need to change the hostname and port that the "**View results in Splunk**" link auto populates. Where is the proper place to change this setting in the config files?
View ArticleWhy am I unable to monitor Apache logs with my current configuration?
Hi, I'm trying to monitor some Apache logs and I can't seem to get the statement correct. I'm trying to monitor `"access_log.*"` , `"error_log.*"` , access_log, error_log, and the gzs to go with them....
View ArticleIn Simple XML, have * as default text input value is causing incorrect results.
I am using splunk 6.3.1. My data is indexed as JSON. Not all fields will have a value. For example, 2 (very simplified events) could look like this: { "host":"hostname", "field2":"pickle", "field3":...
View ArticleLooking for a good walk through on props.conf line breaking
So I am messing with the output of nfsiostat. Been at this for a few hours now so maybe i Just need a break. I guess i just don't get how linebreaker is supposed to work. My mount names start with...
View Articledata rolling from hot but not going to warm bucket
Hi All, Recently I have my splunk hot drive got corrupted so I symlink my hot directory to new working drive. I get all my new data written to new one but whenever a bucket gets rolled from hot ,...
View Articlecaching events to disk on Universal Forwarder
Hi! According to documentation on outputs.conf, maxQueueSize sets value for amount of RAM that queue can take when indexer is down. But I need to be able tocache large amounts of events, for example 5...
View ArticleI am unable to index ServiceNow database table
Hi , I have splunk enterprise in linux environment . And I am using with service-now integration. For that i am using Splunk add-on for service-now. I want to index database tables from service now for...
View ArticleSplunk Searches Run By User
Hi, I wonder whether someone may be able to help me please. I'm running the query below to obtain information about searches that are being run on Splunk and the query works fine. |rest...
View ArticleSplunk forwarder input queue
We have our own build application which collects data from other devices, and builds a string with a Splunk friendly format. We are considering to make the application deliver the data with tcp to the...
View ArticleEvery 90days Password change for SplunkWeb ID
Hello Splunkers, For audit purpose, we must set password rule which forces to SplunkWeb users to change password every 90days, however we dont have any external auth servers now. Also, password...
View ArticleHow stop onclickevent when page is loaded or refreshed
Hi I am trying to send an email when a button is clicked.This works fine except that when the page is refreshed the email action is triggered. How do i stop that from happening. Thanks in advance...
View ArticleWitch node (masterNode indexersNode searchHead) shoud be the licence manager...
I would like to add my Splunk Licence on a clustered envirenment, I have found no guidance in either the main Admin manual or the Indexing and Clustering manual on this... Any help or guidance from...
View ArticleHow do I disable admon, netmon, powershell etc scripts running on Windows UF...
I'm not wanting to monitor these events and yet the scripts still run every minute (by looking at the task manager). I have tried adding stanzas to disable them in etc/system/local/inputs.conf but this...
View ArticleEditing config files in a SH cluster
When I create a saved search through the web UI on a SH, it's replicated to other members in the cluster. But if I create or modify a saved search directly in the config file (vi...
View Articlehow to apply xmlkv for result of other query
Hi, I have huge xml and i have written a query to break the xml. Let me explain with small example ( though i am doing this on a bigger file, i am showing this for understanding) My main xml:...
View ArticlePython script will only succeed every now and again
Hi, I wrote a Python script to retrieve JSON data from a REST API. The script fetches the JSON with the urllib2-module and does some parsing with the json-module. When I call the Python-script directly...
View ArticleRenaming column names(field value) in a search result
We have a test index which captures all the response times of different transactions by version I wrote a search to display different response times by different transactions and version *index=testing...
View ArticleAfter connecting to a windows domain, Splunk displays wrong username
I've looked around but haven't found the exact same issue I am having. I need to figure out how to fix the following: Feb 10 07:29:35 authpriv info devbox.domain.com sshd[16296]:...
View ArticleDB Connect 2 - Connections not loading after Splunk / DB Connect 2 upgrade
Hi, I had Splunk V6.3.1 with DB Connect 2 V2.0.6 working fine. Because of the incorrect date reporting I upgraded DB Connect 2 to V2.1.2, which fixed the issue. Then I decided to upgrade Splunk to...
View Article