Dont show Repeative result
hi i have one problem in making report. in my report result i have repeative name how can i avoid to not show the repeative name in result. i put the screen shot here![alt text][1] i want to show last...
View ArticleAre there best practices for CIM datamodel mapping for PaloAlto firewalls?
Are there best practices when mapping PaloAlto firewall logs to CIM datamodels? One think that I noticed is that Network_Traffic maps anything with tag="network" and tag="communicate". This means all...
View ArticleCustom alert action script return value handling
If I create a custom alert action script normally the output sent to stderr is logged by Splunk. But if I use the `alert.execute.cmd` option this output is not logged. Is there a way to capture the...
View ArticleJSON Search Challenge
Hi all, Very close with the offerings in other JSON/SPATH posts but just not getting it done. We have a JSON formatted log coming into Splunk that gives a ton of data on our servers. One of them being...
View ArticleIndex Volume by Host
I need to find how much volume hosts are sending to my "main" index. The search below queries the internal index, and I'm not seeing the hosts that I need. If I search a specific host under main index,...
View ArticleScatter Plot zoom
Hello All, I have scatter plot visualization, I am trying to zoom the visualization using mouse cursor but its not happening , if the same visualization i make on a bar chart I can zoom the...
View Articlehow to increase retention time of Splunk monitoring console Reports
how to increase the retention time of Splunk monitoring console Reports in distributed environment
View ArticleSplunk lookup using csv-keys as input and csv-values as output
I have event data as follows: `a,b,",1,2,3,",c,d` And I have lookup table as follows key, value 1, one 2, two 3, three 4, four I need the following output using lookup a,b,",one,two,three,",c,d note...
View ArticleSplunk Supporting Add-on for Active Directory: ERROR socket ssl wrapping error
External search command 'ldapsearch' returned error code 1. Script output = " ERROR socket ssl wrapping error: [Errno 104] Connection reset by peer " installed and Configured "Splunk supporting Addon...
View ArticleCan I perform stats count on a substring using regex?
I have log events such as activity:http://xyz/rest/876 http://xyz/rest/223 http://xyz/rest/263 http://xyz/rest/4534 http://abc/rest/1 when I do stats count by activity I want to get results as:...
View ArticleWhy are results different if my search is used in the dashboard versus the...
I have used sub earch, while running from search bar its showing correct result as single value. But when put it on Dashboard panel, its showing No result found. I tried to put that query in CDATA as...
View ArticleWhy am I receiving "No matching visualization found for type: treemap" message?
***No matching visualization found for type: treemap, in app: aiam-common-visual-6_4*** I've already check the permission and the app settings. I am also using other custom visualization and they all...
View ArticleIs it more efficient to search in the main index with data from the summary...
i have created a dashboard with 6 panel's, with last 7days time frame (from today) for transaction's count between the A-b, B-c, C-D applications, daily more than 1lakh + transactions are flowing, no i...
View ArticleCan I use dedup to remove a duplicate value in my report and to show only the...
hi i have one problem in making report. in my report result i have repeated name how can I avoid to not show the repeative name in result. i put the screen shot here![alt text][1] i want to show last...
View Articlemissing users.ini file
I have been getting a message that says that a file has been improperly modified or missing. The result of the integrity check says that that file that failed is users.ini that is located in...
View ArticleSplunk 7.0 installation failed to complete
I am upgrading to Splunk 7.0. The installer hangs and does not complete. Running Win10 1703 on vmware 12 looking for help
View ArticleAlert Manager app: Can I integrate alerts to all search heads in a search...
Hi, I have a search head cluster with 3 members. I want to integrate alert manager app in the search head cluster in such a way that on all the search heads I should be able to get all the alerts OR...
View ArticleMethod for non-admin users to reset their password upon first login to Splunk?
Hi, As an admin user I have logged into Splunk & created few Roles & Users followed by assigning common password for all users that I created. How can I facilitate users to reset their password...
View ArticleHow do I edit permissions so customers can only view dashboards and reports?
Hi, i wish to provide a Splunk application to our customers. But I do not want to provide them with 'search' capabilities. I have tried removing permissions for search & Reporting, but then I also...
View ArticleWhy does my search that checks for extract yield events twice with two...
I recently setup Splunk Dashboard integrated with Tableau, when i run below mentioned query it gives me a count of successful extract for today. host=TABLEAU splunk_server="ip-XX-XXX-X-XXX" "(XXXX,,,)...
View Article