Properties/Arguments in Endpoint URL for REST Modular Input
Hi Splunkers. I'm trying to set up a REST input to bring back output from an API. These are the parameters used to form the API Endpoint URL. i.e. https:///<1st_parameter>//token?api-version= In...
View ArticleIssue with Blacklist in Inputs.conf
Hi Experts I have following monitor stanza . I want to blacklist "data/xyz/logs/router.jar.log" but want to monitor "/data/xyz/logs/abc/abc-router/abc-router.jar.log" . Though I have mentioned router.*...
View ArticleAccess Granted/Denied query
Hi, I have the following table: _time usernameOK _time usernameFail example: 2017-09-28 00:10:00 usernameOK=robE 2017-09-28 01:10:20 usernameFail=jonasH 2017-09-28 02:20:23 usernameOK=timN 2017-09-28...
View ArticleHow do I color a single value based on a text value/on a different value than...
I'm interested in coloring single value displays based on the text value of the single value, and/or based on a different value than the one displayed. I've seen the first part of this question around...
View ArticleTime_format_change_procedure
Hi Guys, I am trying to create a use-case as " date when any single user was created in AD" it's done but I need to change time format to readable format, right now it coming like this...
View ArticleMany duplicate events since a major outage / corrupt buckets?
Hi guys, since I still can not open a support case, I can only try it here (I've tried so many times to get this issue resolved, but yea, it's not like we're paying a lot of money for support). We...
View ArticleData Model: Change Root Event Constraint returns 0 results.
Hi all, I've been working on a Data Model, and have a root event with constraint: `index=test_index` Now, when I change the constraint to: `index=prod_index` In the preview, nothing gets returned. **1)...
View Articlesorting date/time
Hi, I have example of date/time as below Mon 28 Dec 2015 06:26:19 PM ICT Mon 26 May 2014 04:52:02 PM ICT Fri 17 Feb 2017 04:01:59 PM ICT Wed 28 Jun 2017 05:49:04 PM ICT Wed 05 Oct 2016 06:46:30 PM ICT...
View ArticleJournalSliceDirectory: Cannot seek to rawdata offset 0, path="..." on running...
I am using Splunk 6.6.2 When I ran search in Splunk Web for index for more than 30 days timeline "index="indextest" , I get this error: ![alt text][1] **JournalSliceDirectory: Cannot seek to rawdata...
View ArticleHow to configure splunk to convert numeric data from English to Italian?
I followed the document to translate splunk to a specific language [http://docs.splunk.com/Documentation/Splunk/6.5.2/AdvancedDev/TranslateSplunk#Localize_dates_and_numbers][1]. Though I copied all the...
View ArticleGraph from key/value pairs
Hello, I am extracting from a database the list of the largest 20 tables. The format would be something like =: For example: TableSizeMB LargestTable=2012 VeryLargeTable=2008 SomeTable=500 Obviously,...
View ArticleError in 'dbxquery' command: Invalid message received from external search...
Hello, When I configured a getting data from Oracle DB I got error after execution query. Error: Error in 'dbxquery' command: Invalid message received from external search command during setup, see...
View ArticleDebugging app breakpoints fail in VS & PyCharm
I am working to setup debugging for app development in Splunk 6.6.3. My challenge has been getting the breakpoints in the app to trigger. Following the blog post below, I have tried setting up both VS...
View ArticleHow to make my search more efficient? Help to remove joins
My search is running pretty slow and I am looking to edit/remove the joins to make it run faster. It looks pretty messy and the reason I have weird things going on with my location information is...
View Articlesearch logs show up only when i restart UF on DC
Hi Guys, I have installed splunk UF 6.3.3 on our Domain Controller 2k12 and following is my inputs.conf [WinEventLog://Security] disabled = 0 start_from = newest current_only = 1 evt_resolve_ad_obj = 0...
View ArticleSplunk App Babel Fish - Anyone knows about it?
I'm at a .conf2017 session on Splunk NLP and the demo'ed app is "App:Babel Fish" in a test environment - that converts the language queries into SPL and presents visualizations. This can integrate...
View ArticleHow to extract a JSON part from an incomming stream from journald to output...
The JSON part to extract is MESSAGES. We crated a REGEX which works in the search, but it should be also added permanently to this "transforms.conf" file. Our solution whitch didn't work is:...
View Articlestats count zeroes
I have the following search term .... | | stats count(eval(action="failure")) as fails, count(eval(action="success")) as successes by user, host | stats list(host) as "Hosts Contacted", dc(host) as...
View ArticleData retention of at least 6 months
Hello guys, I'm built this query, do you think it's reliable to check which index should be increased for home/cold sizes? | tstats latest(_time) as latest,earliest(_time) as earliest WHERE index=* by...
View ArticleSplunk and OSX High Sierra APFS
Splunk 7.0 doesn't start in new MACOS X with the APFS (Encrypted) filesystem. Is APFS not supported?
View Article