Error using the preview app
I like the preview app, since we can very quickly identify a matching sourcetype and show the prop block values. The following sample data set caused an exception in the 2016.02.12 14:58:26 ERROR -...
View ArticleSplunk not ingesting last event
We are currently ingesting our historical data, but we may have found a defect/bug. When we drop a month worth of files for a batch input, there are a few files where the last event does not get...
View ArticleSupport for ISE version 2.0?
Does the Supporting Add-On for ISE as well as Splunk for ISE support ISE version 2.0? There are several dashboards that don't appear to be displaying correctly. For example the location overview is...
View ArticleProblem computing error rate from two different queries for a graph. . .
Other answers I have found don't quite seem to work in my case here. Have seen similar where it can be done based on say "type=" fields and the append/join suggestions don't quite work either. Hoping...
View ArticleSanity Check on a tag please
All, So trying to make a quick tag to discover command OS metric issues. Basically I want a tag called tag=osproblem I want it to return hosts that - 90% or higher CPU, RAM 90% disk space used Any swap...
View ArticleSelect all values from downdown list
I have populated drop down input list in my dashboard and I am able to select all my options but everything I have tried using "*" as the wild card doesn't appear to work. Any help on how I can get an...
View ArticleVMware App 3.2.1 not working
We're running the latest VMware App and Splunk is on 6.3. We just setup our DCN per the instructions have have green check marks by both the DCN and the vCenter area's. No data is coming in. ![alt...
View ArticleCan I allow a user to change visualizations in a dashboard?
I have a timechart that could make sense in a number of different visualizations. Is there a way to create the dashboard panel and add a control so that the person reading the dashboard can change the...
View ArticleSplunk is using the wrong disk for some reason - why ?
I have 2 drives - C and D on the indexer. I've defined the D drive for the indexing. yet Splunk Folder is using 19GB - I've noticed that the biggest folder is C:\Program...
View ArticleObservations/Question Recently Installed Splunk
Hi All, i just recently installed splunk enterprise and having following questions. 1.How can i delete previously indexed hosts 2.How can i edited/deleted sources type for particular hosts
View ArticleServer Class name truncated in inputs list (web) when adding a stanza in a...
Hello, I am in a dead end here with an issue I face. Whenever I add a new input stanza in the inputs.conf file of a deployment application, then the server class name in the web for that input is...
View ArticleOutput SmartThings Logs to HTTP Event Collector
So I've been working on modifying this code here [https://github.com/TheFuzz4/SmartThingsSplunkLogger/blob/master/splunklogger.groovy][1] [1]:...
View ArticleMissing Netflow from Cisco ASA5505
All, The documentation is scattered in various places and not one place. Help. This should be simple and not hard to do. Can someone send me to the documentations for this on Cisco ASA5505
View ArticleHow do i add custom inline icons to a dashboard using the example from Splunk...
Hello, I working on adding inline custom icons to a table in my dashboard using the code from Splunk 6.x Dashboard Examples and a blog post titled Custom Icons in Splunk 6 Tables.. to no avail....
View ArticleMonitoring 15% drop in logins with delta
Hi bit of background, I am trying to monitor a 15% drop in logins using the delta command at the moment over Last 15mins I am using the below search as my test: index=*_XXXX_app AND (/security/session)...
View ArticleHow do I find the difference in time between two fields in the same event?
I am fairly new to Splunk so bear with me. I have extracted two fields and they are ConnectTime and DisconnectTime and are consecutive in my event in that order. I want to find the difference in time...
View ArticleOne multisite indexing cluster or several single site indexing clusters?
I am planning a multisite architecture. I have 3 sites in 3 different locations (different countries across Europe) and the first thing I need is to store local indexed data locally on each site (so...
View Articledynamically assign sourcetype on folder
I'll like to assign the sourcetype on the folder the logs are sitting in ***What I have*** File location pick up by forwarder C:\Program Files (x86)\LIC\Current\test\filename.log **props.conf**...
View ArticleNeed help on rex
Hi Team, Need help to extract fields for the following. Please help rex for the below. 'ConnID' '007202761fdb2c01' 'VirtualQueue' 'ABC_EFG_BJFNKJFN'
View ArticleRestrict User Search Period
Hi, I wonder whether someone could help me please. I know that I can restrict a users 'search period' by changing the **'Restrict search time range'** in the role settings, in my case 90 days. But I...
View Article