Why is it recommended to harden the KV Store?
Splunk documentation ("[Harden your KV store port][1]") states "we recommend that you secure your environment by restricting KV store access to your port" but there doesn't seem to be any documentation...
View ArticleHow to set a token from a base search in my dashboard to be consumed in an...
Hello, Like [previous post][1] I would like interpret code in html. Just a little change : html in token.TESTindex=* |stats count by sourcetype-60m@mnowNumber of results :...
View ArticleSplunk bucket replication network limit in multisite
We recently setup a multisite and replication between the sites. This is causing network congestion when it comes to replication the buckets. Is there a way to limit this using something like the...
View Article1st Time Setup of Universal Forwarder for Windows Log Collection and Missing...
I am trying to setup my splunk enterprise 6.6.1 to be able to injest windows logs from remote pc's but not having much luck. I know I am missing something, or not comprehending something, but can't...
View ArticleHow to resolve the error "Cannot get username when all users are selected"
I am getting error "**Cannot get username when all users are selected**" on the splunkweb when i ran any search. I have tried deleting cookies, it didnt work. I am using AWS ELB for load balancing the...
View ArticleError message: domain needs 'min' and 'max' fields
Hi I have run the following search ( Endpoint - Malware Daily Count - Context Gen) verified from a couple of different sources, and get the above mentioned error message....any advice? | tstats...
View ArticleTransforms.conf not added to UI
I'm getting ready to upgrade an app that we had developed in Splunk 6.2. We are now going to start using version 7.0 and wanted to update the queries so that it will work properly in 7.0. However, we...
View ArticleNeed help on predict command usage in graph
I have a trend graph that shows some data then its predicting out that data a couple days forward. However, The prediction starts when the normal data starts, when I would rather have the prediction...
View ArticleFormat cell in table by comparing to another value
I have a table that is setup as below. I need to change the cell background color based on a comparison of each cell to the requirement cell in that row. Column headers are going to be changing...
View ArticleHow to compare previous data and alert if result over 5 percencet
We have monthly data for each SBU and we want to setup an alert if any total increase more than 5% for up coming month. index=mydata | bin span=1mon _time | stats sum(total) as Total_Val by _time, SBU...
View ArticleAfter editing inputs.config on forwarder data shows up unreadable
Hi i edited the inputs.cinfig file on my forwarder and once i restart splunk etc i see the data on search but it is not readeble. can anyone tell me what i am doing wrong? [default] host = xxxxxxx...
View ArticleTrend values on x-axis and y-axis by serv
index=... sourcetype=... | rex "(?) and (?\w+) and (?)" | table totaltime,duration | timechart or chart would like to populate totaltime in x-axis and duration in y-axis for each serv would like to...
View ArticleHow do I replicate settings in system/local across the search head cluster?
When using a stand alone search head, we made configuration changes in `etc/system/local/`e.g. outputs.conf, limits.conf, etc I've converted this standalone instance to a search head cluster, but I...
View ArticleError message when running a search on the search head - Unable to distribute...
I get the following error message when running a search on the search head: Unable to distribute to peer named :8089 at uri=:8089 using the uri-scheme=https because peer has status="Down". Please...
View ArticleShould metrics support overwriting events instead of duplicating metrics
In Splunk 7.0.0, when sending data to a metrics index, it looks like one can send duplicate metric measurement events (e.g., the same tuple of time, metric name, and dimensions) and the metric index...
View Articleone of my index size is 500 GB now its almost getting full so want to...
one of my index size is 500 GB now its almost getting full so want to increase size to 2TB. I am using multi site cluster environment. Can anyone please suggest me how to do it?
View ArticleComparing values in dashboard and then applying traffic light colors
I need to compare values in columns to a column that contains a performance requirement. The requirement will be different in each row and the column headers (Val1, Val2, Val3) are dates so they will...
View ArticlePlotting a timeline
Hello: I have a long row of time and dates for each overall "event". So the data looks like 8/11/2017 18:00:00 8/15/2017 04:00:00 8/19/2017 15:00:00 Can you recommend the best way to plot this...
View ArticleDrilldown: Use starttime of bar in timechart as `earliest` field in...
After spending hours unsuccessfully searching the splunk answers for a solution I would like to phrase my question: I have a timechart which I display in a dashboard. When I click on a bar, I would...
View ArticleWhat is the best practice: Implicit or Explicit Index Path Locations?
Curious on what is the recommended? I know the second one makes sense for readability, but the first one i feel would greatly reduce retyping and indexes.conf file size: **Practice 1** [default]...
View Article