Props.conf Multi Extraction Not working
Hello, Props.conf is not functioning like I expect. I have a scripted input that looks like this CONTAINERID IMAGE COMMAND CREATED STATUS PORTS NAMES 0dce14da9952 centos "/bin/bash -c 'while " 16...
View ArticleWhen Was The User Account Created
Hi, I wonder whether someone may be able to help me please. I'm using the query below to list the current user accounts: |rest /services/authentication/users splunk_server=local |fields realname...
View ArticleSearch for Server Uptime for last 24hrs
Hi , We are looking for a search for server uptime and downtime. Server is up from last 20days, and results will be retireved only if we select 20days from timepicker, We are looking a search for below...
View ArticleSplunk App on AWS to custom UI - How to?
I would like to have a completely personalized/customized web interface for my Splunk app on AWS where I could implement front-end GUI such as login screens, change password, etc and then *somehow*...
View Article[Index Cluster] Need to Decommission one Site?
I guess it is different cause the first one still leaves multisite as true but has now a new number of sites which is a much more complex scenario than just ignore site value if multisite is false as I...
View ArticleGenerate distinct events as records update in database table
I'm using Splunk DB Connector v2, and have a table with 100 devices with location_lat, location_long, location_updated fields (this is a legacy database, so I can't change the schema). How can create a...
View Articleoptions for using the commercial maxmind database
We have a subscription for maxmind and I am trying to figure out how to use the ISP and Organization fields from the database. Can iplocation be extended for new fields or do I have to build an TA?...
View Articleanyone get this TA to work?
I am getting unknown command. I exported the app globally so i do not think this a permissions issue.
View ArticleBulletin Message To All Users
Hi, I wonder whether someone may be able to help me please. I'm looking to send a "bulletin" to all my users to highlight a change we are implementing on our Splunk system so they are all told at the...
View ArticleWhat is the best way to group a bunch of data and minus another group of data...
I have a following situation: some commands | table Type, Value which results in: Type, Value ========= A, 5 B, 5 C, 1 D, 0 I need to add up A,B and subtract C,D and append them back to the table like...
View ArticleCannot create notable events in ES
Issue I see in web_service.log : 2016-02-15 16:58:28,367 ERROR [56c203b3dd836e2840f0] init:340 - Mako failed to render: Traceback (most recent call last): File "C:Program...
View ArticleUse a button on the dashboard to control when a search query is executed
Hi, I have a query in my dashboard that is quiet expensive - it can take over a minute to complete. The result is shown in a pie chart:...pie Because the query takes so long and is needed infrequently,...
View ArticleHow can I have the time between arrival of events and line break of events ?
Hi Splunkers, Considering about delayed syslog data, I have tried following scripts which output messages to the monitored file by splunk. echo -n "Mon Sep 22 17:18:22 2014 +80:00 SESSIONID: "155"...
View ArticleHow can delete data of host from by index.
Hi I have need save space from server indexer. In the index main I have a host off and not used and i would delete all date of this from index. How can delete only data without delete all index main?...
View Articlegeostats コマンドをつかって地図上に表示する際、より細かく地図上に表示したいときはどうすればいいのでしょう?
緯度や軽度の情報を数多く含んだデータがあるのですが、これらを地図上に細かくマップしたいです。 geostats count などとすると、大きな丸が地図に点々と表示されるのですが、これだと荒すぎてこまっています。 なにかいい方法はないでしょうか?
View ArticleExtract User Accounts & When They Were Created
Hi, I wonder whether someone may be able to help me please. I'm using the query below to extract the date when Splunk user accounts have been created: index=_audit action=edit_user operation=create...
View ArticleHow can I change search of Cisco Security Suites Overview Dashboard with...
Hello Splunker, I would like to change search of cisco security suites dashboard with source ip input. I tried to add input and define token is src_ip but when i fill out the src_ip, dashboard not...
View ArticleHow can I detect a successful login after multiple failed logins?
Hello, fellow splunkers! What I am trying to do is to detect a successful login after multiple failed attempts. I've been trying to get a working search for Windows and Linux but wasn't very...
View ArticleAnyone using whois addon in Splunk 6.2.2
I installed the whois addon in Splunk 6.2.2 but not works. It shows "Error in 'lookup' command: The lookup table 'whoisLookup' does not exist. ", anyone please help.
View ArticleSimple Form Dropdown Menu
Hi, I wonder whether someone could help me please. I'm trying to put together a dashboard which is set out as follows: - Timepicker - List of usernames which is filtered by the timepicker Then when the...
View Article