Do seperate installation of DM,CM,SHC DP really required on same machine?
I have one machine for Deployer,Cluster Master,Deployment server and license master.Do I really need a seperate installation of these components in same machine?If yes please help me with the steps,if...
View Articleperfmon:sqlserver set to disabled, still receiving data on the Indexer ?
I have set Universal.Forwarder on SQL Server to forward all data to heavy forwarder. However, in the search results of the Indexer, for the indexed data from SQL, it shows the "Splunk Server" field as...
View ArticleMachine Learning Toolkit: importing new algorithm
I followed the procedure in API Guide 2.4.0 to add the CorrelationMatrix algorithm. But an error resulted. I am using Windows 10. I first added [CorrelationMatrix] in algos.conf located at...
View ArticleHow can I edit field values?
Hello together, I have the field *Vegetables* with 5 field values. The field values are cucumber, tomato, onion, carrot and potato. When I am clicking to the field in the *fields sidebar*, the field...
View ArticleFix table header and add vertical scrollbar using CSS and js
Hi All, I want to display 100 rows results in table per page with vertical scrollbar and fix the header when we move down I am trying to use `overflow-y: scroll;` on div. so it shows vertical scrollbar...
View ArticleWhat is best answer for describing Deployment
I have gone through splunk docs it is like a puzzle for me to know about deployment. Can anyone give me perfect answer instead of posting links
View ArticleUnable to save SA-ldapsearch configuration despite of the connection status...
I have configured the setting for SA-ldapsearch (with ssl disabled) and tested the connection successfully. However, I am unable to save the config. Nothing happens when I click on Save. I have tried...
View ArticleAfter forwarding windows event log data into Splunk on Windows 10, how do i...
Hi, I have installed the SplunkUniversalForwarder and ave sucessfully got data into Splunk. However, i want to view the scan logs from Windows Defender, how should i search it on the search head?...
View ArticleSearch query to replace first occurrence word with blank but second...
How do I use regex or replace to remove the first occurrence word found and replace second occurrence onward with comma? For example, the raw data is: ubuntu CRON[2907]: pam_unix(cron:session): session...
View Articlemonitoring failed weebhook(search alert)
In Splunk enterprise search, we can save the search query as alert and a corresponding action will be executed(webhook). I want to monitor failed webhook that Splunk enterprise sends. How can I do...
View ArticleHow to remove an entire column from results if all the values of the column...
Is there any possibility to remove an entire column if all the values of the column are zero?
View Articlestats values on x-axis and y-axis
basesearch | rex "(?m)^(?[^:]+):\s+\[\s+(?\d+)K-\>(?\d+)K\((?\d+)K\),\s+(?[^\s]+)\ssecs\]" | table totaltime,duration | stats or timechart or chart would like to populate totaltime in x-axis and...
View ArticleDeployment Server - sending data to a 'specific index'
Hi all, Just need help understanding deployment servers better and how you are able to forwarder data to a 'specific index' My current setp: - 1 index master ( a 'test' index has been configured and...
View Articlehow can i find someone who diabled the indexes in DB connect app ?
Hi , I am currently facing the issue like , My indexes created in splunk db connect has been disabled by some means or someone accidentally. I need to find out the person who disabled this , or how it...
View Articlesplunk alerts email body content color
Hello all, Help needed . I have setup some script which generates log and by monitoring that splunk trigger an email alert . splunk sends email alert of failure and successful execution of script ....
View ArticleIndex settings not showing details for latest event, event count etc, but i...
when i m clicking on settings ->indexes then indexes are not showing any details like latest event, earliest event, evetnt count etc. But when checking data on search head it is showing data(latest...
View ArticleOTHER index information
I am observing my license usage in which one index exist which name have "OTHER". Is it by default index or not. Which kind of information it contain? How can see it.
View ArticleSearch strings that qualify for report acceleration but won't get much out of it
Splunk "Manage report acceleration" manual specifies the following: In addition, you can have reports that technically qualify for report acceleration, but which may not be helped much by it. This is...
View ArticleBar chart color customization - dynamic fields ?
Please help me out here . I am trying to customize the bar chart color when using the stats command . my SPL |stats count by CODE how to set the colors dynamically for the count value in the series . i...
View ArticleHow to count the number of request hitting server ?
For the query : sourcetype="docker" AppDomain=Eos Level=INFO Message="Eos request calculated" I have the following output: host = aecastle01ran05.awsdev.cloud.com source = http:docker sourcetype =...
View Article