How to calculate an average of P98 of last 5 different search request together
My task is to calculate the average of P98 of last 5 requests and compare it with the latest request's response time. I am new to splunk so how can I calculate the average of P98 of last 5...
View ArticleUsing regex to extract a string where the following string may or may not exist
Hi, I am trying to extract some fields which are generally bound by other strings (eg Some Text 1 Some Text 2). I have a situation where a field may or may not have anything following it. For example,...
View ArticleLicense expired on Splunk App for Microsoft exchange on the first day of its...
The description on the Splunk App for Microsoft Exchange says,"This app requires a paid license to use. "**The trial license lasts for 60 days"** However, it started giving me 100s of "License expired...
View ArticleManaging SPLUNK in an Enterprise environment
Good morning everyone, I have a question. We have Enterprise apps like Microsoft Exchange and we would like specific application log data on it. Now as i understand you have two options: 1) change your...
View ArticleHaving source ip from 3 sourcetypes, how do I combine them all in one field...
I have source ips from 3 different log sources with 3 different field names. I want to have all the values from the 3 sources to come under one (new) field so that i can table the new field for a...
View ArticleRetrieving Users Access List To The Splunk Tool & also Retrieving the Login ,...
How to retrieve list of users with access to the Splunk tool and then access logs related to who is logging in and out of the Splunk tool. Also, logs related to functions being performed on the Splunk...
View ArticleTo keep from overwriting existing fields with your Lookup you can use the...
Question from Quiz, couldn't figure it out what exactly mean by it.
View ArticleSplunk commands.conf preview
Hello, I am writing a custom command, which generates events from external source. My script is dumping to stdout 10000-event chunks of data (each per about 1 second) At this moment I get (in Splunk)...
View ArticleCustomize launcher app (icons app in full screen)
Hi, Is it possible to customize the launcher app ? I have many apps (~50 apps) and it's hard to find my app with the app list on the left of the screen. Need to scroll all the time to find the good...
View ArticleLookup based table in Splunk?
I have a search that searches indexes for all time, and retrieves values(1 field) and stores it in a lookup. I figured that if I set the earliest time and latest time for the search from a config file...
View Articlei want to filter my search results based on the field value in lookup file?
i have unique 19 address field in a address.csv file,such as address /ai/rcmid/abinitio/prod/rcmln/data/mfs/mfs_14way/rcm/rcm_aml_src/main/d_aml_visa_account.dat...
View ArticleUsing same inputs.conf for multiple forwarders with different monitor paths
I have a list of servers divided into different environments. I will be installing a Splunk Universal Forwarder on each server and targeting a Splunk Enterprise instance. I would like to create...
View Articletwo values in piechart
In my search ik got a field called 'days' . This field is generated through counting the number of days between two different dates. If i use this field in a pie chart ik see (of course) all the...
View ArticleCustom cell properties in html/js
Hi everyone, I have a Splunk table in HTML and I want to make some of its cell editables. Is there any way I can add the property "contenteditable"= true to the table from the javascript? Thanks
View ArticleHow can I create an audit trail of changes to kvstore file?
I want to create an audit trail of what changes were made to kvstore and who made them. I'm using the web framework so i'm assuming there's a way I can push changes into a summary index or something...
View ArticleWhich regex code will help pull out the xml fields?
Everything repeats from VULN to VULN It is necessary to pull out the Number of VULN, severity, cveid, CVSS_BASE, CONSEQUNCE Excel19.36.9N/A Excel19.36.9N/A Excel19.36.9N/A Excel19.36.9N/A...
View ArticleMore linebreaking issues
I'm having some issues with linebreaks in one of our logs. I used **LINE_BREAKER = WSDL(,\s*)** that covered most of the log format, however I'm still having some issues with random events. Anyone have...
View Articleintegrating spunk with Sigfox
Anyone tried to integrate Splunk with Sigfox? Ha anyone had any experience using dashboards to display IOT type data?
View ArticleWhat capabilities do I need to give to a role to fix the error HTTP 403...
We have the Splunk App for Windows Infrastructure installed. The users with "User" role are getting the errors below on Computer Audit dashboard (Active Directory>Computers>Computer Audit): ⚠...
View Articlesplunk DB connect app
Is it possible to ingest the database table logs into splunk using stored procedures(DB app version: 2.4.0)
View Article