Some zeros values are not showing. Some do. Why?
I have a csv that I import daily and some values decide to not show as "0", and some do. Here's my search: index="stockscreener_1d_ni" | stats values(Change ), values(Vol), values(Price) by Symbol |...
View Article2 indexes. Need to determine if particular field's value shows up in index 1...
Do I need to do some fancy joined search here? I have values that will show in index 2, and I want to check index 1 to see if they exist, then table results. Is this something that I need to provide a...
View ArticleHelp for configuration VMware APP integration with Splunk.
I already installed the VMware APP on Splunk Dashboard and installed DCN on another VM, and already integrated the VMware APP ad on with Vcenter and DCN, the status is OK, however I only can see the...
View ArticleSplunk Add-on For AWS: Configure Traffic via VPC End-point
I'm running Splunk 6.5.2 in AWS. I have a Heavy Forwarder with the AWS Add-On installed. The majority of our external traffic goes via a proxy server but for some of the AWS API traffic it goes via a...
View ArticleHow does reindexing data count against the license?
Does the licensing usage calculation take into account (a) the date the indexed data is from or (b) the date when the data is indexed? I need to delete some data from the past year and reindex it. If I...
View ArticleArchive raw and/or indexed data to external syslog server
Hi all, Our Splunk server is getting data through several channels, e.g. universal forwarders, TCP input (e.g. OPSEC LEA of Checkpoint data), SNMP, DB connection, etc.). We hope to make a copy of these...
View Articlemap and sendmail commands in search head clustering
In my environment, I am building search head clustering consisting of three search heads and one deployer. In addition, I using an alert that sends mail individually with the "map" command and...
View ArticleFirewall logs support
May I know which firewalls logs are supported and which format it should be. In my organization there is Checkpoint firewall. The logs of it will get upload or not and in which format.
View ArticlePDF generation error HTTP 400
Hello, Since several days, the pdf generation is not working. From a dashboard, if I select export-> export PDF, I get the error "page not found error HTTP 400". I tried with other dashboard and got...
View ArticleHow to enable sourcetype="WinRegistry*" for Windows infrastructure app ?
I am getting this message when I do windows infra guided set-up, WARNING: Search "sourcetype="WinRegistry*" | head 5" did not return any events in the last 24 hours I have already checked...
View ArticleHow many users can I create with dev/test license?
I used to have a trail Splunk server, and then import a dev/test license to it. So far there are 4 users in the dev/test Splunk server. One day I reset password of admin account, then every user was...
View ArticleColor the cell based on condition
Hi, I have 2 columns that shows run times for a job (ReallDuration and RunDuration) . Real duration is how much time the job should run and RunDuration is job ran for how much duration. The values are...
View ArticleWhat capabilities needs to give on master node to view monitoring console?
What capabilities I need to give to particular user on master node in order to view monitoring console . Right now I have given admin_all_objects capability. But when I am checking health check it is...
View ArticleHow to work with results / format them?
Hi everyone! I would like to format a result into a string and I don't even know where to start and if there even is a function for that... My results are a simple list of number/characters: AD1234...
View ArticleHigh CPU Utilization Report
host=*aeperf01* index="perfmon" collection="CPU" counter="% Processor Time" | bucket _time span=15m | stats avg(Value) as avg_CPU by _time | where avg_CPU>=60 The above query is giving me the CPU...
View ArticleHow to specify x-axis intervals on ChartView (type column)
Hi all, I am using the object ChartView (type column) however i am not able to set the intervals (units) in AXIS X for 1 hour. I am executing the query (timechart span=1h sum("XXXXXX") by "YYYYYY")...
View Articlehow to calculate endtransactiontime - starttransactiontime when...
Hi !! I want to calculate TransactionEndTime-TransactionStartTime, where TransactionStartTime is in CaptureLocation=Request and TransactionEndTime is in CaptureLocation=Response. I tried using...
View ArticleSetting timezone is not working (Version 6.5.0)
Hi all, I am trying to change the timeset of the forwarders however it it not working. As indicated in the URL...
View ArticleWhat capabilities are needed to run sendemail command?
Hello all, Certain users in our environment seem to be able to run searches utilizing the "sendemail" command while others cannot. I am assuming this due to differing capabilities assigned to their...
View ArticleCreate Splunk Storage (Disk Space) Capacity Alarm (Alert)
The OS I am currently using is Redhat, i need help with the query that sends an alert if the DiskSpace goes over 70 percent host="MONGO" sourcetype=df
View Article