How do I set the inputs.conf file for continuous monitoring of an input file...
Hi, I've uploaded a txt file containing CPU performance data to splunk, set the source type to csv and have created an index. I've been able to generate a report from this. Data is coming from the txt...
View ArticleSplunk 7.0.0 - Metrics Index - Filter on hour and weekday
Hi We are trying out the new Metrics Index in Splunk 7.0 and ran into issues when filtering on the data. We want to only report the values inside business hours (Mon-Fri 7-18) for monthly reporting....
View ArticleIs there any way to compare multivalue fields to single value fields?
Hello Splunk Community, I've tried to do my homework on the subject and I'm coming up short, so here I am. I'm a few months new to Splunk and I have a question regarding multivalue fields. The problem...
View ArticleHow to integrate BeyondTrust Retina to Splunk and find all scan data?
I am planning to integrate BeyondTrust Retina to Splunk and would like to know the process. Currently, the logs are coming coming to Splunk via primary server and not with the Retina DB. I have seen...
View ArticleHow to subtract 2 row sum total value
How to get the Total difference amount from DP - RF Search used: index=elm-*** | dedup transactionid | eval amount=round(amount/100,2) | stats sum(amount) as Total by actioncode actioncode Total DP...
View ArticleHow to set "Splunk Authentication" in splunk Java sdk
I got authentication like "Splunk xyz-hnhn-hsnsnhdn-etahshd" (Of course I am putting wrong password here so don't try to encrypt it). What is this authentication? and how can I set this authentication...
View ArticleIs outputlookup just really slow?
I am trying to summarize data for all time from an accelerated report. My approach is to do this a month at a time going backwards in time until I have everything and then I will schedule a daily job....
View ArticleSplitting single lookup table column/field to filter on multiple fields
We have JSON logs being stored in Splunk. A sample log record looks like : { data: { "hostname":"http://server.com", "uri":"/api/something/", "service":"service_1", "http_status_code":"500" } } The...
View ArticleCan I color a cell based on condition?
Hi, I have 2 columns that shows run times for a job (ReallDuration and RunDuration) . Real duration is how much time the job should run and RunDuration is job ran for how much duration. The values are...
View ArticleIs it possible to download the XML of a dashboard? (using Python)
Hello! I try to write a python script that shall download the XML of a dashboard. After that some tokens shall be replaced and then I want to upload the XML. Is there any method in the splunk SDK for...
View Articlei'm having trouble with the okta add-in for splunk
for the Okla add-in for Splunk. In the inputs.conf, what do the values mean for disabled? Does "disabled = 1" mean the input is disabled?
View ArticleHow can i get a timestamp when time only shows time and date is randomly...
Stumped here. I have a logfile that looks like 18:21:05 (lmgrd) TIMESTAMP 8/16/2017 18:26:06 (ansyslmd) TIMESTAMP 8/16/2017 18:05:35 (ansyslmd) OUT: "hfss_solve" rv@rv.com 18:05:50 (ansyslmd) IN:...
View ArticleIs there a function that concatenates result lines of strings?
Hi everyone! I would like to format a result into a string and I don't even know where to start and if there even is a function for that ... My results are a simple list of number/characters: AD1234...
View ArticleWhat permissions do I need to give a user on the master node to view the...
What capabilities I need to give to particular user on master node in order to view monitoring console? Right now I have given admin_all_objects capability. But when I am checking health check it is...
View ArticleSplunk ingest SNMP traps
Hi As per the documentation given in Splunk "http://docs.splunk.com/Documentation/Splunk/latest/Data/SendSNMPeventstoSplunk", I have snmp trap listener running. But not sure where the log file is...
View ArticleWhy is my search continually parsing job
We just installed Splunk. I ran several simple canned test reports (error within the last 24 hours, within the last hour) and all I see is Parsing search, and a flashing parsing job. I never get...
View ArticleWhat is the best way to compare emails in two different formats
I have two fields, I need to compare, that contain an email address, but in different format: Format 1) firstname.lastname@domain.com Format 2) firstname_lastname_domain_com What's the best way to...
View ArticleHow do you specify x-axis intervals on ChartView (type column)?
Hi all, I am using the object ChartView (type column) however I am not able to set the intervals (units) in axis X for 1 hour. I am executing the query (timechart span=1h sum("XXXXXX") by "YYYYYY")...
View ArticleBlue Coat Security Analytics App For Splunk: Is there any documentation for...
Hi Splunkers, Just like to ask if splunk has an add-on for bluecoat SA or the Bluecoat App is the only way. If app is the only way, is there any guide or documentation for proper integration of...
View ArticleHow to remove real time from timepicker from complete splunk
Hi all, Please help to understand why i am not able remove Remove real time option from timepicket from complete splunj. 1. i disable real time menu in setting->user-interface->timeranges it does...
View Article