How can I calculate per host CPU utilization in a report?
host=*aeperf01* index="perfmon" collection="CPU" counter="% Processor Time" | bucket _time span=15m | stats avg(Value) as avg_CPU by _time | where avg_CPU>=60 The above query is giving me the CPU...
View ArticleWhy am I not seeing results from last 60 minutes, but I do from last 15 minutes?
When I run the simple search host=hostname source="/var/log/audit/audit.log" | transaction fields=msg | search keyword and select "Last 60 minutes" or larger, I get No results found but if I run the...
View ArticleHas anyone ever created an app that brings reporting data from Symantec's...
Has anyone ever created an app that brings reporting data from Symantec's Control Compliance Suite into Splunk?
View ArticleHow do I use a CSV of CIDRs/IP addresses as a list to query?
I have a CSV file that contains a list of CIDRs and IP address: dest_ip 12.0.0.0/16 13.0.0.0/17 14.0.0.1 14.0.0.2 I want to compare the CIDRs/IPs to result set, and then get a count of each CIDR/IP....
View ArticleWant to Add/Modify the app menu bar.
Have added the new view name in default.xml file and restarted splunk but the new menu bar(view name) is not getting added to the app menu bar. Please advise. search_view="search" color="#65A55">...
View ArticleHow do I import a CSV of CIDRs/IP address data?
I have a CSV file that contains a list of CIDRs and IP address: dest_ip 12.0.0.0/16 13.0.0.0/17 14.0.0.1 14.0.0.2 I want to compare the CIDRs/IPs to result set, and then get a count of each CIDR/IP....
View ArticleWhy can't I disable real-time from my Splunk search?
Hi all, Please help to understand why i am not able remove Remove real time option from timepicker from complete Splunk. 1. I disable real time menu in setting->user-interface->timeranges it does...
View ArticleWe added a new view name in default.xml and restarted Splunk but the new menu...
We added the new view name in default.xml file and restarted Splunk but the new menu bar (view name) is not getting added to the app menu bar. Please advise. search_view="search" color="#65A55">...
View ArticleResults from root search in a subsearch
Here is an overview of what I'm trying to accomplish. I have created a table that uses information in the threat activity index that shows shows the connections by source IPs to malicious IPs. I need...
View ArticleCreating my first app/webhook - How do I get the results of the alert and add...
Hello, I am a total noob with Splunk and Python. I have created an app that is similar to the Webook app. It is to send a JSON payload to a Glip webhook. Everything works, except I would like to send...
View ArticleHow to show more selected fields on dashboard event panel
Hi There, I have a dashboard I've created to explore XML trace transactions, it works fine, but when trying to find specific parts of the transaction I have to open each event and check if its the...
View ArticleC# Rest API to Deployment Server
I am trying to connect to the deployment server using C# and REST. I can connect to the search Head over HTTPS but I get error: "The underlying connection was closed: when trying to connect to this...
View ArticleSciprting in Metrics with Splunk?
All, Still getting my head around metrics. I shameless stole this line of bash and setup metrics and it's working . UI was cool. echo "mydesktop.cpu.util:$intCount|c" | nc -w 1 -u...
View ArticleHow do I exclude fields with certain values from a table when the event has...
Hi, As the title says. Refer to the screenshot below too; ![The event][1] The above is the log for the event. as you can see, there are multiple indicatorName in a single event. ![The table][2] And...
View ArticleMonitored logs file (located in UNC path) has been re injected each time new...
Our Splunk monitoring and log file located on a network share. New line is always added into bottom of the file. Everytime when there is new line added into the log, the entire log file got injected...
View ArticleCannot find var/lib/splunk/defaultdb in linux server...
Hi, I can't seem to find var/lib/splunk/defaultdb in my linux. I was following these instructions here. http://docs.splunk.com/Documentation/Splunk/6.2.1/Capacity/Estimateyourstoragerequirements Did a...
View Articlehot_v* file not found but able to see file using locate
Hi, Referencing to http://docs.splunk.com/Documentation/Splunk/6.2.1/Capacity/Estimateyourstoragerequirements, I'm trying to estimate my storage space on Linux. At /opt/splunk/var/lib/splunk/defaultdb,...
View ArticleWhich indexes.conf should I edit to set retirement policy?
Hi, I'm trying to delete old data due to space issue and I found this http://docs.splunk.com/Documentation/Splunk/6.2.1/Indexer/Setaretirementandarchivingpolicy. But then I found that I have 4...
View ArticleFree disk space (5000MB) reached solved but storage did not reduce
Hi, I just set my retirement policy due to space issue (reference: https://answers.splunk.com/answers/583891/which-indexesconf-should-i-edit-to-set-retirement.html) My vm used storage is the same...
View ArticleDispatch folder is only 284KB but I still encounter minimum free disk space...
I wanted to reduce my storage space. I have already set retirement policy but my used space did not reduce although the error message is not gone. I did a ncdu on /opt/splunk/var/run/splunk/dispatch...
View Article