Help with knowledge objects permissions?
All, Alright, don't really have my head around knowledge objects permissions. I have roughly 100 field extractions that I am globally exporting. I'd rather restrict the to a single app called "Company...
View ArticleIs there a way to determine what are my most expensive field extractions?
All, How can I determine which search time field extractions are my most costly?
View ArticleMachine Learning
Hello All, Is there a way that I can predict the service shutdown based on historic data using Machine learning app or any other source. For example one of my application service is shuttingdown...
View Articlepassing dynamic value from stats to the remaining part of query
I want to pass latest_date for null value so that inprogress count sits there as there is no completion date for inprogress records. Thats the ask. Here latest_date is not passed as token. Im just...
View ArticleAbout splunk license time
I recognize that the license is capacity per day. Which unit is a day? For example, if you were in Japan time, is it from 00:00 to 00:00 in Japan? Or is it the 24 hour time in the USA?
View Articleupgrade from distributed to clustered env retaining configs and data
Hi Is there a way to upgrade a distributed env consisting of 1 x SH, 2 x IDX and a DS to a HA clustered env consisting of 3 x SH, 1 X Deployer, 3 X IDX and a Cluster Node ? (assume cluster node also...
View ArticleCan't get value of job.resultCount when using Custom Alert Action
How the alert is defined I have created a custom alert action after following documentation found here http://docs.splunk.com/Documentation/Splunk/6.6.0/AdvancedDev/ModAlertsIntro, my alert is defined...
View ArticleChange Log Event Timestamp
Hello, I am having hard time in understanding timezone assignment to the log event. I went through all the required doc but still doesn't have proper understanding. My log time stamp look like below,...
View ArticleGet only one value on drilldown for multiple values in a cell
Hi, I am trying to give cell value using drilldown as parameter to another dashboard. Below is how I have defined it: The source is a XML file containing multiple values for the same category. The...
View Articlefrom which version is the 'button' edit drilldown available?
We work with version 6.5.2 and i only see three options![alt text][1] [1]: /storage/temp/218590-internet-explorer.png
View ArticleSplunk Regex - Works in regex101 but not Splunk
I've got a regex that's working in Regex101's editor, but when I paste it into Splunk I get garbage or no results: Regex: ^(?:[^ \n]* ){5}\[(?P\w+)(?:\].*\])(?P[^:]+) Sample entries: Oct 24 18:43:57...
View Articlewhat is Index settings path and can I modify it?
Hello, I spun up an Ubuntu Linux box on Amazon EC2. My primary hard drive is 30gb and I also attached a 4tb ebs drive attached to the instance. My Index Settings Path is currently set to:...
View ArticleIs there a G Suite Splunk integration guide?
Hello, My IT Director has tasked me figuring out how to send our G Suite log data to Splunk. Is there any guides on how to do this?
View ArticleCount does not shown as 0 when the username is not found in the sourcetype
Hi, I want to shown the Total as 0 if username in lookup table has not event log . Using the fillnull value , it does not shown the results. index=main sourcetype=oracle_ ACTION_NAME=LOGON [inputlookup...
View ArticleSplunk DB Connect is returning only the first 5 records from an Oracle XE...
Splunk DB Connect is returning only the first 5 records from an Oracle XE database
View ArticleUberAgent: getting strange application name
Hello splunkers! I recently discovered a problem with guys monitoring citrix activities on how published app names are written. The problem concerns application names which can have different format,...
View ArticlePopulating drop down with values generated from a search
Hi Guys, I've searched this question on splunk, however, the examples shown are a bit too complex for me to grasp, hence I'm asking here. I have a search which returns lots of dates. Now what I want is...
View ArticleTimechart not working for 30days and more
My timechart is working perfectly for last 10 days but it is not working for time range above 15 days.Any idea to resolve this? please find the screenshot of the query. ![alt text][1] [1]:...
View ArticleSplunk Universal Forwarder on Windows 8 r1 x86
I am trying to install the 6.6.2 version of the universal forwarder and I am getting an error indicating that the minimum requirements have not been met to install. What are the minimum requirements (...
View ArticleDB Connect basic tasks/procedures
Hi, new to DB Connect app, new to DB's as well.. on my distributed Dev environment, DB Connect 3.1.1 has been installed, around 5 DB Connections are configured and health is good. Docs are there only...
View Article