How can I count different types of Splunk searches
Hello, I am reading the following resource from Splunk documentation and I find that there are 8 types of searches in Splunk. I am listing them below....
View Articleafter ITSI migration to 3.0, the services are empty, ERROR: Parameter "name"...
I did an upgrade of my ITSI to 3.0, and in the process I saw some errors in the itsi_migration.log ` 2017-10-23 09:53:36,941 INFO [itsi.migration] [base_migration_interface] [_get_object_file_list]...
View ArticleSplunk Web GUI Slow (search performance is fine, however)
The GUI is sooooo slow. If you run a search results are pulled in fast, the page is already loaded. The problem is when navigating around the GUI loading new pages, dashboards or even configuration...
View ArticleRegex to pull a filename out of a process field path
I want a regular expression to pull a file name out of a path that is the process field. The path could be any directory, and the filename could be named anything. Sample logs. Oct 25 14:47:20...
View ArticleRestructuring Splunk data index best practices?
I inherited a rather messy Splunk deployment and within the next 2-6 months will be starting a project to reorganize our deployment to be more understandable for the next poor soul to inherit it. Right...
View ArticleExtract a number before a string
Completely New to regex, I have a log as below and wanted to extract the percentage i.e. "28" and then check it with threshold limit. 10A 4.5A 4.2A 28% /text/path
View ArticleAre the DesktopForwarder and Forwarder apps defaults?
I inherited a Splunk Enterprise deployment with a deployment management server used to make changes to all forwarders in the environment. In our environment we have an Index called "test" that is...
View ArticleExport PDF does not work
The Export PDF link does not work from any of my dashboards. Clicking on Export PDF does nothing. Running Splunk Enterprise 7.0. ![alt text][1] [1]: /storage/temp/218606-screenshot-20171024-02.png
View Articletimechart avg(bytes) by... not working with predict
I tried various combinations but failed 1. index="flowintegrator" src_port=21 |eval thisUser=src_ip + "="+ dest_ip | timechart avg(bytes) as volume by thisUser|predict thisUser 2....
View ArticleAfter ITSI migration to 3.0, the services are empty, ERROR: Parameter "name"...
I did an upgrade of my ITSI to 3.0, and in the process I saw some errors in the itsi_migration.log ` 2017-10-23 09:53:36,941 INFO [itsi.migration] [base_migration_interface] [_get_object_file_list]...
View ArticleIs this inputs.conf changing our default index from "Main" to "test" for all...
I inherited a Splunk Enterprise deployment with a deployment management server used to make changes to all forwarders in the environment. In our environment we have an Index called "test" that is...
View ArticleExport PDF option does not work
The Export PDF link does not work from any of my dashboards. Clicking on Export PDF does nothing. Running Splunk Enterprise 7.0. ![alt text][1] [1]: /storage/temp/218606-screenshot-20171024-02.png
View ArticleR Analytics app: visualization error for neural network
R app does not show the visualization for the neural network...Below is the code used # Feature Scaling/Normalization training_set[-col_val] = scale(training_set[-col_val]) test_set[-col_val] =...
View ArticleSearch query using spath and mvexpand on multi-value nested JSON doesn't scale
Hi Splunk Experts, I am sending events to Splunk Enterprise in the following nested JSON format: { compliance: Compliance Unknown, ctupdate: hostinfo, host_properties: [ { name: _times, since:...
View ArticleJenkins App for Splunk - Can't see event_tag=job_event data after installation
I have HTTP event collector at Heavy Forwarder which is forwarding DATA to 6 indexers. I have installed Jenkins for Splunk App on the Search Head. I have 6.5.1 Splunk versions across the deployment and...
View Articlebins command returns too few bins
Hi I have a long list of measurements called standardised with values between 0.0 and 1.0 I was to display the distribution of the frequency these values in a histogram e.g. Range Count 0.0 - 0.1 10...
View ArticleIndex cluster data imbalance with high vol data sources
We are running in an index cluster with 53 indxers and are findind that our high volume sources cause data imbalance. We have this index cluster behind an AWS ELB. The high data sources seem "sticky"...
View ArticleSome files were not being indexed
Hi, I configured input.conf to monitor a directory. All the files in the directory were not ingested to Splunk. Some XML files are being missed. I don't see any errors in the _internal logs. Can you...
View ArticleCan Splunk app for Microsoft Exchange app be used for full-fledged Active...
Sorry if my questions sounds silly but this is my first Splunk deployment plus I am not even familiar working with AD and Exchange. I had to configure Splunk to collect Active Directory and Microsoft...
View ArticleAnother time/date/string query
Hi All, I am recently new to SPLUNK and trying to identify a way of doing some time differences. I have done an export for the enabled devices in AD and their last logon times. An example of a result...
View Article