When we mouse over a search term and we click to add that in search string....
When we mouse over a search term and we click to add that in search string. OR or AND boolean operator is applied? I think and is applied. Can someone correct me?
View ArticleHow to use both "fieldForLabel" and "fieldForValue" and passing them as tokens?
I would like to have two tokens set when one or more value is chosen. But both the label and the value is useful for me. Below is example of code that is passing nothing to the $tok_customer$ token...
View ArticleIndexer is going down when running large number of queries,
Hi, I have one indexer and 3 search heads in cluster mode. And I have developed too many dashboards with graphic representation. Now when ever i open 2 or more dashboards from my search head, which...
View ArticleFilter field from sertain events through a regex transform
Hello i need filter fiel only on certain events, but this field uses in other message. Samle events: 1508735029.189 d = a enm_val = 25440 event = vil gnr = w gnr_l = 91 serv = en_1 sn = o u_cl = 19...
View ArticleUniversal Forwarder Disk Usage
HI Fellow Splunkers, Need some help out here. What would be the minimum Disk Space required when installing a Universal Forwarder? or is there an ideal disk space for a universal forwarder? Just wanted...
View ArticleSophos Get data from UDP/514
I don't correctly understand how me accept the syslog. I already read this: - https://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Data/Monitornetworkports -...
View ArticleHow to shift image inside a image in splunk on the basis of thresholds ?
I want to shift image according to the changing volume of payment. For instance we want to change a pointer inside a row of blocks which moves to another block according to some thresholds.
View ArticleUF removed for windows 2008 with SPLUNK 7.0
we are in the process of rolling SPLUNK to production very soon and we going with SPLUNK Enterprise 6.6.3 as we stood up some of the infrastructure before 7.0 release. Looking at the deprecated...
View Articlereload deploy-server causing splunk restart
Hi, We have a distributed Splunk system installed and use deployment server to manage configurations. We have a python script which updates a few lookup CSV files and binary database files...
View ArticleHTTP 401 -- Remote login disabled because you are using a free license which...
I have a working task to create Java-integration with Splunk system that is used by one of our clients. So I installed Splunk trial version on my virtual machine and trying to connect to it with Java...
View ArticlePersistent queues for Windows event logs
Where does Splunk store the persistent queues for Windows logs. I am able to find the TCP and UDP queued logs but cannot find the Windows logs.
View ArticleRestore procedure for warm buckets
Hello. The documentation is a bit unclear on how to restore warm buckets that has been backed up. The procedure is the same as for frozen buckets? They are copied into the thawed directory, and then...
View ArticleGetting Proper Averages from Summary Index
First, as an example, I wanted to share that I thought the Question, and responses in this SA post was excellent and I stole the formatting Idea from the OP, and hope it will help:...
View ArticleAuthenticate to REST API through LDAP or SAML?
Hi, Is there a way to authenticate to the API through LDAP or SAML? right now, the only way I can authenticate is by using a local static account that I have configured to have API access. However, our...
View ArticleErrors in Changing Ownership in Local.Meta
A user was removed before changing ownership of their objects and I was getting LDAP authentication errors because of it. So I went into local.meta and changed all objects they owned which were (lookup...
View Articlesplitting and inverting
How do I go from: ”metrics=[a=1,b=2,c=3]” ”metrics=[a=2,b=5,c=6]” ”metrics=[a=1,c=3,c=4]” To: “a,b,c” “1,2,3” “2,5,6” “1,3,4” - There are a lot more key, value pairs in here, so I don't want to rex...
View ArticleHow to get sendemail.py to work
We want to include an image in the body of the email before it is sent out. However, "action.email.message.report" only allows texts in the box, so we modified sendemail.py script. The original file is...
View Articlechange path of eStreamer App logs
Hi at all, I installed Cisco eStreamer App and it runs good. I have only a problem: perl script put its logs in $SPLUNK_HOME/etc/apps/estreamer/logs and it's saturing my filesystem: is it possible to...
View ArticleWhen clicking on table header want to sort by case insensative
We have table with list of users. Some user names are all lower case, some all upper case, some mixed case. We can do the initial sort fine using at macro: [CaseInsensitiveSort(1)] args = fieldname...
View ArticleHow Sort time inside list(time)?
So, I regex time from my splunk logs in form of (HH:MM:SS), and I am trying to build the report like **index: _something_ | regex Time | regex Date | regex User | stats list( (regex)Time) by...
View Article