Why is my search head cluster captain logging KV Store replication errors?
The log is repeating at sub-second intervals: `2017-10-27T20:44:53.389Z I REPL [ReplicationExecutor] Error in heartbeat request to shccaptain:8191; InvalidReplicaSetConfig Our replica set configuration...
View ArticleSource IP not plotting on Cluster Map
I'm trying to plot source IP Addresses (src_ip) from web events on a cluster map but it does not seem to work. It only works for me when I use the destination IP Address (dest_ip) `index=barracuda...
View ArticleMy CentOS 7 server in not listening to port 8000
Hello! I have a problem with splunkweb daemon: root@srv # ./splunk status splunkd is running (PID: 32010) splunk helpers are running (PIDs: 32016 32073) root@srv # ./splunk start splunkweb splunkd is...
View ArticleHow to use append and join in same search
Hi , I need to use both append and join in same commmand .Please help me to change the below sql to splunk search SELECT sum(q.total) FROM [SE_COMP].[Q] q -- need in first row SELECT sum(q.total) FROM...
View ArticleExtracting fields are not working with Infoblox Add-on.
Hello there, after installing the Infoblox Add-on, all the fields look like this: Interesting Fields field1 3 field10 100+ field11 100+ field12 100+ field13 100+ field14 38 field15 100+ field2 1 field3...
View ArticleUsing a Python script to call an API
Hi, I am trying to use the Sophos Central API. It uses a Python script to download the data into a file. I have successfully run this on my Mac, but I am not sure where to start in Splunk. I thought I...
View ArticleHow to rank dynamic scores with ties in Splunk?
I have dynamic number of scores that I wanted to be ranked. For example I have 5 scores - 100, 100, 99, 98, 98. The top rank should be 5 all the way down to 1 but in case of ties, the total rank (of...
View ArticleDb Connection
Hi, In Setting up db connection I have below question : I was trying to connect from splunk Db connect App to SQL server 2016. I have installed both on same system with windows OS. I have downloaded...
View Articlemultiselect table rows
Hi, I am currently trying to multi-select table rows. So basically I want to select multiple rows and on selction ,selected rows fields values get store(like in SQL using select query) and below table...
View ArticleHow to put webpage (index.html, sankey.js and data.csv) into Splunk dashboard
Hi Splunk Community, I chanced upon a excellent link (*http://plnkr.co/edit/4xPx05PxnWxoQBhIj2lo?p=preview*) that is very near to what I want to have in my Splunk dashboard ie. a Sankey diagram that...
View ArticleDoes Maxmind database update require splunk restart
Hi, We are using a commercial version of Maxmind databases and have been using them for city, ISP and Connection type lookups. We do weekly updates of the mmdb database files. We download the databases...
View ArticleHow can I find network traffic at consecutive time intervals?
I am trying to write some beaconing reports/dashboards. I have a few of them figured out, but now I am stuck trying to get a decent continuous beacon query. What I would like to do is rate connections...
View ArticleIssue with passing date value as an argument to the "earliest" field
Hi, So I've created a drop down for start date and end date which is receiving dates from the "_time" variable from a query I'm running. Now, the _time variable holds date in the following format for...
View ArticleHow to Improve Automatic Source Type Extraction
I'm building a Splunk App and I'd like my users to be able to point the import a single folder and have it accurately import each type of IRC log. However, Even with a well defined source type of:...
View ArticleError with timechart command
Hi, I'm having a bit of trouble with this query of mine. source="xxx" host="xxx" index="xxx" sourcetype="xxx" earliest=-1d@d latest=-0d@d | eval ReportKey="Yesterday"|timechart span= 1m avg("CPU") by...
View ArticleDoes splunk have an option to only index part of the json file?
My json file is very long but most of the information in there is redundant. I just want to get all the segments that start with the line callIdentifier and end with the line endTime. The number of...
View ArticleHow to configure HF to send data to specific Qradar server
Hi Team, I have Heavy forwarder which is sending data to 5 indexers. Also I have multiple Qradar servers but I want HF to send the same data to only one Qradar server. Currently data is getting sent to...
View ArticleWhy do my date data not sorting in ascending order?
Hi All, My dashboard is working fine and as expected for a month now. My dashboard is about incident management for customer update to be exact. My issue is that one of my column(need_to_update) is not...
View ArticleHow to join 2 rows to make it a 1 row
Hi, how can i make multiple rows into a single rows? for example, Name Skill1 Skill2 Skill3 Shine Oracle Shine Java Shine C# and result should be like this, Name Skill1 Skill2 Skill3 Shine Oracle Java...
View ArticleHow can we add more than 50 indexes to one role in Splunk?
How can we add more than 50 indexes to one role in Splunk? I have a role for which the users in this role should be able to search 87 indexes. I have added the names of all 87 indexes in the following...
View Article