Splunk shows certain fields as empty in my table, although the data is...
Hi everyone, I'm currently working on a table in a dashboard which shows the location of psychical and virtual servers. The psychical servers have their own index, and so do the virtual servers. These...
View ArticleSplunk Assigning Random _time to part of my indexed data
Hello, I have a csv that is loaded weekly and in the beginning of September, ~20,000 records out of my 90,000 records dropped each week were randomly being assigned the time stamp 3/23/15 11:02:55:300...
View ArticleWinHostMon://service not retrieving the status of some services
We are using WinHostMon://service stanza in input.conf to monitor the service status on windows hosts. But it doesn't seems to be retrieving the status of some services.. Eg: Splunk , Snare... Below is...
View ArticleSplunk Integration with WorkDay
We are exploring integrating WorkDay (https://www.workday.com/) logs with Splunk Enterprise. Are there any documentation or pointers available to look for different integration patterns that can be...
View ArticleIs there a way to use VLOOKUP function in Splunk?
Hello, Among all the jobs that are running on mainframe I need to bring back the ones that correspond specifically to Control-M. For that matter there's .csv file that contains APPL column with 3-4...
View ArticleSplunk Enterprise trial - Http Event Collector not working
I've installed the **splunk enterprise trial**. i've **enabled the HEC** feature as described here http://dev.splunk.com/view/event-collector/SP-CAAAE7F which enable to send machine data from my app...
View ArticleField alias whose sourcetype is the same name as another index returns...
Hi, I'm using Splunk 6.6.3 with the Enterprise Security app, with access only to the web interface. I have two indexes, each with the same sourcetype: index=index1 sourcetype=WindowsEventLogs...
View ArticleObtaining cluster centres details from K-Means algorithm
I am using K-Means algorithm from Machine Learning toolkit to cluster some data. After algorithm has converged i can see two new fields appended to the original data - cluster ID and cluster distance....
View Articlehow to display a list of hosts which satisfies a condition?
I have a query as follows | metadata type=hosts | search [| inputlookup ABCD.csv | eval Device=mvindex(split(Device,"."),0) | search NOT "Device Type"="alys*" | rename "Device" as my_hostname | eval...
View ArticleAutomatic Lookup of KVSTORE not working
I am using Splunk Enterprise 6.4.7. I have created a kvstore by defining the collection in collections.conf `[definitions]` and providing the config is transforms.conf ` [definitions_lu]...
View ArticleHow can I extract the nested JSON at index time
Hello I have some logs that have nested JSON. If I add INDEXED_EXTRACTIONS = JSON the non-JSON data does not appear but the JSON is expandable and extracted. Heres a sample of the log 2017-10-31...
View Articleis it possible to do a dynamic cidr-based match via lookup on an inline search?
Hi. Is it possible to use match_type=cidr(ipfield) in an ad hoc lookup from the search bar, as opposed to the automatic lookup you'd do with the configuration in transforms.conf? Based on this old...
View ArticleFinding Unique Pairs of Data in Interchangeable Fields
Hi folks, I'm parsing Cisco Callmanager call detail records in our splunk system and I'd like to see which pairs of telephone numbers have the most calls between them, but here's the tricky bit: I...
View ArticleLimit on size of event/data passed to 'collect' command?
We have a number of scheduled searches that run every few minutes to search for events recently indexed that match certain criteria (e.g. events submitted by security devices). These events are...
View Articlehow to display the color meaning on top of the dashboard panel instead of right?
I have a dashboard panel as below ![alt text][1] As you can see on the color representatio(MSSP ..)n since the words are large they aren't visible on the dashboard. Instead I want to display those 3 on...
View ArticleMultiselect Tstat Tokens
Hi I am trying to applay a Multiselect into a token. For example i can change the value of MXTIMING.NPID to the PID 123 and it works - so that is one value. What i want to do is active a Multiselect on...
View ArticleColor in tables, is this a bug?
I have started to use **color** in my table and found some annoying behavior. In a dashboard, click edit, and at top of the column, select the the pencil to edit color. Here you have two option,...
View Articleindex time field extraction for XML data?
We have a use case where index time extractions for XML data makes a lot of sense yet I do not see an easy way go make it happen. I see that common fomats like csv and json as well supported but...
View ArticleCan't drill down specific column in TimeLine chart.
Hi, In TimeLine App Not be able to drill down with `$row.ColumnName$` except 1st and 2nd column. | table _time ScriptName FullCommand Duration...
View ArticleI loaded Oracle add-ons to monitor Oracle logs and internals of the database,...
I have tried the fixes I found information online. Firewall 9998 is open on inbound and outbound. I'm trying to load ojdbc7.jar into the drivers but the product just sits and spins on something. I...
View Article