how can i add my index to the search app to search by default?
hi, I have searched high and low for the instructions but cant seem to find the settings for enabling the search head to search through other indexes by default too so i dont have to add the...
View ArticleWhy scheduled PDF delivery for dashboard is not working for second iteration...
We have a situation like we are not getting any Scheduled PDF delivery emails for dashboard when we schedule for weekly, but working for daily schedules. When we schedule weekly using cron schedule, it...
View ArticleHow can I remove a string from a source name?
below is my search source=*abc-server* I want to trim "-server" and I tried this | eval source=trim("*abc-server*", "-server") did not work any idea how to do this?
View ArticleUniversal Forwarderで時間指定のログ転送
日本語ですみません。 業務要件として、1日1回決められた時間(リアルタイムではなく)にUniversal Forwarderでログ転送する必要があります。 Universal Forwarderの機能で、決められた時間にログ転送する事は可能でしょうか? 現在は、決められた時間直前にUniversal Forwarderを起動し、 ログの転送が終わる時間を見込んでUniversal...
View ArticleSplunk Add-on for Amazon Web Services: Can't pull from multiple Kinesis...
Hi, I've got this working but it looks like a bug and this is mostly an FYI. Pulling from one Kinesis stream is okay, pulling from multiple streams of the same name (but different regions) and only one...
View ArticleWhy is a standalone search head going down often?
Hi , In our Splunk environment, standalone search head is going down often. Could anyone , what would be the reason on this? When i check SH internal logs,at time just before down time . I could see...
View ArticleHow to get a list of all hosts installed with Universal Forwarder
I have a bunch of agents(hosts) in Appdynamics, I wanted to figure out that the Universal Forwarder is installed or not in all those hosts to collect logs to Splunk. **Is there any way that I can get...
View ArticleAbout authentication using Free radius
Hi, I'd like to authenticate Splunk users by Free radius. Is this possible? Do you know something like that, APP or a site explaining it? Please give me the power.
View ArticleJson Event Breaking Issues
Hi Folks, Splunk Ent V6.5.2 I have a curly one here. I have a Json file ( sample below). When the file is ingested events don't always get separated. The props is on a HF. Thanks in advance. I have the...
View ArticleHow do you add CSS to a dashboard?
i have doubts like how to add a css file in splunk dashboard (internal external..) please help me with that
View Article" or "">why is Rangemap giving different results based on the label containing ">" or "
Hi all, I have a search with a rangemap that groups based on seconds. The smallest and first grouping is for a range of less then 30 sec. The label is "<30" with the values being from 0 - 30. This...
View ArticleWith a dedicated assigned credential is there a way to create splunk queries...
The idea here is. I am creating a Web Console which manages certain video content based management. All the logs are in Splunks. There is a Dashboard Menu item in my Web Page which holds a sub menu...
View ArticleHow to Combine search query with a lookup file with one common field
Hi, i want to combine the results from my search query with a lookup table that i have uploaded. They both have 1 column in common **Search Query**: index=tomcat source ="/files0/nlhyp*" \[Job\]...
View ArticleSplunk to Servicenow integration via Email
Hello We are trying to integrate Splunk (with Enterprise Security) with ServiceNow and we cannot use direct integration due to below points: 1. ServiceNow is using Jakarta version which we do not see...
View ArticleIf 3 consecutive files are found > 1KB in size, send an email alert
How can I get results only when 3 consecutive files exceeds 1 KB limit? I tried this with below Query however not getting expected results - index=idx1 sourcetype=src1 | eval raw_len=(len(_raw)/1024) |...
View Articlestats by date_hour and by another field add zero count for hours with no events
Hello, I'm working on a search to report the count of data by hour over any specified time period. At the moment i've got this on the tail of my search: ... | stats dc(my_field) by other_field, _time I...
View ArticleForwarding specific data?
Hi Guys, My question is, is it possible to only forward specific data to my Splunk environment? So my situation is: I have a distributed production environment and 2 separate development servers with...
View ArticleSPLUNK searches take long to complete.
Hello Splunkers The actual time in job inspector seems to not be very long But usually there is long latency and job inspector logs are stuck at this point.. INFO DispatchThread - Generating results...
View ArticleI disabled an index, but still receiving data. Why ?
I no longer wanted any data with index=windows, so I disabled it. However, I am still receiving data targeted at it. How can I avoid this ? I know, I can set the receiving logs to nullqueue, but I...
View Articleinputs.conf and Windows path
I know this should be simple, but for whatever reason, it's not working Have a production Windows 2012 server where we are collecting application logs from a log file. The path is C:\Program...
View Article