drilldown on a single value
Hi, I have a single value in my dashboard, i want users to be able to drilldown on this value. When they do a new search has to be executed. We run version 6.5.2 so we dont yet have the...
View Articledrilldown on a single value
Hi, I have a single value in my dashboard, i want users to be able to drilldown on this value. When they do a new search has to be executed. We run version 6.5.2 so we dont yet have the...
View ArticleMatch 2 stanzas in props.conf
I have a requirement to send certain windows events to BOTH the indexers AND a remote syslog using TCP. - The indexers should receive the events in standard Windows multiline format - The remote syslog...
View ArticleHide App Dropdown list menu just for one user
Hi Splunkers! I'm trying to hide the app dropdown list from a dashboard, but just for one single user. I want to achieve this without having to use a script, and right now I could by creating a .css...
View ArticleProblem with icons appended with Javascript
Hello everyone. We have a table where we are inserting an icon in a cell, by javascript, depending on the value that cell. We have paginated the table, and on the first page, the first time the icons...
View ArticleVMware ESX/ESXi Log Files x2
Ye, I already saw this this: article: http://wiki.splunk.com/Community:VMwareESXSyslog But I have one question. We have https://splunkbase.splunk.com/app/3215/#/overview witch have Splunk_TA_esxilogs I...
View ArticleThere was an error processing the upload
So, I can't upload addon. I redownload and nothing change. Wat should I do to fix it? :C
View ArticleWhat Should I Expect After Implementing A Retirement Policy?
Hello, I'm looking for advice\info on how retirement polices work in practice. Based on this [document][1], I set a retirement policy for 1 index to start with to remove data older than 2 years. I set...
View ArticleCounting the number of responses and displaying in a pie chart.
Hi, I'd like to count the number of responses by the following status codes: 2xx, 4xx and 5xx. I'm basically counting the number of 2xx, 4xx and 5xx statuses for each API that is read line by line from...
View ArticleSplunk generates incorrect timestamps when Splunk_TA_nix doesn't send one
Hi, I've noticed that none of the scripts in Splunk_TA_nix actually include a timestamp in their output. Mostly, this doesn't cause issues, but in a few cases, the timestamp that Splunk guesses is...
View ArticleRestrict access to part of the data of an index but allow access to other...
I have a role assigned to an AD group that limits their access to specific events in a windows event log index. The restriction on the role reads "EventCode=4740 OR EventCode=4625 OR " etc... This same...
View ArticleHow can I count the number of status codes and group them in a single category?
Hi, I'd like to count the number of HTTP 2xx and 4xx status codes in responses, group them into a single category and then display on a chart. The count itself works fine, and I'm able to see the...
View ArticleSplunk Enterprise Security: Is there a developer version?
Hi I am trying to create add-ons for splunk enterprise security. is there a developer version of the app , with sample data, that i can install on my local splunk enterprise (like the cloud sandbox...
View ArticlePalo Alto Networks App for Splunk: All Activity dashboards have no data
inputs.conf is configured/time is sync'd. Realtime feed shows traffic, logs are indexed. There is no Overview dashboard. Data model audit shows pan_firewall acceleration is enabled and build is 100%....
View ArticleBar chart with single bar does not display
We have horizontal bar charts on our dashboards and when SPL is filtered down to single bar the bar is not displayed. Is this a know Splunk bug. We are using 7.0![alt text][1] [1]:...
View ArticleHow do you raise an alert on the condition that a search has been modified...
Hi, I have written a search query which generates alert every 1hr and gets the information of some jobs depending on their time of last execution. Now the issue I am facing is that when my 1st alert is...
View ArticleRegular expression and aggregate the result
Assume the following records: Nov 17 19:24:51 x.x.x.x Nov 17 19:24:51 myserver (appx): 1510943091.801 520 192.168.0.5 CONNECT something else Nov 17 19:24:51 x.x.x.x Nov 17 19:24:51 myserver (appx):...
View Articlecompare numerous fields
I am having a hard time coming up with a way to compare numerous fields to a template. and tell if it matches or what field doesn't match. To give some detail this is what I have: _ | UserName = joe |...
View ArticleDistributed Splunk environment: events being duplicated
FireEye EX and NX appliances are configured to send events (CEF, TCP syslog) to a Heavy Forwarder, then on to a pair of clustered Indexers. I installed FE TA Add-on onto the HF, and FE TA Add-on onto...
View ArticleCreating Dummy data?
Is there a create dummy data in a splunk vm environment to test creations of dashboards, reports and alerts?
View Article