Is it possible to only have "Date Range" as an option for the time range picker?
In the time range picker, we have several options: Presets, Relative, Real-Time, Date Range, Date & Time Range and Advanced. I want to have just the "Date Range". Is it possible?
View ArticleWhat is the correct syntax to get the 90 percentile for Response Time in a...
I want to plot the 90 percentile response time in Splunk. Is the below correct? | timechart p90(ResponseTime) or is the below correct eventstats avg(ResponseTime) as ttavg | eventstats p90(ttavg) as...
View ArticleHTTP Event Collector: Why am I getting error "Invalid authorization" with my...
Can someone tell me why this is failing with Invalid authorization? I think that the endpoint is as documented. WEBHOOK_URL = 'https://localhost:8088/services/collector/event' #headers =...
View ArticleTransaction or Stats - need multiple starts and ends without the hundreds of...
I am looking for a way to identify the start and end of a burst of events that has hundreds of thousands of events in each burst. I don't need the individual events themselves. This sounds like a...
View ArticleWhy do I get "Unable to remove disabled indexes.." when trying to delete an...
Hello, I was having a problem with an index created by an app, so I manually created one as a test. I went to delete the index with the `splunk remove index` command. It says *"Unable to remove...
View ArticleSplunk Deployment Server: What is the largest possible number of entries in...
I am working on automating enrollments for a deployment server. I am working with a CMDB that has 25K hosts with over 1k applications. Each host in the CMDB is mapped to an application. For now, assume...
View ArticleHow to embed an iframe for a report from another system in Splunk? Getting...
Hi, I want to embed a report from another system in Splunk. The app provides perm URL's that are quite lengthy and Splunk seems to have an issue with it. When I create a simple iframe, it works, but...
View ArticleDo spaces in logs count against your license?
Hey guys, Do spaces in logs count against licensing? for example url=https://www.google.com vs url = https://www.google.com thanks, -Daniel
View ArticleHow to create and trigger an alert if the CPU usage is constantly 100% for...
Hello, We have both Windows and Linux environments. We want to set up an alert to send an email if the CPU usage of a particular process is constantly 100% during past 10 minutes. Below is the search I...
View ArticleCan a header (within the message body) be added to emailed alerts?
I need to be able to put something in the first line of any emails that get sent out by the system that I'm deploying and I have not been able to find an _email.header_ equivalent of the _email.footer_...
View ArticleSyntax to update my scheduled search using REST?
I'm trying to update the max_concurrent instances on my scheduled search from the default of 1 to 2. But the REST command doesn't appear to be working. curl -k -u admin:changeme...
View ArticleHow are cookies populated for the REST API Modular Input?
When I manually create a rest api stazna in resta_ta/local/inputs.conf and added the cookies = stanza, I see that it is not populated. How is that entry populated and what am I doing wrong?
View ArticleAre there set guidelines for Splunk search best practices, and are there any...
I am not sure exactly how to ask this question, so I will try to just dive right in. Background: I work for a company that has a lot of environments for different customers. The hosts in these...
View ArticleHow do I edit my configurations on the universal forwarder to split Windows...
Hello, Our Windows servers have the universal forwarder installed and it is working just fine. However, we also have Windows Servers with SQL installed and we are trying to monitor the SQL Audit. We...
View Articleanyone successfully run clean-dispatch in 6.2.X search head cluster?
I see a lot of info out in answers related to running clean-dispatch on standalone search heads and even one persons comments on running in a 6.0 or 6.1 search head pool. I'm wondering if anyone has...
View ArticleIs there a way to have Splunk notify admins when a user has removed or...
Hello, Is there a way to have Splunk notify admins when a user has removed a windows application or installed an application that they are not supposed to? I know you can search Windows event ID's, but...
View ArticleHow to pass a multiselect parameter to a search?
I have a multiselect on session_id and created a search to generate session_id's for a particular user. I created a user text box and passed the `$user$` to the session_id multiselect where it...
View ArticleHow to edit my rex statement to ignore line breaks to extract the entire...
Hello, I have an event like this: 2016-03-04 00:02:05,546 DEBUG [net.ussouth.aps.shared.util.SysLogUtil]...
View ArticleWhy am I unable to view/delete a users dashboards/reports as an Admin?
Hello everyone, I was hoping that somebody might be able to assist me with understanding an issue I have run across with dashboards and reports. I have a user who created some reports and...
View ArticleHow to audit all privileged user (admin) actions within our domain?
Hello, I want to be able to audit all privileged users within our domain i.e. elevated privileges, install apps, remove files, etc. I noticed there was something called the Splunk App for PCI...
View Article