What *exactly* are the rules/requirements for using "|tstats append=t"?
I must join some exceedingly large DM datasets but I cannot get `|tstats prestats=t append=t` to work consistently in any way that I can understand. I have 3 basic problems: 1: My DMs are not...
View Articledashboardpanel versus report
Hi, I have a dashboard, this contains several panels. When do u use a panel and when do you choose for a report. There is a lot of information on the internet but I can't find an answer that really...
View ArticleCreating map dashboard with geostat
I need to create a dashboard that contains a world map on which we can display certain results. I would already be happy that I can display the amount of request coming from a certain location. There...
View ArticleSplunk Dashboard : Dropdown Input fields not working propoerly
I have a dashboard which comes with an App, build by Splunk. The app is getting some error in populating one of it's dropdown input field. Below is the xml of those input fields.Tenant" OR "| tstats...
View ArticleWindows Perfmon:Process index fine tuning
Perfmon:Process is about 347,662 events for 2 host last 10 mins which is taking huge space in index. Any suggestion to fine tune this?
View ArticleLicense Master license usage 30 days
Not able to get 30days license usage from License Master server. License Master sends its internal logs to Indexer as best practice but I have added Indexers as search peers even I am not able to get...
View ArticleLoad Balancer between Heavy Forwarder and Indexers
We have implemented 3rd party hardware load balancer between heavy forwarder (which is different network - Customer site) and Indexer (at our site) but it caused event delay. Thus we removed the load...
View ArticleSingle Value panel with multiple thresholds
I want to provide different threshold value for each single value in my dashboard panel. Currently via Format option I can select only one threshold for each single value. I do not want to have...
View ArticleMultitenant environment index creation
Is there any easy way to create each customer with their own index name? Example: Customer A: A_windows Customer B: B_windows This can be achieve manully,but some app Macros,data model etc has...
View Article[Search] Avg failed logins by user per day
sourcetype=linux_secure |rex "\w{3}\s\d{1,2}\s\d{2}:\d{2}:\d{2}\s\S+\s(?gdm-\w+)\S:\s"| search session=gdm-password | rex...
View ArticleUsing Splunk universal forwarder to forward log into Kiwi Syslog Server
Is there any ways for me to forward log into Kiwi Syslog Server by using Splunk universal forwarder?
View ArticleSPLUNK_DB not being set in splunk-launch.conf
Splunk version 6.6.3 We are running out of space for Hot/Warm data, so as a short term work around I am trying to get splunk to log HotWarm data under the colddb disk as we have lots of disk space...
View ArticleNo of Businessdays between two dates
Hi , The below give me the no of days between two dates but i want to calculate only no of business days between two dates. eval start=relative_time(now(),"@d") | eval...
View ArticleWhat is the difference between DEST_KEY= _TCP_ROUTING and DEST_KEY =...
Please give me a practical explanation of **DEST_KEY** usage in transforms.conf
View ArticleSplunk DB Connect APP cannot output data to Postgres DB
Hi, I am trying to insert data to a table. I could successfully setup the Outputs entry as well as selected the DB table. However, no data is being written. It seems getting this error messages at the...
View Articlewhere's the right place to suggest improvements?
I have two frequent needs which are unnecessarily difficult to do in Splunk: example 1: ... | appendpipe [ where type="A" | makecontinuous span=1m _time | where ISNULL(type) | eval type="A" ] |...
View ArticleUnable to Control SPLUNKD
I have been having space issue on one of my indexes running SPLUNK 6.5.1. The box appears to crash from time to time. Typically I have to restart SPLUNK, but today I am unable to control SPLUNKD. I get...
View ArticlePossible to make an export of an entire dashboard, for archival purposes?
Hi guys, I have a dashboard that is used for checking various status/info data from servers. The tables in the dashboard are spread out over a few different tabs and includes things like; servername,...
View ArticleMaths problem that i am hoping Splunk has a function for
Hi I have a Maths problem that i am hoping Splunk has a function for. It is in relation to calculation the % of time code is running out of a Total. **So Example one - The easy example** The Parent...
View ArticleTo find out the correct data model
Hi, Does any one have idea under which data model Microsoft ATA or elastica or Virtru logs will come like authentication,web.... If someone is working on it please give an idea about data models for...
View Article