How to skip Splunk license agreement page on Containerise the splunk?
I have created a Dockerfile when the container build during that time I need to create multiple login users on backside of Splunk. I am getting splunk agreement issue able unable to skip/accept...
View Articlecan I join report results
Say I have two scheduled reports with results like: report1 - source destination score1 report2 - source destination score2 how can I join the results of these two scheduled reports so that I can see...
View ArticleHow can I create a ranking based on a count per week by a field
I am looking to do the following: 1) Create a table based on a count of blocks by week number and zone I have the following search for that: index="foo" sourcetype=foo | ip_cidr.csv cidr_range as src |...
View Articlehardware requirement for Splunk forwarder for a test environment
What are the hardware requirement for Splunk forwarder for a test environment. I already have a VM with splunk installed and I am planning for another VM for Splunk forwarder....Just want to know the...
View ArticleField Extraction With Backslash
I am attempting to extract a user field from a log file using the following regex: (?=[^v]*(?:virtual address: |v.*virtual address: ))user:\s+DOMAIN\\(?P[^,]+) Here is a sample event: "Dec 7 07:44:31...
View Articlehide panel after search is executed
Hi, I've managed to add a 'Input' (T Text) in y dashboard. I also added a 'submit' button. When I search for something a panel dynamically appears on my dashboard with (or without) search results. I...
View Articlehide panel after search is executed
Hi, I've managed to add a 'Input' (T Text) in y dashboard. I also added a 'submit' button. When I search for something a panel dynamically appears on my dashboard with (or without) search results. I...
View ArticleSAML, authentication.conf, "Invalid key in stanza [saml] ....... issuerId
I am working on SAML2 auth with some of our management servers. Our IDP is PingIdentify. Everything works fine except: Our SAML configuration is populated via a PingIdentity provided "metadata.xml"...
View ArticleTimeline Graphs Max hit on the row visualization
Hi Is there a way yo get the timeline to graphs over the default amount of points. From the image below we can see the row 3 to 10 have a lot of data-points, i think i must have hit the Max, as it...
View ArticleHow can I make the UF downloadable from the search head ?
I support hundreds of users and UF installations, only a few of which have converted to using our deployment server. I'd like to make it easier for all of them (deployment clients and non) to...
View ArticleR analytic ouput
I tried to check R analytic functionality by running code provided by application owner in one of Q&A and output result is still 0 Is it possible I have this result due to backend R connectivity...
View Articlehow to monitor all 8089 connections using rest
In my environments we have more than 15 Search Head in cluster with multi site. here I want to find the status of search head from a common place where I can find all the status details of my Search...
View ArticleSetting up visual for Disk Space or Free Disk Space/Radial Gauge for Disk Space
Hi, This task was harder than i think or i do not know what i am doing(most likely).Basically i want to put up a nice dashboard(radial gauge) where it shows the disk space over time,or real-time.so if...
View ArticleSetting up Alert if jboss service went down
I have 3 servers App-1, App-2 and App-3. The three application are running on Jboss. I need a query that Alerts me, if on any servers Jboss Service goes down. Any help with this will be appreciated....
View ArticleBest Way to handle Field Names Changing
Hello, I have 2 dashboards built off of a data source with specific fields, but my data source is changing so the fields will be named differently with the same values in them. What is the best/most...
View ArticleSearch for fields that match a value versus fields that contain a value
I'm going to go mad trying to get splunk to return only field values that are a given value and don't start or contain the value I give. Here's my example: index=myindex host=a_server | where...
View ArticleHow can I create a supression/whitelist for traffic between two IP addresses?
I want to create a suppression / whitelist for traffic between these IPs: 192.168.10.12/13/64/65 ---> 192.168.17.20/21 • Source Port: o 25000 o 143 o 25002 • Destination Port: o 443 o 25000 o 143 o...
View Articlehow to get all the available sourcetypes from a list of hosts on a lookup?
I have a list of hosts on a lookup around 40 hosts. For the list of hosts I want to check the list of sourcetypes like below search 1 :- host="host1" | stats count by sourcetype search 2 :-...
View ArticleMerge 2 queries based on month
One query give me data as Month Closed-Issues Jan 100 Feb 110 Mar 105 Second Query Give me data as Month New-Issues Jan 200 Feb 150 Mar 50 I need to join these two queries to get the result as Month...
View Articleneed a credentials file instead of --auth user:passwd
I want to script this for backups:splunk _internal call /data/indexes/main/roll-hot-buckets --auth 'username:password' Is there a way to call an external credentials file from the splunk command so the...
View Article