index'd Time extractions
Hey guys, So I am looking at index'd time extraction as a possibly helping with my search time field extraction troubles. Any idea how I might measure this? Background: We process about ~1billion...
View ArticleCombining two results into one CSV file from Dashboard
Hi I am trying to figure out this. In dashboard, i have two different panels with different searches. How can I combine those two results by clicking the "export" button on the bottom left to output as...
View ArticleSplunk_TA_nix on EC2 Instances
While playing with EC2 instances, I have the `Splunk_TA_nix` app deployed. The `cpu.sh` returns nothing because `sar` and `mpstat` are not found on the EC2 host. I understand that Linux has other ways...
View ArticleSaved Search Issue--Very Slow Dispatch and Get Results
Hi, I have a saved search set up in Splunk. Using the REST API, when I dispatch that saved search and then get the results back, it takes ~40-60 seconds for this particular saved search (I have a few...
View ArticleSplunk upgrade deployment server
During Splunk upgrade (5.0.5 to 6.2.5) of our indexers, search head, deployment server we have noticed that all the deployment apps get refreshed in all the deployment clients and a lot of the...
View ArticleAdding a Clustered Index as a Search Peer of another SHCluster
So this is a bit of a convoluted situation so I will try to explain as best as possible. There are 2 Splunk environments (site1 site2) internally, both have their own set of search heads, indexers etc....
View ArticleCan’t get a JavaScript click event to persist using the "Table where rows...
***WARNING SplunkJS focused question*** The Splunk 6.x Dashboard Examples (Table where rows expand to show more information) shows a table which drills down and expands a chart per row that was...
View ArticleHow to add _meta Tags to modular inputs, i.e. Netapp Ontap App
Hello, we would like to add _meta Tags to data collected by the Hydra Scheduler or other modular inputs. For a standard inputs I can use the _meta = key::value format to add additional data, but I...
View ArticleFind search by the search id
I'd like to find the search query by search id. When searching the audit.log I can find the search id, but unable to locate the actual search. How can I access/view this?
View ArticleCustom error page with Splunk at the top of Nginx
Hello, I am using Splunk with Nginx as a proxy. I am connecting to Splunk using SSL. I would like to set up custom error pages depending on the connection: no certificate sent, untrusted certificate......
View ArticleUsing Geostats to display count on Map
Hi, I've tried looking at various Geostats solutions but I'm struggling to get any results out. I have a search which out puts a table like below where the Lat and Long is calculated based on a...
View Articleuas_parser.updateData() error
I've installed add-on TA-uas-parser. While running cache script noticing exception *Traceback (most recent call last): File "update_cache.py", line 4, in ? results = uas_parser.updateData() File...
View ArticleWhen will data model acceleration summary replication be available for non...
I see that the data model acceleration summary replication feature is available for Splunk Cloud subscribers in Splunk Enterprise 6.3.1511 When will the feature be available for non Splunk Cloud...
View ArticleHow do I remove a search head from an Indexer Cluster?
I have been building an indexer cluster. As part of my testing, I created several search heads and added them to the cluster. Then I killed some of the search heads. The search heads still appear on...
View Articleshow only infected with vulnerability on 1 machine
hi, I am a newbie in splunk I have this one use case I am trying. search for a machine that have malware infection AND it has a vulnerability. anyone can give me pointers the best search to do it?...
View ArticleCalling Java Script from Dashboard
I am trying to call Java Script by pressing a button on Dashboard but it doesn't seem to work. Could anyone teach me how to do this? As a first step, i want to pop up an alert saying "YAHOO" by...
View ArticleHide SCRIPTS and SAVEDSEARCHES when package an App
I have built an APP which has the ***SavedSearches*** and Python ***Scripts***. When i package this app i do not want the end user who would be installing my Splunk App to view/have access to the saved...
View ArticleChange reference date
When we use "-3d@". Data is captured from now until 3 days ago. How to set a different date? Not "now". For example, yesterday. So, the system must seek yesterday to 3 days ago. (-3d@). thanks!
View ArticleCan one Master Node control Index Clusters at multiple sites?
For instance: Site A is main site and has the Master Node, along with a Search Head Cluster and Index Cluster. I want Site A's MN to control index clusters at Site B, Site C and Site D. Sites' Index...
View ArticleManaging multiple disparate index cluster with a single Master Node. Is it...
For instance: Site A is the main site with Master Node, Search Head Cluster, Index Cluster (all the goodies). Site B, C, D all have index cluster that I want to manage and search from Site A. There is...
View Article