Option to remember user initial selection in filters
Is there any way to remember user's initial selection in the filters(multiselect,dropdown) , so that the filter values are retained when they visit the splunk dashboard next time.
View ArticleSending Perfmon data to metrics index
I would like to collect my windows perfmon data into a metrics index. Is this feature planned for the near future? The reason: I've had very good experience with this feature. Great performance and...
View ArticleHow to create an alert on a calculated field
I am attempting to create an alert based on a field calculated from all of the events of the search, specifically when it is less than some value. However, the alert solutions I've found thus far look...
View ArticleEVAL causes a field to be blank
I need the field "Location" added to my search as seen in the screenshot attached. However, in this query below the Location field does not pull through and I have identified that it does work when the...
View ArticleeStreamer compatible with 7.0.1
Is the current version of the app compatible with Splunk v _7.0.1? if no, whats the alternative?
View ArticleSplunk ES notables to Service now incidents.
Hi guys, Wondering if anyone has noticed this issue I'm having. Some of our ES rules run every 15 minutes, and their trigger settings are to fire once with a throttle for 24 hours. This means notable...
View ArticleSPLUNK Text analysis
Hi I have logs indexed in my Splunk Instance. Those logs contains conversation between user and chat bot. I would like to know if there is any app that I can use for text analysis like the most used...
View Articleremove duplicate or similar event in a trasaction command from the search
Hello Everybody, I want to remove similar event which are in a transaction command. In my case, I want to merge the eventcode 4663 similar so that only 1 eventcode 4663 Be careful, there are event code...
View ArticleJSON event breaks not working - sometimes
I have a log file of properly formatted JSON events, but the event break is not working properly. Sometimes it separates the JSON into separate events, sometimes it does not. There doesn't seem to be...
View ArticleCorrelating HVAC data
I have a customer who is thinking about correlating HVAC data in Splunk. They are also interested in correlating weather data and access card readers to correlate employee traffic and weather with...
View ArticleCacti Mirage Add-On for Cluster
regards We are currently trying to install this app in a cluster environment, but the following error is appearing. [splunk-indexer-01-cnt] Streamed search execute failed because: Error in...
View ArticleInstallation cacti splunk cluster
regards Currently, you try to install the app in a cluster environment, 3 search head and 6 indexer, but at the time of deploy and bundle, from the search head the following message is displayed:...
View ArticleHow to get ADFS Location Login Lookup based on IP address with iplocation...
Why is this search not returning the iplocation of the ip addresses. It is not the most efficient search, but right now I am just trying to get it to work for iplocation lookup. This search would run...
View ArticleSplunk .bat script file not getting triggered
I'm having a simple alert (for POC, so checking with _internal data) and on alert action there is 'add to triggered alerts' and 'run a script'. I'm able to see the triggered alerts, but the .bat file...
View ArticleMultiple Renderers to Multiple Tables (Splunk JS)
Apologies if this has been asked elsewhere - I couldn't find an answer. I am attempting to apply a BaseRowExpansionRenderer and a BaseCellRenderer to multiple tables on a dashboard like so:...
View ArticleAfter upgrading Splunk to latest version(7.0.1), ES dashboard for "Notable" &...
Hi, We recently upgraded to latest Splunk version 7.0.1 but it seems that since that day, ES is not able to populate anything under "Notables" or "Incident Review" as if ES doesn't have access to...
View ArticleSearch auto-finalized after disk usage limit (100mb) reached - What does this...
Started getting Search auto-finalized after disk usage limit (100mb) reached - What does this mean?
View ArticleAND OR not working correctly
I am getting the below error when trying to form an AND & OR in my query. `Error in 'eval' command: The expression is malformed. Expected ).` My eval is below: | eval...
View ArticleHow to merge and make one result out of multiple results
HI, I have a result which displays common starting URI. but I have to combine it to one and have the result, how can I do it ? Result - /credit/company/23532525 . 10 /credit/company/34532523 . 30...
View ArticlePalo Alto Networks Empty Dashboards
I've read through the documentation, followed all the steps but still cannot get dashboards to populate in Splunk for the Palo Alto App. Versions - Splunk - 7.0.1 Palo Alto Networks - 6.0.1 Palo Alto...
View Article
