How to convert seconds to [h]:mm:ss?
Hi Guys! I have an error duration in seconds, how can I convert it to [h]:mm:ss? I used the below query but the if the total hours is 25hrs, it is showing as 1d + 1h. | stats sum(DURATION) AS...
View ArticleChanging time format
Currently I'm using a stats command to populate a few fields along with time. The command is as follows, stats values(session_id) as Session **values(_time) as Time** values(action) as Action_Performed...
View ArticleSplunk stops to index once added indexed extractions field
This is my monitor under the `inputs.conf` file: [monitor:///var/lib/docker/containers/.../*.log] disabled = false sourcetype = containers index = my_container it doesn't that fine because the logs are...
View Articleusing self sign cert for Splunk 6.6.3 Indexer (Windows) and Splunk Forwarder...
I followed these steps steps below: http://docs.splunk.com/Documentation/Splunk/6.6.3/Security/Howtoself-signcertificates...
View ArticleSplunk *nix app- Not getting the processes in a specific interval
The *nix app is retrieving the process (sshd, httpd etc) details running on the unix/linux servers. However, few processes are not running (on few servers) for quite long time and its not retrieving...
View ArticleThe "level" field is being automatically added by splunk, how to we ask...
The "level" field is being automatically added by splunk, how to we ask splunk to extract log level from my json message ? ![alt text][1] [1]: /storage/temp/226660-splunk-log.png
View ArticleI want to access the log of linux machine in a same network from my windows...
I want to access the log of Linux machine in a same network from my windows machine and I know that for that I have to install UF but I don't know how to configure input.conf and output.conf to receive...
View ArticleSplunk indexing issues for logs: WatchedFile - Checksum for seekptr didn't match
Hello Everyone, I have a questions regarding ingesting log files which doesn't have time stamp in the file name. I am receiving the following error in splunkd.log file **01-08-2018 02:30:21.007 -0600...
View ArticleDo we have to edit input or output of C:\Program...
I have splunk enterprise installed in window and I want to access the log of Linux machine which have UF installed but the input and output.conf is not touched so to access the log do we have to edit...
View Articleis there a way to check if makeresults stored the events in index or not ?
I am searching like this in Splunk: | makeresults count=3 | eval _raw="demo event" | collect index=main sourcetype="sample" It generates the events and also stores these 3 events in the index. and then...
View ArticleDo rest APIs support multiple instances on same host?
I need to fetch some configuration files through REST APIs. In case there are multiple Splunk instances on the same host, can the server specific configuration files still be accessed through REST APIs?
View ArticleAdd new indexers, keeping old for historical
I have an indexer challenge that was hoping to get help with. We have 4 indexers with a significant amount of historical data. We are adding 4 new indexers with significantly more resources to overcome...
View ArticleTA-Mcafee 2.1.3 does not support latest version of McAfee EPO
We are sending McAfee logs from ePO DB using the documentation provided with the TA and DB connect (since 1 year)...
View ArticleSplunk upgrade to 7.0. List of supported apps
Hi, Is there a handy way to find what apps/add-ons are supported in 7.0? We will be upgrading our splunk environments from 6 to 7 and have many apps.
View ArticleEVAL for ELSE IF condition
My logic for my field "Action" is below, but because there is different else conditions I cannot write an eval do achieve the below. if (Location="Varonis" AND (like(Path,"%Hosting%") then...
View ArticleHave an alert where there is violation of license and a search where top 10...
Have an alert where there is violation of license and a search where top 10 consumers of license, how do i combine both , where if there is a violation of license send me alert with top consumers? Is...
View ArticleHow can you change the width of a column in a table(HTML) or add a new line...
Hello! So I am running to a problem where my table visualization looks weird because one of my columns is too long. The column that is too long is grabbing from a csv lookup file and I was trying to...
View ArticleCount of API calls over X time_taken, only if average time_taken is over a...
Hi, I currently have a query that returns the a chart of API's whose calls average over a specific time limit (unique per API). I would then like to be able to display the count of calls over X seconds...
View ArticleRename the existing Correlation search?
Hi Splunkers, Whats the best way to rename the existing correlation search.? ![alt text][1] [1]: /storage/temp/225685-correlation-search-name.jpg
View ArticleHow to configure custom management port for Addon setup.xml
I am trying to make a custom Addon with a setup.xml In the Splunk deployment that I am targeting, the management port has been changed from 8089 to 18089 (to avoid port conflicts with existing...
View Article