Transaction startswith argument with named fields ?
How can I provide field values to the startswith argument of the transaction command? Like I would do in a search: index=myindex fieldname=valueToSearchFor I want to do the same with a transaction
View ArticleApplying search head cluster bundle not removing old directories feature or bug?
Dear all, I am experiencing follwoing issue with Splunk 6.3.0 on linux machines: Before setting up a search head cluster we have had a script contained in our app within the "bin" folder to synchronise...
View ArticleDB Connect 2.1.3: Open "DB Connect" App, Show Blank Page (Tab: Show...
Hello, Setup: 1.Install SQL2008R2 on Win2008R2 2.Install JDE 8 (jdk-8u74-windows-x64.exe). 3.Install Splunk 6.3.3 4.Install "DB Connect 2" app 5.Run Splunk -> DB Connect App. Splunk shows "blank...
View Article1000 Windows Universal Forwarders, all configured to forward NO data. I...
The idle UFs will send only telemetry data to the Deployment Server, and listen for instructions from it. How much of a burden will 1000 idle UFs be on a Windows Deployment Server? What should my...
View ArticleHow do I filter events and extract fields in a single regular expression command
Q1: How do I merge these two regular expressions? (which are identical but one for filtering events, the other for extracting fields) I am | regex _raw = "I am (?.*)" | rex "I am (?.*)" | stats count...
View ArticleFormatting Bubble Chart Axis
MY SEARCH | table location, _time, count,Species_ID Yielded: Location, _time, count, Species_ID Afognak River, 2015-05-11, 2, 420 Copper River, 2015-05-12, 6, 420 Afognak River, 2015-05-12, 11, 420...
View ArticleCompare monthly group average against user daily results
We have dashboards that show the average of user work for the last month this could be for any of the various departments. We also have a box-plot dashboard which will show which users have extreme...
View ArticleInvalid key in stanza [Splunk_TA_f5_bigip_main]
I am running Splunk 6.3.3 and F5 TA 2.4.0 and getting the following error. Anyone seen this before? I am still indexing data from F5 so it can't be too critical.... Invalid key in stanza...
View ArticleNeed SailPoint data in Splunk
SailPoint is our new Identity Governance application. I need to access SailPoint data from within Splunk. I'm not a Splunk admin at my company...but, I need to run searches that require data from...
View ArticleSplunk Rest API: How to pass parameters in search
HI, I have an requirement to create splunk rest api which can accept inputs and pass it to the search. Search will accept the parameters and generate the results. API should send back the results. Also...
View ArticleCustomer is having difficulty finding the download for this app....Is App...
After filling out request form, we do not find a location for download. Can anyone confirm that App is still available. . Thanks.
View ArticleSpunk creates multiple indexes for a single batch file execution
We are forwarding a directory consisting of hundreds of batch job execution logs. However Splunk reindexes the logs buy splitting the logs into multiple events(3, 4. ...sometimes 10 events). As a...
View ArticleQuery about datamodel acceleration and how data is stored
I was going through the documents on Datamodel Acceleration. Can you please help me in confirming if my understanding below is correct? 1. An Addon (TA) does the Data interpretation, classification,...
View ArticleFetch Bundle Info Failed
Has anybody seen this error on search head before? This was logged in splunkd.log and I am trying to figure out what is causing this as I don't see any errors in the indexer logs during this time....
View ArticleMachine Learning Toolkit and Requirements
I have an wondering about Preview Release in Machine Learning Toolkit and Showcase Documentation. They says, Machine Learning Toolkit App is currently designed to only run on a single search head....
View ArticleHow to do calculate log time between search result and next row ?
Hi All, I am studying splunk recently and need help about some question, thanks. When I want to search one key word and want to calculate the key word and next row's time, what should I do? For...
View ArticleAdjustment needed to nexpose_cim_data_generator.py
Good day! Recently, our rapid7.log output has been showing errors upon working with the .CSV files being made by Nexpose's API. We caught this, because our logs were filling with big base64 encoded...
View ArticleExclude index from ES dataset
Hi, we are currently adding data sources to our Splunk environment. We try our best to make it CIM compliant. We have a dedicated ES search head and we do not want ES to look at this data. How can we...
View ArticleInstallation prematurely stopped, variable ignored when using cmd prompt
I'm trying to install Splunk forwarder 6.3.3 on Windows Serve 2008. The installation is prematurely stopped (if I watch the files I see everything gets deleted at the end excepted /var & /etc). I'm...
View ArticleLocate when user(s) accessed dasboard
We have a group that is required to record when they review their individual dashboard. We are trying to use Splunk to show they logged in and viewed their dashboard. I am having issues figuring out a...
View Article