How to only display the lowest value of field per group
Hello I am tabling a bunch of data. In the table there is a field called Workflow Sort Order which orders the the data within the logs: "Name" "Vendor" "EngagementScope" "Workflow Step Sort Order"...
View ArticleWeb Proxies APP (ERROR)
Anyone seen this error before? Error in 'lookup' command: The lookup table 'user_realnames_lookup' does not exist or is not available.
View ArticleHow can i get marker in geomap using splunk query.
Hi all, i want marker in that particualr latitude and longitude degrees with splunk map with below query . please suggest me one map in splunk Query :|makeresults | eval...
View ArticleGiven the attached Data File (testData.csv), add it as a lookup file and...
Date Visitors Jul/14/2017 26 Jun/3/2017 34 Sep/30/2016 2 Jul/29/2017 71 Sep/9/2016 10 Jun/22/2017 40 Apr/21/2017 1 Jul/4/2017 57 Sep/24/2016 1
View ArticleHow can i get marker in chrolepath map ?? I want both marker and Geo fence...
Hi All, I want both marker and Geofence shapester shapes in one map ? please help me.
View ArticleUsing REST API to search and send an email if there is a result?
Hi all, I am trying to create a shell script periodically with crontab to run a Splunk search query, and if there are any results/events found in the search query, it will send an email alert with the...
View ArticleSplunk DBconnect interval question
Hi there, If I want dbconnect to continuously and instantly read a DB do I just set the interval to 0 - are there any implications to doing this, such as large performance overheads? Thanks!
View ArticleHow can i get both marker and geo fence shape in single Visulaisation??
Hi all , I need both Live tracker marker and geofence shape (chrolepath map) in single visualization.Now I developed with two individual maps but i want both in one map. Attached image shows maps with...
View ArticleScripted Input Multiline Event wanted
Hey, I got a script which is executing a vmstat command on a host. Since yesterday I received the output in a single multiline event: memTotalMB memFreeMB memUsedMB memFreePct memUsedPct pgPageOut...
View Articlesavedsearch load results based on date range
Hi , I am having savedsearch configuration like this. [dailyStats] enableSched = 1 dispatch.earliest_time =-1d@d dispatch.latest_time = @d cron_schedule = 0 2 * * * which is running each day @ 2'o...
View ArticleQuerying Access logs when access to these has been more than twice
Morning Guru's, I am looking for a script to show the number of days a log was last accessed. Ive got this working but the problem is its common for people to dump in a log that then is never accessed...
View ArticleDoes HEC-data get buffered somewhere?
Hi, We're thinking about using HEC (either [Serilog Sink][1] or [Splunk SDK .Net][2]) to log from an API, insted of developing log files and using a Universal Forwarder. But we're highly dependant on...
View ArticleWhy is there unrelated fields to all my events?
Hi, I have a couple of fields that always appear in the output of the fieldsummary command. I focused on one in particular to try to understand what is happening : "app:excessive_bandwidth". It turns...
View ArticleCreate a table from a multivalue field
Hi to all, i need to create a table for a multivalue event. Event is like: field1=value1, field2=value2, field3="valueA,valueB,valueC," i need to create a table like value1, value2, valueA value1,...
View Articlesecond instance of a heavy forwarder on the same system (UFW not able to...
Hi all I have a functional heavy forwarder on a systems, now i want a second heavy forwarder on the same system. I'd like to test some limiting features in the actual data stream. I cannot move it to...
View ArticleHow to find the latitude and longitude of newly drawn co-ordinates?
Hi all , we are using **Clustered Single Value Map Visualization**. we have drawn new measurement with four co-ordinates , now i need to find the latitude and longitude of the newly drawn measurement...
View ArticleUnable to locate where the logs are getting indexed
Hi All, I was trying to check the license usage for last 30days and the logs where not available in internal index. Previous employer has deployed a configuration in /local/search/inputs.conf to index...
View Articlewhere can I see if my saved search/report is running as "owner" for another...
hi, I am trying to restrict a user with role no access to any indexes and trying to share a report at app level( with read access to app) to make user see results by running it as owner. but it doest...
View ArticleTwo suggestions for options on Parrelle coordinates
I really like this graphing option! Two suggestions for future builds. 1. An option to change the line size or thickness. I have some graphs that will only have a few data points and the line is hard...
View ArticleOdd occurence with snapping time
I have a search I'm turning into a panel for a pre-existing dashboard. On that dash I have used snap time successfullynumerous times:-6mon@mon@mon which obviously just gives me the previous 6 calendar...
View Article