Polling frequency seems to default to 10m
I'm using the Website Monitoring app to monitor several websites, however they only seem to poll every 10 minutes, regardless of the value I specify in the Interval field. I've tried values of 60s, 1m...
View ArticleHow to over ride sourcetype using curl command for Http event collector?
Hi, I configured Http Event collector(EC) in my local through GUI (generated token,created index and source type) and in the backend splunk_httpinput app local got created with inputs.conf....
View ArticleFiltering Queries for domains you don't want to forward?
Is it possible to filter out noisy domains so they aren't forwarded? Would like to do this from the TA but not sure how to do it, I would think it could go in inputs.conf but I don't know what the...
View ArticleHow to query only large difference in timestamps?
I have a dashboard query that returns fields of a log file, and I'm only interested if the difference in time between two entries is larger than a minute. Query: host=Host source="Filepath" "Starting"...
View ArticleHow to get a random sample of iis events each day for the last X days to...
On iis logs, suppose I have 60000 transactions per 24 hours. How can I get a random sample of say 5000 events? I need to get a random sample for each day for suppose last 50 days. I want to build...
View ArticleHow to edit the default alert content when saving an alert in Splunk Web?
All, Is there a way to tweak the default alert content when saving an alert in Splunk Web? I'd like to include some default wording for our company's standards. ![alt text][1] [1]:...
View ArticleHow do I edit my search to return a certain field value in my table of results?
Hi, I'm trying to return some results with the AppID that is being searched. My current search does everything I want except return the appID that is being searched. My search and results are below....
View ArticleIs it possible to make a deployment server a client of itself?
Is it totally crazy to make a deployment server contact itself for apps? I just thought about it and it would reduce the need of having to do things double for the DS itself, then copy and push the...
View ArticleHow do I constrain a timechart's x-axis range, but still predict on more...
Hello, Using Splunk Enterprise 6.2 I am running a prediction using 30+ historical days of data to predict the next 24 hours of a week day of a particular transaction's volume. When creating the...
View ArticleIs there a way to separate data inputs in the Splunk App for Okta to have a...
We just added a second input in the new Splunk App for Okta, but we would like to have separate dashboards for each Okta data source. Both of the sources go to the same index (index=okta) so the...
View ArticleWhy am I unable to delete an index via CLI with error "bundle=indexes...
Hi, I am unable to delete an index from the CLI. When I am giving the following command : ./splunk remove index AAA ( AAA is my index name ) Then I am getting the following message: In handler...
View ArticleHow to search a trending error count to alert when an application pool is...
All, I want to have an alert fire any time an application pool is more than say 2 standard deviations from the normal. We have about 100 application pools. I am guessing the logic would look something...
View ArticleIn HTML Dashboards, can token forwarding be used with a submit button?
I am following [this example][1] to use token forwarding in my HTML dashboard. I need to do some fancy things with the inputs selected to generate the correct search. The token forwarding is working...
View ArticleIs the Splunk Health Check Overview app supported on Splunk 6.3.x?
Hi, Is this app (Splunk Health Check Overview) supported on the newer Splunk versions 6.3 and above? Thanks
View ArticleHow can I find the difference in days between two timestamps in this format?
Hi, I would like to find out the difference in days between two timestamps however the time format is a little weird. This is the time format: 2016-03-19T15:05:40Z
View ArticleHow to make a sequential lookup?
I have created a CSV from Linux's usb.ids (http://www.linux-usb.org/usb.ids ) that has **vendor_id,product_id,VendorDesc,ProductDesc** as the first line. I am trying to create a lookup that takes the...
View ArticleSideview Utils: How to make multiple dashboards accessible from one main...
Hey guys wonder if you can help. I have around 20 dashboards and want to make them accessible from one main dashboard via a pull down menu. I created the main dashboard in Sideview Utils and added all...
View ArticleWhy am I unable to extract all fields from a CSV log in Splunk 6.2.5?
I'm trying to extract fields from a basic .csv log with no luck. Here is the file how it looks in Splunk 6.2.5.. ![alt text][1] When I try to configure a field extraction, Splunk only recognizes the...
View ArticleWhy does cloning of any alerts or saved searches in an app result in error...
Cloning of any alerts/saved searches in an app are causing the following error (Splunk search head v 6.2): Encountered the following error while trying to clone: [HTTP 404] Viewstate object not found;...
View ArticleHow to use extract kvdelim and pairdelim to parse all key value pairs in my...
We have log entries similar to below and while I can write a regex expression to parse out all the kv pairs separated by a :, I wanted to know if there was a way I could use extract kvdelim to do the...
View Article