Dropdown Input - Select second Value of a list
Hello there, i need to set as a default always the second element of my list values, the value can change but i need to take always the second one. How can i make that? There's a way with javascript?...
View Articletransaction to create timeline table based on specific field
Hi all, i'm trying to record all RD session on my server, i've write this query: index=server source="WinEventLog:Microsoft-Windows-TerminalServices-LocalSessionManager/Operational" EventCode=24 OR...
View ArticleNOT ABLE TO READ FROM ZOOKEEPER SERVER
The Zookeeper servers are Linux instances which are hosted outside Aviva Network, On the other had the sPlunk Search heads are installed on AWS Cloud instances in the Aviva domain. We established a...
View ArticleSplunk Stream Integrate with Enterprise Security
Hey all, Looking for any better documentation/steps on integrating Splunk Stream app with Enterprise Security. Running Stream v. 7.1.1 Running Enterprise Security v. 4.7 OS/Environment: All Windows...
View ArticleSplunk DB dimensioning
Hi, I’m doing storage dimensioning for our Indexer cluster as follows Inputs: - number of log events ingested per day, and - Average size of each log events Output: - how much the disk space of...
View ArticleWhat are different ways in which we can co-relate Ticket data?
My requirement is : This is ticket data. "Co-relation Between events to see how we can perform further suppression?"" so please give me any ideas Thank you in advance.
View ArticleWhy do the deleted search heads from dashboard Master show their status as...
Good afternoon Currently, in our cluster environment, we have several search heads that have already been eliminated, but there are records that their status is down Apparently, this does not affect...
View ArticleFortinet FortiGate App for Splunk: Why am I receiving this Error in...
This is in every panel on the dashboard - "Error in 'SearchParser': The search specifies a macro 'fgt_logs' that cannot be found. Reasons include: the macro name is misspelled, you do not have "read"...
View ArticleHow to Clone an App?
Hi I need to close an app. For example I have app1 I need to clone it to app2. What is the best way to do this
View ArticleHow to compare column from two search and find difference then print all rows.
Hi Thanks for your time. Im using splunk to parse the log. I have two search. the columns i got from A is as below tktnum, prcnum, type Columns for search B is tktnum, _time. how may i find tktnum...
View Article7.0 broke custom commands?
We've had some custom commands defined on our indexers for years. Here is /opt/splunk/etc/apps/whirlpool_netbotz/default/commands.conf: [netbotzreport] filename = netbotzreport.py enableheader = true...
View Articleformatting time and getting elapsed time
Hello, I am trying to normalize the dates on the below fields and subtract them from each other. How would I go about doing that? Is there a way that if there is no termination date, show something...
View ArticleHow to compare column from two searches and find the difference between them...
Hi Thanks for your time. Im using splunk to parse the log. I have two search. the columns i got from A is as below tktnum, prcnum, type Columns for search B is tktnum, _time. How may I find tktnum...
View ArticleWhy are the indexers trying to execute these command if they are defined as...
We've had some custom commands defined on our indexers for years. Here is /opt/splunk/etc/apps/whirlpool_netbotz/default/commands.conf: [netbotzreport] filename = netbotzreport.py enableheader = true...
View ArticleHow to normalize the dates and subtract them from each other to get elapsed...
Hello, I am trying to normalize the dates on the below fields and subtract them from each other. How would I go about doing that? Is there a way that if there is no termination date, show something...
View ArticleIn multisite Clustering, do both sites need to have the same amount of...
So we are looking at doing a multisite clustering with replication across two sites. 1 site will have 320 gig log ingestion and the other will have 100 gig log ingestion. Do both sites need to have the...
View ArticleAfter integrating Splunk with JIRA, How can I see the list/count of defects...
I have integrated Splunk with JIRA. I want to see the list/count of defects created in last 7 days. I'm picking the created field from JIRA but still, the list is showing both created and updated...
View ArticleHow to count Max Sub-sequence of identical numbers?
Hello , I need to calculate the maximum length of identical numbers for example : 0,0,0,0,0,1,0,1,1,0,0 and search for the sequence of 0, the result should be 7 in this case Anyone have any ideas how...
View ArticleWhy are we not getting any Alert Emails when we use the "Team" email address...
Afternoon I work in a firm monitoring Splunk alerts etc. We get various alerts sent to us from Splunk, and they all have a single "User" (e.g. JohnDoe@ABC.com) address in the "To" or "CC" field. When...
View ArticleIn the dropdown Input how can I select the second Value of a list?
Hello there, I need to set as a default always the second element of my list values, the value can change but I need to take always the second one. How can I make that? There's a way with javascript?...
View Article