How to create a workflow action that triggers a custom search for a...
Hi, I am trying to do the following, but haven't been able to figure out how. For a particular event, I want to trigger some analysis of the event. The analysis may involve performing additional...
View ArticleSplunk App for Windows Infrastructure: ldapgroup command not working without...
When I go to the Group Audit dashboard, I am unable to retrieve the group members. When I open the search in a search window | ldapsearch domain=DOMAIN1 search="(&(objectclass=group)(cn=Domain...
View ArticleSplunk Add-on for McAfee Web Gateway: why does a Splunk search run very slow...
Whenever I search McAfee Webgateway data using a defined field name ( `sourcetype="mcafee:wg:kv" user=joeuser`), the search takes several minutes to complete. However, if I remove the field name (...
View ArticleHow to execute a Splunk search in a dashboard on click of a button using...
Hi, This is with regards to this link : https://answers.splunk.com/answers/378289/calling-java-script-from-dashboard.html Upon clicking on the OK button in the dashboard, a pop-up is coming ( which is...
View ArticleWhy is date_hour inconsistent with %H?
According to doco: "The date_hour field ... is extracted from the event's timestamp (the value in _time)." Consider this test: index=* | eval hour=strftime(_time,"%H") | eval shift=date_hour-hour |...
View ArticleHow to create index using REST API in a clustered environment?
Can you please tell us, How to create index using REST API in a clustered environment?
View ArticleHow do I write a search to compare data by period using my sample data?
category area period date count cats A1 20161 15-01-2016 120500 cats A1 20162 30-01-2016 120500 cats A1 20163 30-01-2016 120500 cats B1 20163 30-01-2016 120500 cats C1 20163 30-01-2016 120500 dogs B1...
View ArticleHow to set a single value result to show the Total and have a sparkline...
To my understanding, single value uses the first value of the result table. However, how do I build the search for the single value panel to show the total and sparkline underneath to show average?...
View ArticleSolarwinds Custom HTML from Splunk Dashboard
I have a few Dashboards in Splunk that I'd like to use to bridge the gaps in Solarwinds. When I try using an "IFRAME " I am getting access denied from cross-scripting protection. Is there an access...
View ArticlePrediction with X-Axis in Visualization When Input Data is Already Bucketed...
Hello, Question first: How can I output an hourly prediction chart with the actuals and predicted values when the _time values are already bucketed by hour in the input data source? I am running a...
View ArticleAnyone know of a way of finding the last modified date/time of a saved...
I have an audit request to show the last time a report was modified. Thanks, Jeremy
View ArticleUniversal Forwarder "learned" sourcetype edits props.conf
We have a very simple inputs.conf stanza setup to monitor a file system: [monitor:|path|] disabled = false index = Index1 What I've noted is that this has resulted in many different sourcetypes for our...
View ArticlePropper Logging practices for list of events
I have a service that recommends a list of cars based on the user's input of personal information. For example, someone can send a request containing personal information and my service will respond...
View ArticleWhy is signature_id in the Windows TA extracted in such an inefficient manner?!
After living with this for a while, I decided that today that I cannot. The signature_id in the Splunk for Windows Add-On (TA) is extracted in a way that massively impacts search performance of Windows...
View ArticleHow do I reset the Password if I do not remember the original one? (working...
I am a Newbie and was having no trouble yesterday. Today, I booted up and it is as if either I forgot the password I entered or else the program is working with another entry.
View ArticleInstallation Problem on Windows 10
Hi, I can not install the splunk enterprise version on my laptop. The system is windows 10. When I double click the downloaded file, nothing happens. Could anyone tell me how to deal with it? Thanks a...
View ArticleHow to troubleshoot splunk web server not starting?
Hello, I'm having an odd issue that started after I went to restart. Issuing the ./splunk start command as the relevant user splunkd starts right up, but the start hangs at... 'Waiting for web server...
View Articlehow to display a report in table format in the dashboard
After creating a search I have formatted the events into table format with only the fields I am interested on. Then this search was saved as a report and added into the dashboard. In the dashboard,...
View ArticleAdd a field to a sourcetype with a static value
I wanted to add a field to a specific sourcetype basically nocmessage="ignore this server" Seemed easy enough props.conf EVAL-nocmessage="ignore this server" But doesn't seem to work. If I toss that...
View ArticleData Summary Report Events for a Host but searching the Host in the Shearch...
Hi We have weird behavior, in the Data Summary Screen on the Search Head, we see a Host reporting events, when clic on the host searching for the details, the Search Head shows 0 results This is...
View Article