Splunk Dev

Discussions

Thread Info

Multyple sources display only one value

Hi, How can I display in a single value chart only the value that is 2 when that occurs, or a single value 1 when ...

by Communicator in

issue with dropdown containing month and year value

I have to produce Jan-2017 Feb-2017 in the dropdown search query |eval datetime = strftime(strptime(mydate,"%m/%d/%Y"...

by Communicator in

Cross reference a field from an imported csv file

I currently have a csv file that contains a lot of CVE's; for example CVE-000-0001, CVE-000-0002, so on and so forth....

by Engager in

How to set up in-page drilldown with different tokens

For a single in-page drilldown, the following codes work as expected from "master1" table. How can I set up an in-pag...

by Communicator in

Problem with JSON file

Hi all, I've got some problems with by RegEx commands on a JSON file. I'm trying to do a linebreak on each },{ val...

by Path Finder in

tstats and _time span

Hi, Still not sure on the '_time span=5s' element of the following search. The goal is to alert when a source devi...

by Path Finder in

Where can I find the Splunk SDK for .Net 4.0?

hi I have been trying to find Splunk SDK for .net 4.0 can someone please help? we can't upgrade our solution to...

by Explorer in

summary index not working

I have created a query index="xxx" source="xxxxxx"|dedup dn|sistats count scheduled this hourly I could not fin...

by Path Finder in

How do I create a table from 3 different lookup table and get the data to line up?

I have 3 lookups. 1 is primary users and a count of total users, 2 is primary users and a task, 3 is primary users an...

by New Member in

How to approach custom field extractions for new source with deployment server

New to Splunk Enterprise. Confused as to what the best approach for configuring multiple field extractions for a new ...

by Explorer in

Can Splunk read data from Aud$ and FGA_LOG$ ,can it be used to replace Oracle Audit vault

looking for the these information to pull live data from oracle database. Can it also pull the data from xml file. an...

by New Member in

I have two macro's depends on text input type hostname it should select the macro dynamically. Using below code

My Scenario:- Macro1=US_Base_Search Macro2= AD_Base_Search If host=AB* then need to get the data from macro US_Base_S...

by Loves-to-Learn in

Migrate Index without shutdown

Hi There, We have two indexer (not clustered) but on DNS roundrobin. We need to migrate the indexers to the new hardw...

by New Member in

dynamic option in an input panel

HI all, I would to build a dynamic value for a dynamic option in an 'dropdown' panel for a dashboard (splunk 6.5.2) ...

by Explorer in

How do you list all REST API endpoints available?

How do you list all REST API endpoints that are available?

by Splunk Employee in

How do I compare count over two time periods?

All, Thought there was a one stop shop command for this, but I can't find it. Basically I just want an alert when...

by Builder in

Lookup table disappears after deleting all rows

I have a lookup table for exclusions. that updates when user clicks on a value and it is added in the lookup table. H...

by Builder in

disappearing NULL-columns when sorting a table

Hey everyone, I have an issues with a table that has an empty column: index=_internal | head 10 | table _time h...

by Contributor in

base streamstats on timestamps in data not arrival time

Hi, I have a question I don't know if is quite possible to do. I have to calculate some data between events, but not ...

by Path Finder in

Using IF with multiple conditions

Hi Splunkers, The partner of my company send me a new log file with more details..... i do apologise for the inconven...

by Path Finder in

Why ext.domain is being extracted as an ext_domain field?

Our raw data holds name value pairs and one of the names is ext.domain. Splunk UI displays this field under the Inter...

by Ultra Champion in

Is it possible to add print/export icons using SplunkJS?

I'm trying to add print/export icons using Splunk's splunkjs framework and splunkjs/mvc/searchcontrolsview, to displa...

by Splunk Employee in

Time stamp for index time extraction

Following are the different time stamp we are getting from different sources and trying to write a time stamp for the...

by Explorer in

Is the StoragePasswords Python SDK support broken?

I've been trying to convert some Python code from using bare REST to using the Splunk Python SDK. I've been successfu...

by Explorer in

Unable to initialize modular input "jms" defined inside the app "jms_ta": Unable to locate suitable script for introspection for Index clustering

Hello Team. I have index clustering setup which comprises of 1 index master and 2 index peers. NOw I want to add j...

by Explorer in

Get Updates on the Splunk Community!

Splunk Dev

Discussions

Multyple sources display only one value

issue with dropdown containing month and year value

Cross reference a field from an imported csv file

How to set up in-page drilldown with different tokens

Problem with JSON file

tstats and _time span

Where can I find the Splunk SDK for .Net 4.0?

summary index not working

How do I create a table from 3 different lookup table and get the data to line up?

How to approach custom field extractions for new source with deployment server

Can Splunk read data from Aud$ and FGA_LOG$ ,can it be used to replace Oracle Audit vault

I have two macro's depends on text input type hostname it should select the macro dynamically. Using below code

Migrate Index without shutdown

dynamic option in an input panel

How do you list all REST API endpoints available?

How do I compare count over two time periods?

Lookup table disappears after deleting all rows

disappearing NULL-columns when sorting a table

base streamstats on timestamps in data not arrival time

Using IF with multiple conditions

Why ext.domain is being extracted as an ext_domain field?

Is it possible to add print/export icons using SplunkJS?

Time stamp for index time extraction

Is the StoragePasswords Python SDK support broken?

Unable to initialize modular input "jms" defined inside the app "jms_ta": Unable to locate suitable script for introspection for Index clustering

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

October Community Champions: A Shoutout to Our Contributors!

Limit Splunk RUM coverage to a specific JS file

API call to retrieve information about a search wh...

Much needed size optimization of this app - Python...

Custom command only running a few times when getti...

Splunk JAVA SDK Version issue

Splunk Dev

Are you a member of the Splunk Community?

Discussions