All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Hi @MARTINA.MELIANA, Can you check out the latest reply from @Easwar.C?
Thank you man this indeed deletes empty fields
In 9.21 How to change width of multiselect inputs in Dashboard Studio
Hi, I am looking to have the sum of users per vlan, for example vlan=xxx is used by username=A, B, C so I would have a table with VLAN = xxx and sum of users = 3, Thx
Thanks for your reply, I have tested it and it might work, i'm waiting for the results of any use cases.
A search is deferred if it cannot run because there are no search slots, but the schedule_window setting allows Splunk to wait for a slot to become available.  If no search slot opens up before the s... See more...
A search is deferred if it cannot run because there are no search slots, but the schedule_window setting allows Splunk to wait for a slot to become available.  If no search slot opens up before the schedule window closes then the search is skipped. A continued search is a continuous search (realtime_schedule=0) that could not be scheduled.  The scheduler will keep retrying the search and not skip it.
Hi, Need some help with the following JSON data. ModifiedProperties: [ [-] { [-] Name: Group.ObjectID NewValue: 111111-2222222-333333-444444 OldValue: } { [-] ... See more...
Hi, Need some help with the following JSON data. ModifiedProperties: [ [-] { [-] Name: Group.ObjectID NewValue: 111111-2222222-333333-444444 OldValue: } { [-] Name: Group.DisplayName NewValue: Group A OldValue: } { [-] Name: Group.WellKnownObjectName NewValue: OldValue: } ] I want to extract the 2nd set of values for each event such that Group.DisplayName can become a field in itself, e.g. Group.DisplayName.NewValue=A, Group.DisplayName.OldValue=B. But right now, default extraction is doing something like this     How can I create KV pairs for Group.DisplayName within this JSON array? I tried few combinations using spath but was not successful.   Thank you
Thank you for your answer! I have just been sent this information to the author. But I am also interested in another experience related to my case
Thank you PickleRick, I already got streamstats in my search query but got more results not only consecutive and I want isolate 3 consecutive results (see end of queary): | eval Description=cas... See more...
Thank you PickleRick, I already got streamstats in my search query but got more results not only consecutive and I want isolate 3 consecutive results (see end of queary): | eval Description=case(RML<104.008, "0", RML>108.425, "1", RML>=104.008, "OK", RML<=108.425, "OK") | eval Warning=case(Description==0, "LevelBreach", Description==1, "LevelBreach") | table LWL UWL RML | eval CR=if(RML<UWL,"0",if(RML>LWL,"1","0")) | accum CR AS ACC | streamstats window=3 reset_after="count=3" count
Something like this? https://community.splunk.com/t5/Splunk-Search/Removing-all-null-columns-from-stats-table/m-p/566579
Couldn't resolve host means precisely that - your system is unable to find IP for the name you've given in the request. Either you're providing curl with wrong hostname in the request URI or you're h... See more...
Couldn't resolve host means precisely that - your system is unable to find IP for the name you've given in the request. Either you're providing curl with wrong hostname in the request URI or you're having DNS problems in your infrastructure.
Your description is not very clear but you can either use if with eval to check if some complex condition is fulfilled like for example: | eval rule_type=if(like(rule_name,"MHE0%") OR like (rule_nam... See more...
Your description is not very clear but you can either use if with eval to check if some complex condition is fulfilled like for example: | eval rule_type=if(like(rule_name,"MHE0%") OR like (rule_name,"%AWS%"),"cloud","prem") (forget the actual logic, it's the syntax that's important here). or use the case() statement to form something of an ACL: | eval rule_type=case(like(rule_name,"%AWS%"),"cloud",like(rule_name,"MHE0%"),"onprem",1=1,"cloud default")  
Hard to say without knowing your base url. The error 10060 means your code can't connect to the destination server. Either you specified a wrong machine to connect to or you're having some network is... See more...
Hard to say without knowing your base url. The error 10060 means your code can't connect to the destination server. Either you specified a wrong machine to connect to or you're having some network issues. Can you connect manually to the API endpoint from the host you're running your code on?
Your explanation is a bit unclear but it looks like a job for the streamstats command with a window size of 3.
Hi Team, In a Dashboard we have 30 Panels, i want to do the pagination, lets take under page i should view 5 Panels, Pls help how to proceed/query for that. Below is the example, under 1st dot page... See more...
Hi Team, In a Dashboard we have 30 Panels, i want to do the pagination, lets take under page i should view 5 Panels, Pls help how to proceed/query for that. Below is the example, under 1st dot page I should view 5 panel, 2nd page should have 5 page so on.  
More words please. What exactly are you doing? What is the result and when it happens? Have you verified that the server is actually running? Are you connecting on a proper port? Did you verify netw... See more...
More words please. What exactly are you doing? What is the result and when it happens? Have you verified that the server is actually running? Are you connecting on a proper port? Did you verify network connectivity?
Most probably (I don't know this app so I'm writing from general experience with several apps) proxy server must be explicitly defined for a given modular input. So if there are no settings within th... See more...
Most probably (I don't know this app so I'm writing from general experience with several apps) proxy server must be explicitly defined for a given modular input. So if there are no settings within the app itself, you probably need to pester the autor of the app about it.
Dear Splunkers, I would like ask your advice in order to complete following search result. My table checks for consecutive level breaches events in window of 3 counts. ACC CR count 0 ... See more...
Dear Splunkers, I would like ask your advice in order to complete following search result. My table checks for consecutive level breaches events in window of 3 counts. ACC CR count 0 0 1 0 0 2 0 0 3 1 1 1 1 0 2 1 0 3 2 1 1 3 1 2 4 1 3         If there is a level breach CR column will change to 1 and the ACC column will change to upcoming number. Now I would like to create an alert if 3 consecutive levels breached as shown in bolded example in bold.  Can you suggest how to complete the query and display only 3 consecutive results so that I can create an Alert? Thank you
Hi, I can't connect in my splunk enterprise account, i am having this errore; connection failure And there is no way to recover the account , i need help please
Hello to everyone! I am in the process of trying to fetch vulnerability information from the national vulnerability database. I found an app that can do this task via API - this is NVD-CVE-Fetcher-... See more...
Hello to everyone! I am in the process of trying to fetch vulnerability information from the national vulnerability database. I found an app that can do this task via API - this is NVD-CVE-Fetcher-App. The app link is here: https://splunkbase.splunk.com/app/7121?ref=hub.metronlabs.com The problem is that using NAT isn't allowed in our organization, so I was forced to use a proxy. I tried to use a system proxy, but the application ignored the system setting and tried to access the API URL directly. So, two questions: 1. Did anyone try to use the NVD-CVE-Fetcher-App in the proxy-acess scenario? 2. Did anyone resolve a similar task using other approaches? For example, another app or handmade script