All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Hello there, I also want to render splunk app's dashboard on my website securely, is there any way to render splunk app's dashboard on my web site, i have successfully access an existing dashboard X... See more...
Hello there, I also want to render splunk app's dashboard on my website securely, is there any way to render splunk app's dashboard on my web site, i have successfully access an existing dashboard XML definition as per follow this guideline data/UI/views/{name}. Thanks for your support.
@scott_l - I would suggest to go to Splunk support get the details. Its very difficult to tell what's the issue without full details about execution and issue details.
@VijaySrrie - two questions? Is it causing any problems in the Splunk environment currently?? Which script / Add-on / App is generating this error??  
Yeah that’s the document I’ve been following. I’ve tried many different combinations and so far nothing has worked. are you able to share the correct api query to use?
@Ssuen2311 - Just one small detail, once you find out sizing with Splunk PS / Consultant. Costing can be determined from your Smart Store Provider.
This is output for a splunk query returning search results
Hi All, I have a query which returns results for a particular month like how many tickets breached SLA. The month and year is hardcoded to the query. Now, I am wanting not to hard code the month in ... See more...
Hi All, I have a query which returns results for a particular month like how many tickets breached SLA. The month and year is hardcoded to the query. Now, I am wanting not to hard code the month in the query, instead use it in output - so that user can select the month to get the results. Could you please help here? Query Results: TicketCountSLABreached(TCSB)  TotalTicketCount(TTC)  IncResolutionTime(TCSB/TTC*100)    TimeStamp 2                                                                    3                                              66.667                                                             February 2024
@dsofoulis - You can use "Investigation Event" endpoint from "Investigation API", it should be very similar to how you are adding Artifact. Here is the full reference - https://docs.splunk.com/Docum... See more...
@dsofoulis - You can use "Investigation Event" endpoint from "Investigation API", it should be very similar to how you are adding Artifact. Here is the full reference - https://docs.splunk.com/Documentation/ES/7.3.1/API/InvestigationAPIreference   I hope this helps!!! Kindly upvote if it does!!!
Hi @SplunkerNoob , what's your question? if you want additional ideas, see in the Splunk Security Essentials app (https://splunkbase.splunk.com/app/3435): you'll find many ideas. Ciao. Giuseppe
@Siddharthnegi - Try this search | inputlookup E.csv | rename "4Let" as "Let4" | search Let4="ABCD" | stats count as count3 [search index=xyz category="Ad" "properties.OnboardingStatus"= Onboarded ... See more...
@Siddharthnegi - Try this search | inputlookup E.csv | rename "4Let" as "Let4" | search Let4="ABCD" | stats count as count3 [search index=xyz category="Ad" "properties.OnboardingStatus"= Onboarded | dedup properties.DeviceName | rename properties.DeviceName as DeviceName | stats count as count2]   I think the problem that you are facing is field name starting with number, which creates problem in search in some-cases.   I hope this helps!!! Kindly upvote if it does!!!
Hi @Ssuen2311, about the first question: yes, Smartstore is available also on on-premise infrastructures. About the cost, only a Splunk Sales Reperesentative can answer to you. About the size of t... See more...
Hi @Ssuen2311, about the first question: yes, Smartstore is available also on on-premise infrastructures. About the cost, only a Splunk Sales Reperesentative can answer to you. About the size of the solution, you should engage a Splunk Architect or a Splunk PS, it isn't a question for the Community and anyway many details are mandatory for this design. Ciao. Giuseppe
Hi @Siddharthnegi , what's the purpose of your search? using the search you shared you have a main search that arrives to a stats command and then you added another search without any relation with... See more...
Hi @Siddharthnegi , what's the purpose of your search? using the search you shared you have a main search that arrives to a stats command and then you added another search without any relation with the first one. Do you want to append the second to the first one or do you want to filter results from the first using the secon one? Ciao. Giuseppe
@Sumi - First of all, please explain onto why are you looking for pid file??
Thanks, how can we club the both into one to show count based on the two conditions What do you mean "based on the two conditions?"  Your original question simply says  to show in pie chart. ... See more...
Thanks, how can we club the both into one to show count based on the two conditions What do you mean "based on the two conditions?"  Your original question simply says  to show in pie chart. But i am getting values as other The answer to this is: You cannot have a pie chart with two columns.  If you "getting values as other" is not the problem, what is?  Illustrate your data - in text (anonymize as needed), illustrate desired result - normally I'd say in text but in this case, a mockup graphic piechart could work, then, explain the logic to derive the desired results from illustrated data in plain language without SPL.  These are three essential ingredients of an answerable question.
@uagraw01 - As suggested by @tscroggins self-signed certificates needs to be added to certificate store. Here are references to be done on Mac and Windows: https://learn.microsoft.com/en-us/skype-s... See more...
@uagraw01 - As suggested by @tscroggins self-signed certificates needs to be added to certificate store. Here are references to be done on Mac and Windows: https://learn.microsoft.com/en-us/skype-sdk/sdn/articles/installing-the-trusted-root-certificate https://support.apple.com/en-in/guide/keychain-access/kyca8916/mac#:~:text=In%20the%20Keychain%20Access%20app,certificate%20types%2C%20click%20Learn%20More.   I hope this helps!!! If it does kindly upvote!!!
Hello Splunkers! In the Security Posture by default there are no filters that would allow us to adjust the time, meaning, we see the summary about notable events over the last 24 hours. I want to ... See more...
Hello Splunkers! In the Security Posture by default there are no filters that would allow us to adjust the time, meaning, we see the summary about notable events over the last 24 hours. I want to change that, I have added a time picker that I would like to bind to one dashboard in the security posture - "Key indicators" so that I can see for example the summary of notable events over the last 12 hours or 7 days. Can someone please explain what needs to be done on time picker or dashboard in order to achieve this, or maybe is there an easier way to do this?  Thanks for taking your time reading and replying to my post
| inputlookup E.csv | search 4Let="ABCD" | stats count as count3 [search index=xyz category="Ad" "properties.OnboardingStatus"= Onboarded | dedup properties.DeviceName | rename properties.DeviceName... See more...
| inputlookup E.csv | search 4Let="ABCD" | stats count as count3 [search index=xyz category="Ad" "properties.OnboardingStatus"= Onboarded | dedup properties.DeviceName | rename properties.DeviceName as DeviceName | stats count as count2] this search is giving error
This is a data analytics forum.  So, you cannot just say "I know is missing" without data to substantiate.  My mock data actually includes conditions where a group of pods are missing in both current... See more...
This is a data analytics forum.  So, you cannot just say "I know is missing" without data to substantiate.  My mock data actually includes conditions where a group of pods are missing in both current interval and previous intervals. They are shown as missing in all intervals in which they are missing in the chart screenshot.  If you need concrete help, always post sample data that will demonstrate all features necessary. (Anonymize as needed.) Speaking of pod groups, you still haven't confirmed whether it is the pod groups you are trying to mark.  As I said, there is no logic that will support detecting missing of individual instances of any pod by using lookup table with wildcards.
I would like to have an investigation created with a notable event recorded in there using the API. I've been trying to achieve this by adding a notable event to an ES investigation using the API.  ... See more...
I would like to have an investigation created with a notable event recorded in there using the API. I've been trying to achieve this by adding a notable event to an ES investigation using the API.  So far I have been able to create an investigation and then add an artifact to it using the API. Next step I need to complete is to insert a notable event into an ES investigation using the API.    Alternatively if its possible to create an investigation from a notable using the API then I would also be happy with that option.
Hi, For the migration of data we need to use Smart Store from splunk Please help us to understand the below pointers: Smart Store is available for on prem implementation. Costing How do you siz... See more...
Hi, For the migration of data we need to use Smart Store from splunk Please help us to understand the below pointers: Smart Store is available for on prem implementation. Costing How do you size the solution?