All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

If by "last" you mean most recent, then use head 1 to see the entry.
How many inputs have you configured on the add-on?
The message still logged is :  "Unexpected event id"
Hi @scelikok  thanks for reply, my feedback below: / I tried to restart services no change. / if I run Upgrade readiness scan for jQuery scan its ok..but for Python scan 2 public apps failing one... See more...
Hi @scelikok  thanks for reply, my feedback below: / I tried to restart services no change. / if I run Upgrade readiness scan for jQuery scan its ok..but for Python scan 2 public apps failing one of them DB connect app. Thanks in advance.  
Hello I would like a search to show the last entry of host="1.1.1.1", and show the full entry.   Thank you
Hello, I'm trying to get a solid answer on what Splunk's laws are regarding using the Splunk Enterprise free license (0.50 GB/day) on a production system in a for-profit company.  Is this allowed or... See more...
Hello, I'm trying to get a solid answer on what Splunk's laws are regarding using the Splunk Enterprise free license (0.50 GB/day) on a production system in a for-profit company.  Is this allowed or are we required to buy the 1GB minimum license?   From the Splunk Enterprise download site: https://www.splunk.com/en_us/download/splunk-enterprise.html, it clearly states that "After 60 days you can convert to a perpetual free license...", so if my ingestion is below the 500MB/day limit, but the license in on a production system, is this legal or would I have to buy a 1GB license? Note, I haven't actually deployed Splunk Enterprise on a production system, I'm gathering all the facts before I make the move to production. Thanks.
i'm configuring a classic dashboard in the new dashboard studio and exported a classic dashboard with a drill down search, but unable to find how to configure a search in the dashboard studio. the... See more...
i'm configuring a classic dashboard in the new dashboard studio and exported a classic dashboard with a drill down search, but unable to find how to configure a search in the dashboard studio. the classic dashboard includes source value that is configured to run a search.  In dashboard studio I'm not finding the 'link to search' option.    I need to click on the source value and open a new window with the new search of the source value. this is the screen I see in drilldown on dashboard studio -- where do I go next to run a search?    
Hi @Stives, This happens when Java is not installed or the Java path is not correctly configured.   Did you try restarting Splunk's service? Sometimes it helps. Or maybe there is a change on your ... See more...
Hi @Stives, This happens when Java is not installed or the Java path is not correctly configured.   Did you try restarting Splunk's service? Sometimes it helps. Or maybe there is a change on your Java installation because of an OS update, etc.
Unfortunately, I didn't get NetFlow using Stream before. I cannot  think anything else.
Hello, In the production, i had the opening bracket {  in place, but I missed putting the opening bracket in this post. The width is 100% So, by changing width and put the { didn't align the text ... See more...
Hello, In the production, i had the opening bracket {  in place, but I missed putting the opening bracket in this post. The width is 100% So, by changing width and put the { didn't align the text to the left. Did you get it to work on  your end? Thanks
It's not a plug-n-play answer.  Use it as a guide for building your dashboard.  The <input> section shows parts that should be in your <input> section and the <panel> section shows how to make the pa... See more...
It's not a plug-n-play answer.  Use it as a guide for building your dashboard.  The <input> section shows parts that should be in your <input> section and the <panel> section shows how to make the panel show or hide based on a token.
where should I put this in my query as my query starts with- <row> <panel> <title></title> <single><search> <query></query> <earliest> <latest> <sampleRatio>1</sampleratio> </search>
Hi @bowesmana, So I actually need it do be limited a certain number per distinct name/ip/id combinations, because there are some combinations have rarer matching events compared to others and I did ... See more...
Hi @bowesmana, So I actually need it do be limited a certain number per distinct name/ip/id combinations, because there are some combinations have rarer matching events compared to others and I did not want to search through millions of events for one combo before getting any hits on another, Thank you!
I am really hoping to get some answers!
Hi, Yes I have already run set_permissions.sh on my forwarder but it didn't change anything. Do you have any other recommandation ?  
Use the depends option on the panel to control whether is is shown or not. <panel depends="$t_entity$"> ... </panel> The panel will be shown if the specified token has any value, which is not exact... See more...
Use the depends option on the panel to control whether is is shown or not. <panel depends="$t_entity$"> ... </panel> The panel will be shown if the specified token has any value, which is not exactly what you're looking for.  In this case, we want to set a different token if t_entity has a specific value. <input token=t_entity ...> ... <change> <condition value="C2V"> <set token="show_panel">1</set> </condition> <condition> <unset token="show_panel" /> </condition> </change> </input> ... <panel depends="$show_panel$"> ... </panel>  
Hi @adrojis, Did you run set_permissions.sh on your forwarder? You should have done it manually on the UF host. cd $SPLUNK_HOME/etc/apps/Splunk_TA_stream sudo chmod +x ./set_permissions.sh sudo ./s... See more...
Hi @adrojis, Did you run set_permissions.sh on your forwarder? You should have done it manually on the UF host. cd $SPLUNK_HOME/etc/apps/Splunk_TA_stream sudo chmod +x ./set_permissions.sh sudo ./set_permissions.sh Install Splunk Add-on for Stream Forwarder  
| rex field=result "\w:\\\\\w+\\\\\w+\\\\(?<myfield>[^\.]+)"
Thank you. Issue resolved after using base search. Was able to identified the issue.
Hi @selvam_sekar, I suppose that you are speaking of Classi Dashboards not dashboard Studio. Anyway, in the Splunk Dashboard Examples App (https://splunkbase.splunk.com/app/1603) you can find an ex... See more...
Hi @selvam_sekar, I suppose that you are speaking of Classi Dashboards not dashboard Studio. Anyway, in the Splunk Dashboard Examples App (https://splunkbase.splunk.com/app/1603) you can find an example (using CSS and JavaScript) to change the width of your panels. Ciao. Giuseppe