Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
All Posts
Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- All Posts
All Posts
02-12-2024
09:13 AM
regex101.com is a good site for testing regex
02-12-2024
09:04 AM
How to extract alphanumeric and numeric values from aline, both are dynamic values <Alphanumeric>_ETC_RFG: play this message: announcement/<numeric>
Labels
- Labels:
-
rex
02-12-2024
09:01 AM
I created an alert from the search below, and it emails a pdf - is there a way to add the most recent event from each of the hosts in this search and add it to the email? metadata type=hosts | wh...
See more...
I created an alert from the search below, and it emails a pdf - is there a way to add the most recent event from each of the hosts in this search and add it to the email? metadata type=hosts | where recentTime < now() - 10800| eval lastSeen = strftime(recentTime, "%F %T") | fields + host lastSeen
Labels
- Labels:
-
host
02-12-2024
09:00 AM
SC4S was running in a docker container through Podman. Mystery solved! Splunk Setup - Splunk Connect for Syslog
02-12-2024
08:20 AM
1 Karma
IANAL, but the word "can" conveys ability rather than requirement. IOW, you have the option to convert to a perpetual free license, but it is not mandatory. When you download Splunk, it will includ...
See more...
IANAL, but the word "can" conveys ability rather than requirement. IOW, you have the option to convert to a perpetual free license, but it is not mandatory. When you download Splunk, it will include the full license agreement, which by my reading, has no restrictions on production use (provided "production" does not include reselling or other prohibited use as listed in the license). I should also mention that the free license does not permit access to Splunk Support. Also, after the trial period the free license allows for standalone instances only - no separate search heads and indexers, for instance.
02-12-2024
08:20 AM
1 Karma
Hi @LearningGuy folllwing XML worked for me
<dashboard version="1.1" theme="light">
<label>Test</label>
<row>
<panel id="DisplayPanel">
<single id="datestyle">
<search>
<query>| makeresults...
See more...
Hi @LearningGuy folllwing XML worked for me
<dashboard version="1.1" theme="light">
<label>Test</label>
<row>
<panel id="DisplayPanel">
<single id="datestyle">
<search>
<query>| makeresults
| addinfo
| eval text = "How to align this text to left?"
| table text
</query>
</search>
<option name="rangeColors">["0x53a051","0x0877a6","0xf8be34","0xf1813f","0xdc4e41"]</option>
</single>
</panel>
<panel depends="$alwaysHideCSS$">
<title>Single value</title>
<html>
<style>
#DisplayPanel
{
width: 40% !important;
font-size: 16px !important;
text-align: left !important;
float: left;
}
</style>
</html>
</panel>
</row>
</dashboard>
02-12-2024
08:09 AM
1 Karma
If by "last" you mean most recent, then use head 1 to see the entry.
02-12-2024
08:02 AM
How many inputs have you configured on the add-on?
02-12-2024
07:57 AM
The message still logged is : "Unexpected event id"
02-12-2024
07:56 AM
Hi @scelikok thanks for reply, my feedback below: / I tried to restart services no change. / if I run Upgrade readiness scan for jQuery scan its ok..but for Python scan 2 public apps failing one...
See more...
Hi @scelikok thanks for reply, my feedback below: / I tried to restart services no change. / if I run Upgrade readiness scan for jQuery scan its ok..but for Python scan 2 public apps failing one of them DB connect app. Thanks in advance.
02-12-2024
07:56 AM
Hello I would like a search to show the last entry of host="1.1.1.1", and show the full entry. Thank you
02-12-2024
07:52 AM
Hello, I'm trying to get a solid answer on what Splunk's laws are regarding using the Splunk Enterprise free license (0.50 GB/day) on a production system in a for-profit company. Is this allowed or...
See more...
Hello, I'm trying to get a solid answer on what Splunk's laws are regarding using the Splunk Enterprise free license (0.50 GB/day) on a production system in a for-profit company. Is this allowed or are we required to buy the 1GB minimum license? From the Splunk Enterprise download site: https://www.splunk.com/en_us/download/splunk-enterprise.html, it clearly states that "After 60 days you can convert to a perpetual free license...", so if my ingestion is below the 500MB/day limit, but the license in on a production system, is this legal or would I have to buy a 1GB license? Note, I haven't actually deployed Splunk Enterprise on a production system, I'm gathering all the facts before I make the move to production. Thanks.
02-12-2024
07:51 AM
i'm configuring a classic dashboard in the new dashboard studio and exported a classic dashboard with a drill down search, but unable to find how to configure a search in the dashboard studio. the...
See more...
i'm configuring a classic dashboard in the new dashboard studio and exported a classic dashboard with a drill down search, but unable to find how to configure a search in the dashboard studio. the classic dashboard includes source value that is configured to run a search. In dashboard studio I'm not finding the 'link to search' option. I need to click on the source value and open a new window with the new search of the source value. this is the screen I see in drilldown on dashboard studio -- where do I go next to run a search?
Labels
- Labels:
-
drilldown
02-12-2024
07:41 AM
Hi @Stives, This happens when Java is not installed or the Java path is not correctly configured. Did you try restarting Splunk's service? Sometimes it helps. Or maybe there is a change on your ...
See more...
Hi @Stives, This happens when Java is not installed or the Java path is not correctly configured. Did you try restarting Splunk's service? Sometimes it helps. Or maybe there is a change on your Java installation because of an OS update, etc.
02-12-2024
07:34 AM
Unfortunately, I didn't get NetFlow using Stream before. I cannot think anything else.
02-12-2024
07:26 AM
Hello, In the production, i had the opening bracket { in place, but I missed putting the opening bracket in this post. The width is 100% So, by changing width and put the { didn't align the text ...
See more...
Hello, In the production, i had the opening bracket { in place, but I missed putting the opening bracket in this post. The width is 100% So, by changing width and put the { didn't align the text to the left. Did you get it to work on your end? Thanks
02-12-2024
07:13 AM
It's not a plug-n-play answer. Use it as a guide for building your dashboard. The <input> section shows parts that should be in your <input> section and the <panel> section shows how to make the pa...
See more...
It's not a plug-n-play answer. Use it as a guide for building your dashboard. The <input> section shows parts that should be in your <input> section and the <panel> section shows how to make the panel show or hide based on a token.
02-12-2024
07:04 AM
where should I put this in my query as my query starts with-
<row>
<panel>
<title></title>
<single><search>
<query></query>
<earliest>
<latest>
<sampleRatio>1</sampleratio>
</search>
02-12-2024
06:39 AM
Hi @bowesmana, So I actually need it do be limited a certain number per distinct name/ip/id combinations, because there are some combinations have rarer matching events compared to others and I did ...
See more...
Hi @bowesmana, So I actually need it do be limited a certain number per distinct name/ip/id combinations, because there are some combinations have rarer matching events compared to others and I did not want to search through millions of events for one combo before getting any hits on another, Thank you!
02-12-2024
06:32 AM
I am really hoping to get some answers!
