Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
All Posts
Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- All Posts
All Posts
02-08-2024
12:42 AM
Hi Ryan, I have followed the documentation- but none of predefined templates could pull out the required data from synthetic events- Property Value event.correlationId event.errorCode event.erro...
See more...
Hi Ryan, I have followed the documentation- but none of predefined templates could pull out the required data from synthetic events- Property Value event.correlationId event.errorCode event.errorDesc event.id event.measurementId event.name event.scheduleId event.scriptExitCode event.sessionStatus These are properties which will be present in event details tab- Can you help me route to the right pre defined variable which can fetch these details . Thank you, Jahnavi
02-08-2024
12:25 AM
@yuanliu , My goal is to identify status enabled correlation searches that have triggered notables within the past 30 days.
02-08-2024
12:22 AM
Hi @Polarbear, Please see here on how to troubleshoot further: Re: Install issue on Server 2016 - Splunk Community. Cheers, - Jo.
02-08-2024
12:22 AM
It there any best way to find if an index used in any of the saved searches, alerts, reports and dashboard
Labels
- Labels:
-
table
02-07-2024
11:26 PM
Hi @leobsksd , good for you, see next time! Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated
02-07-2024
11:16 PM
Hi @manas, good for you, see next time! Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated
02-07-2024
11:09 PM
1 Karma
I see that you are new here. But this is a Splunk forum. Very few people will know what Cisco firewall events entail. In fact, Cisco firewall can also have multiple forms. @ITWhisperer is asking ...
See more...
I see that you are new here. But this is a Splunk forum. Very few people will know what Cisco firewall events entail. In fact, Cisco firewall can also have multiple forms. @ITWhisperer is asking you to post sample (anonymized) or mock data. You can use raw events, or field tables. You should also illustrate desired results. Additionally, explain very clearly which part of the data will lead to your desired result and how. In short, you need to explain how to get your desired results WITHOUT Splunk.
02-07-2024
11:00 PM
What do you mean by "total count"? There is only one total in my vocabulary. That's the opposite of the mockup chart in your original post that shows multiple bars at each depicted time point. If ...
See more...
What do you mean by "total count"? There is only one total in my vocabulary. That's the opposite of the mockup chart in your original post that shows multiple bars at each depicted time point. If you don't need to break down, all you need is | timechart count
02-07-2024
10:45 PM
Hi all, I am experiencing an issue with the Splunk WinHostInfo input. It is not working after being deployed to the universal forwarder, whereas the other logs from the same device are successfully ...
See more...
Hi all, I am experiencing an issue with the Splunk WinHostInfo input. It is not working after being deployed to the universal forwarder, whereas the other logs from the same device are successfully received. Does anyone have any idea or suggestions on how to resolve this?
- Tags:
- splunk_ta_windows
02-07-2024
10:23 PM
Hello, I'm pretty new with splunk and downloaded a couple of apps to get some dashboards going, including Security Essentials. I installed the app through splunk web and then opened the app after a r...
See more...
Hello, I'm pretty new with splunk and downloaded a couple of apps to get some dashboards going, including Security Essentials. I installed the app through splunk web and then opened the app after a restart and for many of the pages in SSE, a bunch of javascript errors are thrown. They all say "A custom JavaScript error caused an issue loading your dashboard. See the developer console for more details." Here are the error logs from the console. Not sure how to proceed.
Labels
- Labels:
-
configuration
-
troubleshooting
02-07-2024
10:03 PM
I'm dealing with Cisco firewall events.
02-07-2024
09:51 PM
It is supposed to be a bar chart y axis denotes the login count and x- axis represents the time period selection we do in our search.... Those bars are representation of total count values of xxx,yyy...
See more...
It is supposed to be a bar chart y axis denotes the login count and x- axis represents the time period selection we do in our search.... Those bars are representation of total count values of xxx,yyyy,aaa,bbb
02-07-2024
09:24 PM
You mean something like this? | timechart count by "Login mode"
02-07-2024
09:14 PM
Iam trying to align values on X-axis in this order : ">3 days" ">5 days" ">15 days" ">30 days" ">100 days" I have tried table command but its not giving me the expected output. query: |inputlook...
See more...
Iam trying to align values on X-axis in this order : ">3 days" ">5 days" ">15 days" ">30 days" ">100 days" I have tried table command but its not giving me the expected output. query: |inputlookup acn_ticket_unresolved_dessertholdings_kv | eval age=((now() - epoc_time_submitted)/86400),total_age=round(age,2) |rangemap field=total_age ">3 days"=0-3.00 ">5 days"=3.01-15.00 ">15 days"=15.01-30.00 ">30 days"=30.01-100.00 ">100 days"=100.01-1000.00 | chart count as count1 over range by priority | rename priority as Priority
02-07-2024
09:07 PM
I have a search query statistical result values in the below format Login mode Total login xxx 48 Yyyy 23 aaa 52 bbbb 73 Now I need to display a bar ch...
See more...
I have a search query statistical result values in the below format Login mode Total login xxx 48 Yyyy 23 aaa 52 bbbb 73 Now I need to display a bar chart which shows the login in respective of the login mode and the time selection in the query for example:
Labels
- Labels:
-
chart
02-07-2024
09:04 PM
1 Karma
Alternatively, if ServiceNow accepts literal newline, you can just insert newline | eval summary = replace(summary, " from ", " from
")
02-07-2024
09:02 PM
Hello, How to align single value text to left in Dashboard Classic? I tried to use text-align and float, but it didn't work. Please suggest Thank you <panel id="DisplayPanel"> <single...
See more...
Hello, How to align single value text to left in Dashboard Classic? I tried to use text-align and float, but it didn't work. Please suggest Thank you <panel id="DisplayPanel"> <single id="datestyle"> <search> <query>| makeresults | addinfo | eval text = "How to align this text to left?" | table text </query> </search> </single> </panel> <panel depends="$alwaysHideCSS$"> <title>Single value</title> <html> <style> #DisplayPanel { width: 100% !important; font-size: 16px !important; text-align: left !important; float: left; } </style> </html> </panel>
Labels
- Labels:
-
Classic dashboard
02-07-2024
08:56 PM
Yes, eventstats can be expensive and possibly slower than join. You can try switch the eventstats for fields in index _network instead. I don't understand why all in a sudden you are handling host ...
See more...
Yes, eventstats can be expensive and possibly slower than join. You can try switch the eventstats for fields in index _network instead. I don't understand why all in a sudden you are handling host instead of snat. I will assume that you still want to match snat but with host in lookupfile representing the host portion like 10.10.10.10. Is this correct? You also lost matching _time (bucketed to 5m). If all you want to match is the host portion of snat, i.e., if the lookup contains no _time info, you can have this very efficient search index=_network
[ inputlookup lookupfile ``` assuming this only contains 10.10.10.10, 20.20.20.20 ```
| dedup host ``` you SHOULD produce a lookup file that contains no dup ```
| rename host AS snat
| eval snat = snat . ":*" ``` the lookup file SHOULD use field name snat and contains asterisk without external work ```]
| bucket span=1m _time
| rex field=client "^(?<client_ip>.*?)\:(?<client_port>.*)"
| stats count by _time snat client_ip However, if you still want to match _time and put bucketed _time column in lookupfile, the search will necessarily be more complex. You will have to explain data (both in index and in lookupfile) and exactly what desired output looks like, and describe the exact logic connecting the dataset and desired output.
02-07-2024
08:39 PM
First thing to check is of course btool splunk btool inputs list --debug for the respective inputs. If it shows renderXml set to false, for those inputs, then some other setting is overriding the ...
See more...
First thing to check is of course btool splunk btool inputs list --debug for the respective inputs. If it shows renderXml set to false, for those inputs, then some other setting is overriding the setting you are trying to apply. Adding the --debug flag lets you know which file provides the winning setting, so you can figure out where it is coming from.
02-07-2024
07:45 PM
Hi frends I have logs like _time=time latitude=1 longitude=-1 other fields ... _time=time latitude=1 longitude=-2 other fields ... Etc The objective is to translate the latitude and longitude...
See more...
Hi frends I have logs like _time=time latitude=1 longitude=-1 other fields ... _time=time latitude=1 longitude=-2 other fields ... Etc The objective is to translate the latitude and longitude values to their associated countries and then apply filters on these values but I only have these values. Hope can help me. Regards
