All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

All Posts

Re: Use box plot at splunk not install app from file

by SplunkTrust in Dashboards & Visualizations
‎12-19-2023 01:35 AM
1 Karma
‎12-19-2023 01:35 AM
1 Karma
Hi @Questioner, you can install this app in your Search Heads eventually in no visible mode. One additional inforation: tis app lista the apps in Splunkbase, it doesn't give you a viz? what's your... See more...
Hi @Questioner, you can install this app in your Search Heads eventually in no visible mode. One additional inforation: tis app lista the apps in Splunkbase, it doesn't give you a viz? what's your requirement? Anyway, if you want tooltips, you could copy the following files: tooltip.js,tabs.js, custom_table_icons_inline.js tooltip.css, alt.css,tabs.css; from the appserver/static folder of this app in your app's appserver/static folder and add this line as the first line of your dashboard: <form script="tooltip.js,tabs.js,custom_table_icons_inline.js" stylesheet="tooltip.css,alt.css,tabs.css" version="1.1"> So you can use these js and css without installin this app. Ciao. Giuseppe

Re: Use box plot at splunk not install app from file

by in Dashboards & Visualizations
‎12-19-2023 01:26 AM
‎12-19-2023 01:26 AM
Hi @gcusello  Maybe..Yes! I want to use "<viz>" in my code, but I don't know install this in my environment.   Thanks regards

Re: How do I enable mouse hover feature in Dashboard Studio?

by in Dashboards & Visualizations
‎12-19-2023 01:21 AM
‎12-19-2023 01:21 AM
Btw, I have created the same search but in classic dashboard. It shows the results with this warning. "These results may be truncated. Your search generated too much data for the current visualizati... See more...
Btw, I have created the same search but in classic dashboard. It shows the results with this warning. "These results may be truncated. Your search generated too much data for the current visualization configuration. " and it is indeed truncating the number of results. I have been trying to change the default setting of the "charting.chart.resultTruncationLimit" and "charting.data.count" property (added them in the search query) but it does not increase the number of data. Is there anyway to make it show all the data in the classic dashboard?  https://docs.splunk.com/Documentation/Splunk/9.0.4/Viz/ChartDisplayissues?ref=hk#Search_result_truncation   <option name="charting.chart.stackMode">stacked</option> <option name="charting.chart.resultTruncationLimit">500000</option> <option name="charting.data.count">100000</option> <option name="charting.drilldown">none</option>    

Re: Use box plot at splunk not install app from file

by SplunkTrust in Dashboards & Visualizations
‎12-19-2023 01:11 AM
‎12-19-2023 01:11 AM
Hi @Questioner, is it a problem to install this app in your environment? you could also install it in no visible way. Ciao. Giuseppe

Re: statuscode error

by SplunkTrust in Dashboards & Visualizations
‎12-19-2023 01:08 AM
1 Karma
‎12-19-2023 01:08 AM
1 Karma
Ok, I don't understand why you want to do this, anyway, please try this: index="1**" source="2***" | rex "(?ms)statusCode: (?<statusCode>\d+)" | stats count by statusCode | append [ search inde... See more...
Ok, I don't understand why you want to do this, anyway, please try this: index="1**" source="2***" | rex "(?ms)statusCode: (?<statusCode>\d+)" | stats count by statusCode | append [ search index="1**" source="2**" "republish event" | stats dc(event.body) AS totalrequest | eval statusCode="totalrequest" | fields statusCode totalrequest ] beware that statusCode muste be the same in rex and stats! Ciao. Giuseppe

Re: How do I enable mouse hover feature in Dashboard Studio?

by SplunkTrust in Dashboards & Visualizations
‎12-19-2023 01:07 AM
‎12-19-2023 01:07 AM
Yes, it doesn't work in edit mode (which is not surprising!)

Re: How do I enable mouse hover feature in Dashboard Studio?

by in Dashboards & Visualizations
‎12-19-2023 12:54 AM
‎12-19-2023 12:54 AM
I just got the reason why it did not show mouse hover.  The "View" option makes it work but I had been viewing it in the edit view. Very confusing!  

Re: How do I enable mouse hover feature in Dashboard Studio?

by in Dashboards & Visualizations
‎12-19-2023 12:46 AM
‎12-19-2023 12:46 AM
Ohh I know it is weird but it did not show for the whole time until just now I tried to mouse hover again and it came out. I guess it is because of a long delay in display? Thank you by the way.

Re: How do I enable mouse hover feature in Dashboard Studio?

by in Dashboards & Visualizations
‎12-19-2023 12:43 AM
‎12-19-2023 12:43 AM
Splunk Enterprise 9.0.4 It does not show when I mouse hover 

Upgrade Readiness App

by in Splunk Enterprise
‎12-19-2023 12:28 AM
‎12-19-2023 12:28 AM
Hi, this app is reporting one of my private apps is not compatible with Python 3. Issue:  File path designates Python 2 library. App:TA-LoRaWAN_decoders File Path:.../bin/br_uncompress.py Issue ... See more...
Hi, this app is reporting one of my private apps is not compatible with Python 3. Issue:  File path designates Python 2 library. App:TA-LoRaWAN_decoders File Path:.../bin/br_uncompress.py Issue No. Issues 1. Error while checking the script: Can't parse /opt/splunk/etc/apps/TA-LoRaWAN_decoders/bin/br_uncompress.py: ParseError: bad input: type=1, value='print', context=(' ', (24, 8))   Any suggestions as to what the issue is?
Labels

Re: Why value 0 always align left?

by SplunkTrust in Dashboards & Visualizations
‎12-19-2023 12:28 AM
‎12-19-2023 12:28 AM
By default, strings are aligned left and numerics are aligned right - for some reason your 0 is a string. Please check your search, or post it with some sample data so we can investigate further.

Re: Universal Forwarder does not download app

by in All Apps and Add-ons
‎12-19-2023 12:25 AM
‎12-19-2023 12:25 AM
Hi @gcusello , thanks for your help, fast and detailed as usual. You are right: the Deployment server is well configured, also because it is not a "new" one but a prod host that, before windows clie... See more...
Hi @gcusello , thanks for your help, fast and detailed as usual. You are right: the Deployment server is well configured, also because it is not a "new" one but a prod host that, before windows clients I mentioned in post opening, has been used to manage other hosts. And yes: when I checked connection between UF and DS and I found that everything is ok, I checked on DS port 8089. I'm going to follow your suggestion and update once performed. Luca

Re: Adding a tooltip/hover in Dashboard Studio

by SplunkTrust in Dashboards & Visualizations
‎12-19-2023 12:24 AM
‎12-19-2023 12:24 AM
Which version of Splunk are you using?

Re: How do I enable mouse hover feature in Dashboard Studio?

by SplunkTrust in Dashboards & Visualizations
‎12-19-2023 12:23 AM
1 Karma
‎12-19-2023 12:23 AM
1 Karma
It already has mouse hover, at least in the version I am using. Which version of Splunk are you using?

Re: statuscode error

by in Dashboards & Visualizations
‎12-19-2023 12:11 AM
‎12-19-2023 12:11 AM
index="1**" source="2***" | rex "(?ms)statusCode: (?<status_code>\d+)" | stats count by statusCode | appendcols [ search index="1**" source="2**" "republish event" | stats dc(event.body) AS t... See more...
index="1**" source="2***" | rex "(?ms)statusCode: (?<status_code>\d+)" | stats count by statusCode | appendcols [ search index="1**" source="2**" "republish event" | stats dc(event.body) AS totalrequest ] Hi @gcusello With the above query i get only statuscode count either 200 or 400....but the append search totalrequest  is not mapped to a color

Re: Use box plot at splunk not install app from file

by in Dashboards & Visualizations
‎12-18-2023 11:59 PM
‎12-18-2023 11:59 PM
Hi @gcusello  Yes! That's what I was curious about.  I use this app -> Analysis Of SplunkBase Apps for Splunk | Splunkbase Then Would you like to let me know how can i install the <viz> in my app?... See more...
Hi @gcusello  Yes! That's what I was curious about.  I use this app -> Analysis Of SplunkBase Apps for Splunk | Splunkbase Then Would you like to let me know how can i install the <viz> in my app? When I try to use <viz> in my Splunk app, It shows the error, "Could not add a custom visulization as "display.visualization.custom.type" is missing in ui-prefs.conf.  

Re: How to avoid indexing duplicates?

by SplunkTrust in Getting Data In
‎12-18-2023 11:38 PM
1 Karma
‎12-18-2023 11:38 PM
1 Karma
Hi @subasm, if there isn't a rotation, the data are duplicatd at the origin, anyway, if you don't use crcSalt option you have sure to avoid duplicates because Splunk uses its archive (_fishbuckets) ... See more...
Hi @subasm, if there isn't a rotation, the data are duplicatd at the origin, anyway, if you don't use crcSalt option you have sure to avoid duplicates because Splunk uses its archive (_fishbuckets) to store the already ingested data. Ciao. Giuseppe

Re: Universal Forwarder does not download app

by SplunkTrust in All Apps and Add-ons
‎12-18-2023 11:36 PM
1 Karma
‎12-18-2023 11:36 PM
1 Karma
Hi @SplunkExplorer, I suppose that you followed all the steps of Deployment Server configuration, anyway the issue usually are related to: the insertion of the new UF un a ServerClass containing t... See more...
Hi @SplunkExplorer, I suppose that you followed all the steps of Deployment Server configuration, anyway the issue usually are related to: the insertion of the new UF un a ServerClass containing the apps to deploy, the rights on the app. I suppose that you already checked the connection between the UF and the DS on the 8089 port. In addition I usually follow tis approach: I create an add on containing only deploymentclient.conf addressing the DS, then I create a ServerClass where all the UF are present (* in whitelist), with associated the above add on, I check the connection on port 8089, then I manually copy the add on on the UF, so the UF can connect to the DS. Ciao. Guseppe

How to integrate Salesforce Marketing Cloud with Splunk

by in Splunk Enterprise
‎12-18-2023 11:35 PM
‎12-18-2023 11:35 PM
As a Splunk SME, I'm tasked to set up the ingestion of Salesforce Marketing Cloud transactional messages into Splunk. We're currently trying to utilize HTTP event collector (HEC) for this but we coul... See more...
As a Splunk SME, I'm tasked to set up the ingestion of Salesforce Marketing Cloud transactional messages into Splunk. We're currently trying to utilize HTTP event collector (HEC) for this but we couldn't get it to work because it's giving us this error: The Marketing Cloud developer I'm working with told me that in order to resolve the above error, we need to figure out how to "verify callbacks" from our end (Splunk) https://developer.salesforce.com/docs/marketing/marketing-cloud/guide/verifyCallback.html I need to know if there's a way to achieve that through HEC or if we need to take an entirely different approach to get the Marketing Cloud events to Splunk.
Labels

splunkforwarder 9.1.2 crashes on FreeBSD 14.0

by in Installation
‎12-18-2023 11:33 PM
1 Karma
‎12-18-2023 11:33 PM
1 Karma
Hello, I’ve upgraded my FreeBSD server from 13.2-RELEASE to 14.0-RELEASE. Now, Splunk forwarder crashes when I try to start it. I made a clean install of the latest Splunk forwarder: same result. ... See more...
Hello, I’ve upgraded my FreeBSD server from 13.2-RELEASE to 14.0-RELEASE. Now, Splunk forwarder crashes when I try to start it. I made a clean install of the latest Splunk forwarder: same result. Any hint appreciated.     pid 8593 (splunkd), jid 0, uid 0: exited on signal 11 (no core dump - too large) pid 8605 (splunkd), jid 0, uid 0: exited on signal 11 (no core dump - too large)     edit: last lines of ktrace output 11099 splunkd NAMI "/opt/splunkforwarder/etc/system/default/authentication.conf" 11099 splunkd RET open 3 11099 splunkd CALL fstat(0x3,0x82352cf30) 11099 splunkd STRU struct stat {dev=10246920463185163261, ino=219, mode=0100600, nlink=1, uid=1009, gid=1009, rdev=18446744073709551615, atime=0, mtime=1699928544, ctime=1702914937.560528000, birthtime=1699928544, size=1301, blksize=4096, blocks=9, flags=0x800 } 11099 splunkd RET fstat 0 11099 splunkd CALL read(0x3,0x35c8bc0,0x1000) 11099 splunkd GIO fd 3 read 1301 bytes "# Version 9.1.2 # DO NOT EDIT THIS FILE! # Changes to default files will be lost on update and are difficult to …/… enablePasswordHistory = false passwordHistoryCount = 24 constantLoginTime = 0 verboseLoginFailMsg = true " 11099 splunkd RET read 1301/0x515 11099 splunkd CALL read(0x3,0x35c8bc0,0x1000) 11099 splunkd GIO fd 3 read 0 bytes "" 11099 splunkd RET read 0 11099 splunkd CALL close(0x3) 11099 splunkd RET close 0 11099 splunkd PSIG SIGSEGV SIG_DFL code=SEGV_MAPERR 11084 splunk RET wait4 11099/0x2b5b 11084 splunk CALL write(0x2,0x820c56800,0x2a) 11084 splunk GIO fd 2 wrote 42 bytes "ERROR: pid 11099 terminated with signal 11" 11084 splunk RET write 42/0x2a 11084 splunk CALL write(0x2,0x825106cf7,0x1) 11084 splunk GIO fd 2 wrote 1 byte " " 11084 splunk RET write 1 11084 splunk CALL exit(0x8)
Labels