Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
All Posts
Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- All Posts
All Posts
11-29-2023
06:58 AM
hi @Mohamad_Alaa , good for you, see next time! Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated
11-29-2023
06:57 AM
hi @Mohamad_Alaa , good for you, see next time! Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated
11-29-2023
06:57 AM
Hello, I am managing Splunk roles. I want to adjust capabilities to roles, but unfortunately for few of them I did not find what exactly they do. Searching did not give me results or the results we...
See more...
Hello, I am managing Splunk roles. I want to adjust capabilities to roles, but unfortunately for few of them I did not find what exactly they do. Searching did not give me results or the results were not satisfying. If you have some extract with all capabilities and their description, please advise me what exactly following capabilities do (screenshot attached)
- Tags:
- capabilities
- role
Labels
- Labels:
-
permissions
11-29-2023
06:56 AM
can anyone please tell me the scenario based interview questions for splunk admin role ?
11-29-2023
06:52 AM
@tscroggins @rasad4468 @richgalloway @PickleRick Can we use this method to blacklist like this blacklist3 = EventCode=%^4688$% Message=%SplunkUniversalForwarder% blacklist4 = EventCode=%^4688...
See more...
@tscroggins @rasad4468 @richgalloway @PickleRick Can we use this method to blacklist like this blacklist3 = EventCode=%^4688$% Message=%SplunkUniversalForwarder% blacklist4 = EventCode=%^4688$% Message=%Tanium%blacklist5 = EventCode=%^4688$% Message=%Rapid7% my raw events are showing like this after adding why ?
11-29-2023
06:13 AM
problem solved, i appreciate all your responses once i search in SH, i should use the parameter splunk_server=* in order to see results So obviously this was my issue as i should see results with...
See more...
problem solved, i appreciate all your responses once i search in SH, i should use the parameter splunk_server=* in order to see results So obviously this was my issue as i should see results without such paramter modified the below on SH, solved it C:\Program Files\Splunk\etc\system\local\distsearch.conf [distributedSearch:dmc_group_indexer] default = false
11-29-2023
06:12 AM
problem solved, i appreciate all your responses once i search in SH, i should use the parameter splunk_server=* in order to see results So obviously this was my issue as i should see results with...
See more...
problem solved, i appreciate all your responses once i search in SH, i should use the parameter splunk_server=* in order to see results So obviously this was my issue as i should see results without such paramter modified the below on SH, solved it C:\Program Files\Splunk\etc\system\local\distsearch.conf [distributedSearch:dmc_group_indexer] default = false
11-29-2023
05:46 AM
@tej57 Thanks but how can i include _time as well in the result since after mvcombine the _time data gets dropped
11-29-2023
05:45 AM
2 Karma
Hi @brat_1990 , if you have a Linux server, you could configure an rsyslog server that writes syslogs in files that you cn read using the UF. Otherwise you could install the SC4S app (that's a sysl...
See more...
Hi @brat_1990 , if you have a Linux server, you could configure an rsyslog server that writes syslogs in files that you cn read using the UF. Otherwise you could install the SC4S app (that's a syslog-ng server). Last choise to use an Heavy Forwarder. My hint is to use a rsyslog server ( I usually do this). Ciao. Giuseppe
11-29-2023
05:38 AM
1 Karma
Hi @mayurkale471757 , try to upload a sample of your file using the Add Data GUI feature that guides you in the sourcetype creation. Ciao. Giuseppe
11-29-2023
05:37 AM
I would contact Splunk Support.
11-29-2023
05:36 AM
hi @Mohamad_Alaa , check if you have filters compatible with the values you defined for the Notable. Ciao. Giuseppe
11-29-2023
05:34 AM
Hi @Mohamad_Alaa , as I said, you have to enable datamodels and accelerations. Ciao. Giuseppe
11-29-2023
05:33 AM
The numbers are not exact, from the DS Forwarder Management > 1275, dc(h) from metrics > 1287, and the total stats count from the final query > 1166 so its not accurate. I will need to create a loo...
See more...
The numbers are not exact, from the DS Forwarder Management > 1275, dc(h) from metrics > 1287, and the total stats count from the final query > 1166 so its not accurate. I will need to create a lookup of UFs. Thank you for your support.
Hi @_pravin , are you sure that these reports and alerts are shared at app level and they are in Search and Reporting App? try to delesect the app in the search dropdown filter setting All. Ciao. ...
See more...
Hi @_pravin , are you sure that these reports and alerts are shared at app level and they are in Search and Reporting App? try to delesect the app in the search dropdown filter setting All. Ciao. Giuseppe
11-29-2023
05:26 AM
1 Karma
I am working on adding some drop down to an existing dashboard studio. I have the queries working with no issues by referencing the drop down's but wrapping the Token Name in $$. What I am working ...
See more...
I am working on adding some drop down to an existing dashboard studio. I have the queries working with no issues by referencing the drop down's but wrapping the Token Name in $$. What I am working on now is I would like to update a Widgets Title with the Tokens Label as that is the 'human' readable data, not data to drive the queries. This works with showing the 'value' of the Tokens selection $tok_aToken$ but how do I show the tokens label? I have tried: $tok_aToken_label$, $tok_aToken.label$ and have been searching for hours and have been unable to find a solution ?
Labels
- Labels:
-
dashboard
-
Dashboard Studio
-
token
11-29-2023
05:22 AM
Hi, I have 3 values and i want to display it in a single value panel like the below image which is from Tableau,I want to replicate the same in Splunk. Can it be done? If not can we represent 2 valu...
See more...
Hi, I have 3 values and i want to display it in a single value panel like the below image which is from Tableau,I want to replicate the same in Splunk. Can it be done? If not can we represent 2 values (GPA and website) in a single value and Grade in legend? Else please suggest what other representation can i go with which displays 3 values
Labels
11-29-2023
05:16 AM
Try something like this index=_internal (host=`sim_indexer_url` OR host=`sim_si_url`) sourcetype=splunkd group=per_Index_thruput series!=_* (earliest=@d latest=now) OR (earliest=-60d@d latest=-59d@d...
See more...
Try something like this index=_internal (host=`sim_indexer_url` OR host=`sim_si_url`) sourcetype=splunkd group=per_Index_thruput series!=_* (earliest=@d latest=now) OR (earliest=-60d@d latest=-59d@d)
| timechart minspan=30s per_second(kb) as kb by series
11-29-2023
05:10 AM
I used the query index="botsv2" Amber. I found a capture_hostname: matar Which e-mail seems to be linked to "matar"? And who sends the person attach to the "feed" email to? This...
See more...
I used the query index="botsv2" Amber. I found a capture_hostname: matar Which e-mail seems to be linked to "matar"? And who sends the person attach to the "feed" email to? This is from https://github.com/splunk/botsv2
Labels
- Labels:
-
splunk-assist
11-29-2023
04:49 AM
I have a single values panel with a distinct count, and I've specified a function for drill down. When clicking on a value like '25,' the table is displaying all values instead of the exact ones. Any...
See more...
I have a single values panel with a distinct count, and I've specified a function for drill down. When clicking on a value like '25,' the table is displaying all values instead of the exact ones. Any guidance on refining the drill down for precise results @gcusello
