All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

I think you are looking for a stepped line graph? You could do something like this (I changed the second instance of 6/11 to 7/11 to show the changes separately, I also added another 12/11 to show t... See more...
I think you are looking for a stepped line graph? You could do something like this (I changed the second instance of 6/11 to 7/11 to show the changes separately, I also added another 12/11 to show the impact of having two values for the same date where one is negative and the other positive.) | makeresults format=csv data="date,change 25/10/2023,6000 31/10/2023,0 6/11/2023,2500 7/11/2023,500 12/11/2023,-7800 12/11/2023,800 16/11/2023,500" | eval _time=strptime(date,"%d/%m/%Y") | streamstats sum(change) as total | autoregress total | eval row=mvrange(0,2) | mvexpand row | eval total=if(row=0,total_p1,total) | table _time total Note that this chart only works well with _time for the x-axis, other scales not so well.  
hello , I am Masterschool student and trying to install Splunk on my VM and it doesn t work, anyone can help thank you
Hello, I have the same problem. Anyone can help?
Please check the aws s3 logs in the splunk end it may be due to permission issue from aws end. Once you go through the logs you will get clear visibility.  the logs will be under /opt/splunk/var/log/... See more...
Please check the aws s3 logs in the splunk end it may be due to permission issue from aws end. Once you go through the logs you will get clear visibility.  the logs will be under /opt/splunk/var/log/splunk and serach for aws.
i am using splunk fully on prem - no cloud option as per documentation TA to be installed on UF, you can refer to below link https://community.splunk.com/t5/Security/Universal-Forwarder-Technology-... See more...
i am using splunk fully on prem - no cloud option as per documentation TA to be installed on UF, you can refer to below link https://community.splunk.com/t5/Security/Universal-Forwarder-Technology-Add-On/m-p/669359#M17403 As i understood, TA to be installed on Indexers (already done) and on UF   Thanks
There is no good way to do this.  All you can do is to work around with array, like { "visualizations": { "viz_OQMhku6K": { "type": "splunk.ellipse", "_comment": [ ... See more...
There is no good way to do this.  All you can do is to work around with array, like { "visualizations": { "viz_OQMhku6K": { "type": "splunk.ellipse", "_comment": [ "==================================", "This is created by Person1 on 1/1/2023 @companyb", "On 2/1/2023 - added base search", "On 2/5/203 - added dropdown box" ] } },
@gcusello Yes, I did reduce upto 20 kb but still the image is not loading.
How to capture >59+ age users accessing their accounts on daily basis in appdynamics? can this be done using information point or do we have any other method to calculate and get the data?
Hi @Splunkerninja , did y0u tried with a smaller size? Ciao. Giuseppe
@gcusello Yes the URL is referring to the image and it is of 76kb in png format.Still facing the issue
I have installed a free version of Splunk Enterprise 9.1 in my local system. I would need few logs files from my S3 bucket to be sent to Splunk. I have setup up the Splunk Add-on for AWS. In the app... See more...
I have installed a free version of Splunk Enterprise 9.1 in my local system. I would need few logs files from my S3 bucket to be sent to Splunk. I have setup up the Splunk Add-on for AWS. In the app, under configuration, created an account with access ID and secret access key. Then created an input by specifying the account name, bucket name and indexing details. After creating the input, when I search my index and sourcetype, I could not find the logs from S3. I have waited for more than half an hour, then tried again but no luck. As this is the first time I am trying the setup with AWS add-on, I am not sure whether the issue is happening. Could anyone please help me on this?
Hi @anooshac , you can use in the first multivalue the following search: | makeresults | eval group="a" | append [| makeresults | eval group="b"] | append [| makeresults | eval group="c", subgroup=... See more...
Hi @anooshac , you can use in the first multivalue the following search: | makeresults | eval group="a" | append [| makeresults | eval group="b"] | append [| makeresults | eval group="c", subgroup="x"] | append [| makeresults | eval group="c", subgroup="y"] | dedup group | sort group | table group and in the second multivalue the following search: | makeresults | eval group="a" | append [| makeresults | eval group="b"] | append [| makeresults | eval group="c", subgroup="x"] | append [| makeresults | eval group="c", subgroup="y"] | table group subgroup | search group=$group$ | eval value=group.if(isnotnull(subgroup),"_".subgroup,"") then you can use the second value in your panels. Obviously thgis is a sample to adapt to your search. Ciao. Giuseppe  
Hi Yuanlui, I dont think the devs will change the code!!! Thank you, option one seems to do the trick. Its taken me a bit of time to work through the answer to try and understand it and i am s... See more...
Hi Yuanlui, I dont think the devs will change the code!!! Thank you, option one seems to do the trick. Its taken me a bit of time to work through the answer to try and understand it and i am still struggling with the sed magic, but will persevere. thank you again.
Thanks for the reply @PickleRick  It sounds rather complicated with my minimal knowledge, but i will give it a shot. 
Hi @Splunkerninja , check if the url is effectively referred to an image and if it has a compatible format for an image (png or jpg) or if you're using a too large size. In this last case, please t... See more...
Hi @Splunkerninja , check if the url is effectively referred to an image and if it has a compatible format for an image (png or jpg) or if you're using a too large size. In this last case, please try a smaller size. Ciao. Giuseppe
Hi @AL3Z .. Please check this Splunk Advisory: https://advisory.splunk.com/advisories/SVD-2023-1104 the Splunk Cloud affected version is - Versions below 9.1.2308 The Splunk Cloud fix version is ... See more...
Hi @AL3Z .. Please check this Splunk Advisory: https://advisory.splunk.com/advisories/SVD-2023-1104 the Splunk Cloud affected version is - Versions below 9.1.2308 The Splunk Cloud fix version is --------- 9.1.2308   So you should ask the Splunk Cloud Support and ask them to upgrade your Splunk Cloud to the fix version 9.1.2308, thanks. 
Could you please share more insights about the bug like id or official statement? Did it get resolved in newer release? was asking because i didn't find any relevant info in 'fixed issues' section of... See more...
Could you please share more insights about the bug like id or official statement? Did it get resolved in newer release? was asking because i didn't find any relevant info in 'fixed issues' section of the release notes.. 
Hi, We have been informed about a high-severity vulnerability (CVE-2023-46214) impacting Splunk Enterprise (RCE in Splunk Enterprise through Insecure XML Parsing)  as we are on Splunk Cloud Version:... See more...
Hi, We have been informed about a high-severity vulnerability (CVE-2023-46214) impacting Splunk Enterprise (RCE in Splunk Enterprise through Insecure XML Parsing)  as we are on Splunk Cloud Version:9.0.2303.201. Thanks..
Suppose that is raw data, and suppose the table in your original post is desired result - illustrate again if that's not the case, can you describe the logic to obtain that table from this table?  Al... See more...
Suppose that is raw data, and suppose the table in your original post is desired result - illustrate again if that's not the case, can you describe the logic to obtain that table from this table?  Also, can you post the output of the chart command that I proposed (replacing "month" with "date month" if that's the correct field name), and tell us why that output is not desired?  Post both the actual search and actual results in text (anonymize as needed).
@gcusello Yes, It is reaching