All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Share the panel that is referencing the TimeRange with the error.
You need to see if the source exposes any sort of API to provide the information you need.  Or you can script a curl statement to see if the initial HTTP response code is in the 400's but that's far ... See more...
You need to see if the source exposes any sort of API to provide the information you need.  Or you can script a curl statement to see if the initial HTTP response code is in the 400's but that's far more prone to complications if you take into account any of the numerous things the domain owners can do with their service.
hello @dural_yyz , This is the source code for the control and token {     "options": {         "defaultValue": "-24h@h,now",         "token": "TimeRange"     },     "title": "Time Select... See more...
hello @dural_yyz , This is the source code for the control and token {     "options": {         "defaultValue": "-24h@h,now",         "token": "TimeRange"     },     "title": "Time Selection",     "type": "input.timerange" }   see the picture for the panel 
Please share the source code for the Time Selection dropdown and for the search panel you are referencing the token.
I want to schedule data learning for a source and alert me more accurately when the data gets closer to zero and this behavior is not normal. I am currently using Forecast time series with a learning... See more...
I want to schedule data learning for a source and alert me more accurately when the data gets closer to zero and this behavior is not normal. I am currently using Forecast time series with a learning time of 150 days backwards but it generates false alerts, any suggestions to adapt my model?
@PickleRick , Sorry for the late answer, you are rigth, i think we might have misunderstood how some attributes work in the indexes.conf and thus it was not strong enough to force the rolling of the... See more...
@PickleRick , Sorry for the late answer, you are rigth, i think we might have misunderstood how some attributes work in the indexes.conf and thus it was not strong enough to force the rolling of the warm buckets. We will surely rework the conf and see what happens but i think that was the main issue. Thanks a lot for your time and answers !
Hello @ITWhisperer , I tried this and got this same error: Invalid value "$TimeRange.earliest$" for time term 'earliest
Try something like this earliest = $TimeRange.earliest$, latest=$TimeRange.latest$
See the Getting Data In manual.
Hi @PolarBear01 , the only way to have HA at Forwarders level is to have two or more Receivers (rsyslog or syslog-ng or SC4S) , so your receiver will work even if Splunk is down; with a Load Balanc... See more...
Hi @PolarBear01 , the only way to have HA at Forwarders level is to have two or more Receivers (rsyslog or syslog-ng or SC4S) , so your receiver will work even if Splunk is down; with a Load Balancer that distributes syslogs between them and manages fail over. Receivers can be located on UFs or on Hfs, I usually use rsyslog on UFs! I don't know what you mean with manual balancing, for a real HA, you need a Load Balancer that  works without any manual action. There's also the possibility to configure DNS for load balancing and fail over managing, but DNS usually responds with a delay in case of fault of one receiver, so you loose first logs, for this reason a real Load balancer (e.g. F5) is the best solution for a real HA. The HFs are useful if you want to concentrate all logs before to send them to Splunk Cloud, otherwise (on premise) it isn't mandatory. Ciao. Giuseppe
Hi folks, I'm having a hard time picking the right architecture for setting up a solution to gain high availability of my syslog inputs. My current setup is: - 4 UFs - 2 HFs - Splunk Cloud Sysl... See more...
Hi folks, I'm having a hard time picking the right architecture for setting up a solution to gain high availability of my syslog inputs. My current setup is: - 4 UFs - 2 HFs - Splunk Cloud Syslog is now being ingested on one of the HFs as a network input. I saw that to solve my isssue I could injest my syslog logs on a UF and forward them to my HFs taking advantage of the built-in load balancing of the intermediate forwarders (aka HFs) which would simplify a lot the deployment. On the other hand another seen solution is manually implementing a load balancing machine in front of the HFs to injest the syslog data and manually balance load. Which solution is best suited for a splunk development? IMO 1st one is much more straight forward but I need to validate this is a correct aproach.   Thanks in advanced!
Hello, Can you please help to let me know what are the steps need to followed to do so? Thanks
Token was set using the time range control. see below image
Hi Team  Can you please help me to extract the data from the external website to Splunk Dashboard.  Is it possible ??  Example :  I've to fetch the below status from the website: "https://www.e... See more...
Hi Team  Can you please help me to extract the data from the external website to Splunk Dashboard.  Is it possible ??  Example :  I've to fetch the below status from the website: "https://www.ecb.europa.eu/"  Output in SPLUNK Dashboard: T2S is operating normally.  
Please show what is in your token and how you have set it
As you say: "is _not_ straightforward", and I agree, why I think the "solution" here is vague, and ought to be refined
Hello guys, I am trying to add a time range to my search, so the user can pick any time range and see data for the selected time (e.g. 24hours, last 30 days, previous year etc), . I created a time ra... See more...
Hello guys, I am trying to add a time range to my search, so the user can pick any time range and see data for the selected time (e.g. 24hours, last 30 days, previous year etc), . I created a time range control and token for this purpose, called TimeRange. But when I run my query, I get the below error: Invalid value "$TimeRange$" for time term 'earliest' Here is my query: base query earliest = $TimeRange$, latest=now () | other query
Hi mitag,  its been a while since you posted this. Were you able to work on such an app / add-on? I would be interested in it. 
The question was very vague and ambiguous. Let's consider a situation where you have a server hosting two interfaces - 192.168.10.23/24 and 172.17.1.10/24. It receives HEC data on the 172.17.1.10 in... See more...
The question was very vague and ambiguous. Let's consider a situation where you have a server hosting two interfaces - 192.168.10.23/24 and 172.17.1.10/24. It receives HEC data on the 172.17.1.10 interface and has a default route via 192.168.10.1. It sends its data to an indexer located at 10.1.2.3/24 but the connection is SNAT-ed so it appears to the indexer as coming from 10.20.1.1. What is internal and external in this case? It is _not_ straightforward. I could throw in an intermediate forwarder to this mix and possibly some HTTP proxy. "Internal" and "external" mean different things depending on where you look from.
@SreejithDas- You are installing Splunk IT Intelligence App which is not allowed to install from UI. You need to install it from backend/SSH only. Reference Document - https://docs.splunk.com/Docume... See more...
@SreejithDas- You are installing Splunk IT Intelligence App which is not allowed to install from UI. You need to install it from backend/SSH only. Reference Document - https://docs.splunk.com/Documentation/ITSI/4.19.1/Install/Install   I hope this helps!!! Kindly upload if it does!!!