All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Error is gone! Thank you all for your help  
What is your search? What results do you get? What would you like them to look like?
I have a splunk search that returns two columns, SESSION and URI. How can I show the sequence of URIs visited by each SESSION as columns, with a separate row for each SESSION? Thanks! 
Appreciate your response @marnall .  My questions comes from our recent scenario, where we did a splunk upgrade using Infrastructure as code and we are using smartstore for indexing.  We were in the ... See more...
Appreciate your response @marnall .  My questions comes from our recent scenario, where we did a splunk upgrade using Infrastructure as code and we are using smartstore for indexing.  We were in the opinion that the data get moved to external storage once it hits the warm bucket but unfortunately, we lost some of the data during the migration.  The only reason we could think of is the hot buckets which are stored locally did not get rolled over to warm bucket which could have been available in the external storage and are available for later searches.  We have another migration scheduled for this weekend, so I want to be cent percent sure we don't have any data loss.
This did the trick for me.  I've used subsearches elsewhere in my dashboards and reporting, just didn't to use it with makeresults as well.
Assuming you have given your text input field an id of "required" #required .splunk-textinput { border: 2px solid #f6685e !important; }
I am using Splunk version 9.3.1 and I get the same results using your example.  A red border around the entire panel and not just the text box itself.        
Hi,   ere you able to resolve this on windows?   thnxx
Hi,   were you able to resolve it?
This is my error string " successful, returned exit code '0'" but apart from this error , other events are also getting returned. Please help in creating the regex for this as i am new to Regex and a... See more...
This is my error string " successful, returned exit code '0'" but apart from this error , other events are also getting returned. Please help in creating the regex for this as i am new to Regex and also how can we create or take help from where to create regex?
Thank you for your response, We have achieved the final same city disaster recovery architecture by combining M3/M13 and UF clone dual writing!
Thank you for your response, We have achieved the final same city disaster recovery architecture by combining M3/M13 and UF clone dual writing!
Hi @gcusello  i noticed that Splunk does not support the Add-on for WorkspaceOne.and has no documentation. is there any supported app to parse the Vmware workspace one-MDM  
Thanks @marnall , I will talk to CB team for the clarity. Thanks for informing about different product types of Carbon Black. I was requiring a live query action on CB cloud app but did not find it. ... See more...
Thanks @marnall , I will talk to CB team for the clarity. Thanks for informing about different product types of Carbon Black. I was requiring a live query action on CB cloud app but did not find it. So was thinking if I may use any other CB app. I found the action in splunk-soar-connectors/carbonblackresponse but did not test yet whether it will work for CB cloud. Else I need to directly call the CB cloud APIs to to execute the query. I have submitted an issue for the CB cloud app to include this as an action Carbon Black live query to search devices is absent within Carbon Black cloud SOAR app · Issue #16 · splunk-soar-connectors/carbonblackcloud.
Hi @shoaibalimir , storage dimensioning is a job for an architect! Aniway, it depends on if you have a cluster or not, if not you can calculate the storega in this way: storage = (average_license_... See more...
Hi @shoaibalimir , storage dimensioning is a job for an architect! Aniway, it depends on if you have a cluster or not, if not you can calculate the storega in this way: storage = (average_license_consuption_by_day / 2 )* retention  if you have a cluster you must add the Replication Factor anf the Search Factor. Ciao. Giuseppe
I am checking this time from the backend of splunk, i am tailing the file splunkd.log and it shows a different time than system time
Hi @Praz_123 , as I s<id, in the License consuption page or in the Monitoring Console, you can see the ingestion rate for each index. Ciao. Giuseppe
Hi @santhipriya , the message is saying the there's a missed loookup (probaly automatic) in your search head cluster. you have to understand in which app it's located and then create or disable it.... See more...
Hi @santhipriya , the message is saying the there's a missed loookup (probaly automatic) in your search head cluster. you have to understand in which app it's located and then create or disable it. Ciao. Giuseppe
Hi, I have an use case in which I need to assess the storage difference of the index. Like for example, I have an index which has around 100.15 GB of data in it with Searchable Retention Days as 10... See more...
Hi, I have an use case in which I need to assess the storage difference of the index. Like for example, I have an index which has around 100.15 GB of data in it with Searchable Retention Days as 1095 Days. Now, if I reduce the Searchable Retention Days to let's say 365 Days, then what would be the approximate storage utilization on the Index. I need to output these results onto a tabular form on a dashboard for the same. Please assist me on this. Thank you in advance.  
Hello, I am reaching out to inquire whether Splunk SOAR currently supports Red Hat Enterprise Linux 9 (RHEL9). We are considering an upgrade to our infrastructure and want to ensure compatibility wi... See more...
Hello, I am reaching out to inquire whether Splunk SOAR currently supports Red Hat Enterprise Linux 9 (RHEL9). We are considering an upgrade to our infrastructure and want to ensure compatibility with Splunk SOAR. Thank you!