All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Thank you. 
Hi @rhaj09 , here you can download Splunk Enterprise versions older that the last: https://www.splunk.com/en_us/download/previous-releases.html Ciao. Giuseppe
Where can I download the installer for Splunk Enterprise 9.2.1?  
Hi @Real_captain May i know if the issue is resolved or not yet, thanks. 
Splunk is not well-known for reporting on things that don't exist, you have to give it some clues! index=printer sourcetype=printer:logs | stats count sum(pages_printed) AS pages_printed by printer_... See more...
Splunk is not well-known for reporting on things that don't exist, you have to give it some clues! index=printer sourcetype=printer:logs | stats count sum(pages_printed) AS pages_printed by printer_name, | lookup printers.csv printer_name AS printer_name OUTPUT printer_location | table printer_name, printer_location, count, pages_printed | append [| inputlookup printers.cvs ``` Should this be csv? ``` | eval count = 0, pages_printed = 0 | table printer_name printer_location count pages_printed] | stats sum(count) as count sum(pages_printed) as pages_printed by printer_name printer_location | rename printer_name AS "Printer Name", printer_location AS "Location", count AS "Print Job", pages_printed AS "Pages Printed"
Which code are you talking about? Where are you trying to submit it to? Where are you editing this code?
Hi @timtekk , are you speaking of removal from the Forwarders list in Deployment Server or Monitoring Console? if Monitoring Console, you have only to rebuild the Forwarders List [Settings > Monito... See more...
Hi @timtekk , are you speaking of removal from the Forwarders list in Deployment Server or Monitoring Console? if Monitoring Console, you have only to rebuild the Forwarders List [Settings > Monitoring Console > Settings > Forwarder Monitoring Setip]. If from Deployment Server list, you can remove it from web interface [Settings > Forwarder Management > Clients]. Ciao. Giuseppe
OK got it. The answer is no, you can't display the same input panel in two different rows of the dashboard.
For Splunk, the cost saving is between hot/warm storage and cold storage. It sounds like, for this other software, if the hot and warm buckets are on different storage devices, moving the buckets bet... See more...
For Splunk, the cost saving is between hot/warm storage and cold storage. It sounds like, for this other software, if the hot and warm buckets are on different storage devices, moving the buckets between hot and warm is going to be processor and i/o intensive, whereas, moving files which are on the same *nix file system is fast and efficient as all that needs to be done is to point the warm file path to the same i-node on the file system as it occupied as a hot bucket and remove the hot bucket path (pointer) to the i-node. While the other software may appear to give you more flexibility, by putting the hot and warm bucket locations on different file systems (even if they were on the same physical device) would incur runtime costs and inefficiencies.
That works perfectly. Thank you very much 
i am trying to verify  the username from editing the code but i do not know where to submit the code. i checked the domumentation but it only advice on how to edit the code but it does not mention wh... See more...
i am trying to verify  the username from editing the code but i do not know where to submit the code. i checked the domumentation but it only advice on how to edit the code but it does not mention where to sbmit the code. 
HI @ITWhisperer  Below is the requirement:  I want to use an input (radio button) in 2 panels and there are total 3 panels in my dashboard.  Is it possible to make an input (radio button) visibl... See more...
HI @ITWhisperer  Below is the requirement:  I want to use an input (radio button) in 2 panels and there are total 3 panels in my dashboard.  Is it possible to make an input (radio button) visible in 2 panels and not visible in the 3rd panel.  I've used below code to achieve it but I've to write the same code 2 times.  I want to use the show the Deviation input in the PanelB and PanelC but it should not be visible in panelA.   <label>Mode Selection</label> <choice value="panelA">panelA</choice> <choice value="panelB">panelB</choice> <choice value="panelC">panelC</choice>   <row> <panel depends= "$tokShowPanelB$"> <input type="radio" token="Devib" searchWhenChanged="true"> <label>Deviation</label> <choice value="">ALL</choice> <choice value="| where Dev = 0">Dev = 0</choice> <choice value="| where Dev &gt; 150" > Dev > 150 </choice> <default></default> </input> </panel> </row> <row> <panel depends= "$tokShowPanelC$"> <input type="radio" token="Devib" searchWhenChanged="true"> <label>Deviation</label> <choice value="">ALL</choice> <choice value="| where Dev = 0">Dev = 0</choice> <choice value="| where Dev &gt; 150" > Dev > 150 </choice> <default></default> </input> </panel> </row>
Hi @Shan , are you using a visualization from an add-on or the standard charts? if a visualization, which one? For my knowledge, you can have the value of the chart section where the mouse is movi... See more...
Hi @Shan , are you using a visualization from an add-on or the standard charts? if a visualization, which one? For my knowledge, you can have the value of the chart section where the mouse is moving on but not localized in the center. Maybe if there's some visualization that I don't know. Ciao. Giuseppe
Hi, I have large number of queries which needs to be created as metrics in Analytics (because we can't retain data more than 8 days in Analytics, so making metrics to retain it). Is there any tool/... See more...
Hi, I have large number of queries which needs to be created as metrics in Analytics (because we can't retain data more than 8 days in Analytics, so making metrics to retain it). Is there any tool/API or CURL command we can use to create these metrics by providing Query and Metrics name as payload/arguments? Creating them manually is error prone and time taking
Hi @sbhatnagar88 , it isn't a best practice to have different OSs but it can run for a momentary period, but Splunk must have the same version. Ciao. Giuseppe
Hi @Topher22 , you can append or replace a value , as you would, simply using the lookup command: if in the lookup the field to replace is Y and must be related to X from the main search and you wa... See more...
Hi @Topher22 , you can append or replace a value , as you would, simply using the lookup command: if in the lookup the field to replace is Y and must be related to X from the main search and you want to use the value X_descrition from the lookup, you can use something like this: index=* | lookup my-lookup.csv Y AS X OUTPUT X_description | chart count(_raw) by X_description  You can find more infos about the lookup command at https://docs.splunk.com/Documentation/Splunk/9.3.1/SearchReference/Lookup Ciao. Giuseppe
Thank you for the response. I'm running this search query on Splunk Cloud, I redacted the Splunk Cloud Instance ID for privacy and all the indexes are created via GUI itself. System Indexes like _in... See more...
Thank you for the response. I'm running this search query on Splunk Cloud, I redacted the Splunk Cloud Instance ID for privacy and all the indexes are created via GUI itself. System Indexes like _internal, _audit or others are system generated so I can have them renamed as "Splunk Generated Index User". Apart from that, I'm also researching and assessing the way to fetch creation date as well. About the IDX part, I think that got deprecated in Victoria Experience or so, but it would be helpful if there's any workaround or any other way to find it.
Hi @ITWhisperer  I made small changes in given query. It is working as expected.. Thanks for your support
I am looking to append a value in a lookup csv to an existing search index=* |fields _time,x |chart count(_raw) by X and I want to replace(or append) the X with a value(name) from a csv so I can ... See more...
I am looking to append a value in a lookup csv to an existing search index=* |fields _time,x |chart count(_raw) by X and I want to replace(or append) the X with a value(name) from a csv so I can table the results.
Dear All, Need your help. We have achieved the visualization shown in image 1.  But I'm expecting the results as shown in image 2(semicircle donut or pie chart).   Thanks in adva... See more...
Dear All, Need your help. We have achieved the visualization shown in image 1.  But I'm expecting the results as shown in image 2(semicircle donut or pie chart).   Thanks in advance