We are using the alert manager app in our environment to add incident workflows to Splunk. After updating our Splunk Cloud to the latest Cloud version, we are facing an error while trying to access the alert manager settings page. Error:  'A custom JavaScript error caused an issue loading your dashboard. See the developer console for more details.’ We have already reached out to Splunk support to fix this issue. We have tried all the workarounds that they have mentioned to fix the compatibility issue of dashboards that use custom JavaScript with jQuery 3.5 or higher. But it did not help. It would be great if someone could help me in fixing this issue .. Alert Manager Incident Settings page Source code

Hi there, I´m getting following advice on licensing page: "This deployment is subject to license enforcement. Search is disabled after 45 warnings over a 60-day window" I don't know what it´s are referring to.  

Hi All! The data I am pulling is coming from nodes in multiple time zones. I want to use that time zone instead of Splunk's time field. The correct time data is already being pulled in a NodeTime field but I cannot figure out how to use that field instead of Splunk's time field. Any ideas? TIA for the help!

Hi,   When configuring dependencies between services, is it possible to filter down the entities for the dependent KPIs?   For example: I have a service called "OS Performance Monitoring", and CPU Utilization is a KPI, split by 80 entities. If I create another service called Application X, which has 5 entities out of the 80, and if I select the KPI as a dependency, the rolled up value will be for all 80 entities, or just the 5 ones configured for the application service?

Hello colleagues. we recently switched from Splunk HF to UF. before this event with sourcetype = MSWindows:2012:IIS. parsed normal but after installation, something went wrong. and events in the spanner do not take all the fields from the logs

I need to exclude the field values if it is less than or equal to 8 characters. For eg: In the field abc, I have the below values in which I need to exclude only (browsers, files, members) 'coz these has equal to or less than 8 characters. And I need to have the other values abc: browsers files attachment members auto-saved splunk-answers discussions Can someone help me on this, please?

Hi, We have A hybrid platform for mobile application called "KONY", & we have to apply the Mobile EUM on the mobile applications that is built by KONY Platform. Unfortunately, we didn't find the KONY Platform in the available AppDynamics supported platforms. Is the KONY Platform is supported by AppDynamics? If yes, we have to know the proper way to instrument our mobile app that is built by KONY Platform.

Hi All, I would like to extract more logs after searching for particular string. Eg., I want to search with string "Myname" and i want to see 3 lines along with search string in output Note : 3 lines are not constant and keeps on changes abcdefghijklmnop 1234567890 Myname dsadasdasd 1231232131231 asdasdasdas   Expected result Myname dsadasdasd 1231232131231 asdasdasdas   dsasaasdsa

Hi, I am encountering issue with 1 particular index. I am unable to use index!= to exclude the results from that particular index. For example, I have 3 indexes - endpoint, server, mobile. I run a index=* index!=server index!=mobile [search parameters]. However, when the results came back, it is showing 2 indexes - endpoint and server. That means the index!=mobile works, but not the index!=server. And I did verify without the index!= command, I will see all 3 indexes. Of course this is a very simplified example with only 3 indexes but I am wondering, what could cause the index!=server not to work. In my current setup, all other indexes (I tested 10) work with index!= command but not that particular one. Thanks.

I have multiple UF (Universal Forwarder) in my environment and all of those are sending logs to one IF (Intermediate Forwarder). Now suddenly one UF has installed in syslog server and suddenly that UF stopped sending log to Splunk. How can I get to know when that UF last send the log to Splunk and if I try to search that UF name as host. Shall I get it or I will get only two IF name as host for every time?   [Note: Please attach the splunk doc link for the same if you know]

I have a csv file that I upload through Lookup Editor which have a Time column in this format 15/06/2021 14:35:00 I want to convert it to Splunk readable time or an Unix time format so I can filter out the row between two certain date (between 14/06/2021 and 7/7/2021). I have try |inputlookup sample.csv |eval time = strptime(Time,"%m/%d/%Y %I:%M:%S %p") |table time But it return "No result found". How do I go about this? Or my strptime have any errors in formatting?

I have installed, correctly configured and repeatedly check the settings for two apps to get data into Splunk however the data is not appearing in searches. I have read every document I could and tried everything possible but no success so far.  Other Splunk apps installed are working as designed. 1) Splunk add-on for IIS -The add on is correctly configured according to the documentation, and there is no communication issue between the server and Splunk enterprise as other data from that server does appear in searches. -.conf files and everything else are pointed at the correct location -I have tried indexing it to the default index as well as the IIS index. 2) Cisco Add-On for Splunk Enterprise (TA-cisco_ios)  -App is configured according to the documentation. -The cisco switch model is supported by the app -UDP port 514 is configured on Splunk  -No network security devices to prevent cause communication issues between the switch and Splunk. Of note is that the servers CPU is constantly near or at 100% at all times (Splunk is optimized and configured to reduce usage, the server is multi-use) *Upgrading the server is not an option at this time. *Moving to cloud is not an option. Any thoughts/suggestions/fixes would be greatly valued.

We have the following -    <input type="dropdown" token="Status" searchWhenChanged="false"> <label>Job Status</label> <choice value="*">ALL</choice> <choice value="SUCCESS">SUCCESS</choice> <choice value="FAILURE">FAILURE</choice> <choice value="RUNNING">RUNNING</choice> <default>*</default> <initialValue>*</initialValue> </input>     In the code the following works just fine -   | where STATUS = "$Status$"     Except for the ALL token as the code would be -   | where STATUS = "*"   Instead of -   | where STATUS = *     What can be done?

Context: New Search View.  I am not referring to Dashboards (which have many auto-run posts). I often develop searches in Verbose mode over a very small timespan, then move to Fast mode over a large timespan (Smart mode doesn't work well for me). What drives me crazy is when I either change the mode or select a time preset, the Splunk UI automatically begins a search. I want to change both the mode and the timespan before starting a search.   Is there a way to disable automatically running search -- so that it only runs a search after an explicit "enter" / search button click?