Hi, I am very new to Splunk. I am familiar with angular as we do all our projects in angular. I would like to know if it is possible to embed the angular app I have developed in Splunk enterprise? I have followed a similar tutorial for react and it works just fine. https://github.com/robertsobolczyk/splunk-react-app I was wondering if similar is possible for Angular 2+? Any help would be highly appriciated. Thanks

hi, I'm finding how to calculate each time difference from near 2 events   for example, if my search output is f1    datetime A     ~~ 09:00 A    ~~ 10:00 A    ~~ 15:00 B    ~~ 06:00 B    ~~ 08:30   I want a table like A 1:00 A 5:00 B 2:30   I prefer to print it without making big temporary output table(for look-up or etc) if I can can I get some ideas?

I have configured  this addon as per the instructions and no matter how many times I set disabled=0, after restarting Splunk, it automatically goes back to disabled=1. Can anyone please advise how to fix this ?

Hi Team, I have a dashboard with an HTML panel, where I want to display the current page's URL. Could anyone please help?  Is there any way we can pick the URL, store it in a token, and display it in the panel?

Hi Team,   I would like to add a refresh button to the HTML template of the dashboard, to reset all the tokens and display the info from starting based on my selection.    Any idea on where to start with this?

Hi All, I'm running the query  | tstats count where index=<index name> by sourcetype No results   OR  | tstats values(sourcetype) where index=<index name> by index and the results for values(sourcetype) is null\empty. I have up to date data with  no delays in indextime . I've checked the fields.conf on indexers and I do see the field [sourcetype] **Also there are sourcetypes that does work and I see the field  Any ideas how to check this? or what can be the issue?   Thanks, Hen

Hi, I have a dashboard and I need to be able to have an option to export the actual log entries from a dashboard. The dashboard in question performs a number of aggregations and the export option I currently have just exports these aggregation results. What I actually need is an export of the corresponding events/ log entries of these aggregation results. Like one of the aggregations on the dashboard is a count of the number of firewalls on a each host. How can I export all the respective log entries for those specific firewalls on that host? At the moment, I can get these logs when I perform a search but I need the option on the actual dashboard to export these logs? Can you please help? Many thanks, Patrick  

Thanks to @niketn I can now click on a table row, and get the whole row highlighted as needed. Step 1: When clicking on a row, the selected row is highlighted (Working OK) What I am trying to do is: Step2: I have multi-select inputs and when "All" is selected in multi-select, I want to remove the highlight from the table row. Step3: Also would like to highlight multiple rows if more than one choice is selected in multi-select. I am new to JS and tried the below JS  for Step 2 but it isn't working. Any help would be appreciated require([     'underscore',     'jquery',     'splunkjs/mvc',     'splunkjs/mvc/simplexml/ready!' ], function(_, $, mvc) {     // Access tokens via Default Token Model     var defaultTokenModel = mvc.Components.get("default");     // Search id in Simple XML is tableSearch. Get SearchManager object using the same     var tableSearch = mvc.Components.get("tableSearch");     // On click of Table cell with id=highlight, set the highlighted class for CSS Override     // Fetch the highlighted row id from DOM.     // For pagination will require:     //    (i) Either Row ID as a table column to be fetched OR     //    (ii) Use TableView to handle Custom Cell Renderer     $(document).on("click", "#highlight table td", function() {         // Apply class of the cells to the parent row in order to color the whole row         $("#highlight table").find("td.highlighted").each(function() {             $("#highlight table tr").removeClass("highlighted");             $(this).parents("tr").addClass(this.className);             // Set Table Row id to highlighted_row_id (This approach would need change for pagination)             defaultTokenModel.set("highlighted_row_id", $(this).parents("tr").attr("data-row-index"));         });     });     // When the Table Cell Completes, highlight previously selected Table Row.     tableSearch.on("search:done", function(properties) {         var highlighted_row_id = defaultTokenModel.get("highlighted_row_id");         // setTimeout May not be required with Custom Cell Render.         // But for Table Row Highlighting post 6.6 even with Custom Table Cell Renderer this is required.         setTimeout(function() {             $("#highlight table tr[data-row-index='" + highlighted_row_id + "']").addClass("highlighted");         }, 100);     });     $('#multi'), on("change", function() {         var multi = mvc.Components.get("multi");         var tokens = mvc.Components.get("default");         var mytoken = tokens.get("multi");         if (mytoken.length > 1 && mytoken.includes("All")) {             var highlighted_row_id = defaultTokenModel.get("highlighted_row_id");             $("#highlight table tr[data-row-index='" + highlighted_row_id + "']").removeClass("highlighted");         }     }); });  

Hi, I have installed "Splunk Add-on for Microsoft Cloud Services" both on my Search peers and Heavy Forwarder. Im getting a lot of warn messages : Search peer splunk-sh-name has the following message: Health Check: msg="A...with exit status: 255" input="./opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/bin/mscs_azure_event_hub.py" stanza="mscs_azure_event_hub://azure" During a search in the index=_internal , saw error of : message="Blob checkpoint store not configured" pos=mscs_azure_event_hub.py:_try_creating_blob_checkpoint_store I dont have checkpoint at all , why would it warn me about something i have not ever configured? How can i stop it from attempting to create checkpoint blob?

trying to list the total number of allowed connections to a destination IP from any/all source IP's currently using the following search, index=firewall_usa dest_ip=xx.xx.xx.xx action=allowed  | stats count BY src_ip dest_ip | where count > 1 | sort – count   Is there a better/ quicker way to do this  

Hi, After upgrade to version Splunk Ent  version 8.2.5: All "single values" in all dashboards do not scale anymore relative to the height, showing max fontsize, not honouring the height of the panels. All dashboard suffering with this issue. Checked it on other Splunk instance and have the same issue. Already created a support-request. Any suggestions in the meantime? regards AshleyP

Hello Team, we have selected the rising column feature of DBX that allows Splunk to incrementally import new database records. But it’s not working and getting old logs into our Splunk aswell.  we need logs from the 01st March 2022 but we are receiving logs from the last year 2021.  select * from xxxxxxxxxxxxxxx SELECT * FROM your_table WHERE LoginDt > ? ORDER BY LoginDt ASC checkpoint value : 3/1/2022 00:00:00.000

Hi everyone, Just wondering how to use proxy server to relay the traffic for the onprem federated search head to a splunk Cloud instance? I have a look at the federated.conf, but could not find a proxy setting? https://docs.splunk.com/Documentation/Splunk/8.2.5/Admin/Federatedconf Or should we just use the splunkd proxy settings? https://docs.splunk.com/Documentation/Splunk/8.2.5/Admin/ConfigureSplunkforproxy Many thanks, S