Same as https://community.splunk.com/t5/All-Apps-and-Add-ons/Eventtype-errors-using-splunk-app-for-windows-infrastructure/m-p/503500/thread-id/62002   https://splunkbase.splunk.com/app/1680/ is deprecated. What is the solution?

Looking for a device that can monitor power usage that is compatible with splunk. Looking to place it connected to an outlet or something like that to detect if the power goes out in a building or not. I see lots of articles about combining Splunk with smart home products that could do something like this but nobody ever says explicitly what to buy if you want to set it up to do something like that. If anyone has any ideas please let me know

I have Splunk table output as below. for every different id 1st occurrence, I want to keep id value here, but for all following records, I want to change the value to null.   time id value 40:56.1 00J7ER7SGO8PHCAU4O2CM2LAES0006CA eree334 40:56.2 00J7ER7SGO8PHCAU4O2CM2LAES0006CA face 41:27.6 00J7ER7SGO8PHCAU4O2CM2LAES0006CA face 41:27.7 00J7ER7SGO8PHCAU4O2CM2LAES0006CA dsafasdf 41:27.8 00J7ER7SGO8PHCAU4O2CM2LAES0006CA earweraw 49:02.1 00J7ER7SGO8PHCAU4O2CM2LAES0006CF eqtdzgta 49:02.2 00J7ER7SGO8PHCAU4O2CM2LAES0006CF 12341234 49:03.1 00J7ER7SGO8PHCAU4O2CM2LAES0006CF efgwerwe 49:03.2 00J7ER7SGO8PHCAU4O2CM2LAES0006CF dafdsaf 49:03.3 00J7ER7SGO8PHCAU4O2CM2LAES0006CF erwqerqw 50:08.0 00J7ER7SGO8PHCAU4O2CM2LAES0006CF daadsfad 50:08.7 00J7ER7SGO8PHCAU4O2CM2LAES0006CF qerqwer 50:08.7 00J7ER7SGO8PHCAU4O2CM2LAES0006CF ewrqwerqr 50:08.8 00J7ER7SGO8PHCAU4O2CM2LAES0006CF dfasdfsad 50:08.9 00J7ER7SGO8PHCAU4O2CM2LAES0006CF ewqrqewr   after change,  it should be like this,  anyone knows how to do this? thanks in advance. time id value 40:56.1 00J7ER7SGO8PHCAU4O2CM2LAES0006CA eree334 40:56.2   face 41:27.6   face 41:27.7   face 41:27.8   earweraw 49:02.1 00J7ER7SGO8PHCAU4O2CM2LAES0006CF eqtdzgta 49:02.2   12341234 49:03.1   face 49:03.2   face 49:03.3   face 50:08.0   face 50:08.7   face 50:08.7   face 50:08.8   face 50:08.9   face       Kevin

Hi, i have read the instruction that you cannot install the Splunk enterprises version 8.x to windows server 2012 R2. i need to know what is the correct way to install the Splunk enterprises version 8.x . should I need to install new host 2016 or any other method.  As i have 1 deployment server, 2 indexers, search head, universal forwarder. please share your thoughts  Thanks

Hi,  I'm attempting to build a query to find destination IP addresses that became source IPs for traffic in a 5min window.  What is the best way to do this? Given that it's IDS data, I don't think a join with subsearch would be good because of the 10,000 record limitation and the map function takes forever just looking at 15mins worth of data.  Any ideas or help is greatly appreciated!

Hi Folks, Getting error while run the # ./hwf-Splunk-Connect-for-Syslog.sh       sc4s script  curl: (3) Bad URL, colon is first character SC4S_ENV_CHECK_HEC: Invalid Splunk HEC URL, invalid token, or other HEC connectivity issue index=main. sourcetype=sc4s:fallback Startup will continue to prevent data loss if this is a transient failure.

Hi  Actually i made  lookup with the list of ip address in .csv file. I want to write a query if there is traffic from the ip address which i had given in the lookups. Please help me woth the query. i have the Web datamodel as well   Thanks & Regards, Umesh Chandra Reddy 

Hi all, I wanted to ask a question: "is it possible to execute code based on a condition"? example: if A = B then "rename C as D" else "add a column" My problem: the where returns columns usually 2, (DIRECT, INDIRECT) but there are some cases that returns 3 (DIRECT, INDIRECT, SPC) a case that returns only 1 (INDIRECT) another that returns 1 (DIRECT). When I do the chart, the third field is called "row 3" (I hope to solve with rename). When I have only one field (INDIRECT) it is called "row 1" but if I call it "DIRECT" it is not good as the values ​​are from the INDIRECT. Same thing for the field only (LIVE). The problem I would like is that the chart always has 2 bars for both DIRECT and INDIRECT, even when there is not one of the two. with this code I have: | stats sum (*) by OFFERTA | transpose | addtotals fieldname = "TOTAL" | rename "row 1" as "DIRECT" | rename "row 2" as "INDIRECT" | rename "row 3" as "SPC" Solar year                                            DIRECT     INDIRECT     TOTAL sum (00_PREVIOUS_MONTH)        8                    4                 12 sum (01_PREVIOUS_MONTH)      32                  16               48 sum (02_PREVIOUS_MONTH)      42                 10               52 sum (03_PREVIOUS_MONTH)      30                  8                38 but if I only have 1 field (INDIRECT) I have as a result: Solar Year                                                  DIRECT       TOTAL sum (00_PREVIOUS_MONTH)              0                   0 sum (01_PREVIOUS_MONTH)              3                  3 sum (02_PREVIOUS_MONTH)              1                  1 sum (03_PREVIOUS_MONTH)               3                 3 sum (04_PREVIOUS_MONTH)               2                  2   I would like the chart to have also in this case the two fields with DIRECT and INDIRECT with the DIRECT field all zero

We have just upgraded to v8.1 and because we have a small license, we are subject to the license enforcement. The document states that enforcement will occur if you receive 45 warnings over a rolling 60-day window. What is unclear is what counts as a "warning". For example I have 9 indexers all sharing a single license pool, and when we went over the daily limit, we appears to receive 9 warnings - one per indexers. Is this expected? - for example This pool has exceeded its configured poolsize=xxx bytes. A CLE warning has been recorded for all members So does the 45 warning limit apply to these pool warnings?, hard warnings or license master warnings? I.e. going over the daily limit = 1 warning?

Hello I am a Splunk user, not admin, and I seem to be able to do a search like: | rest splunk_server=local servicesNS/-/-/data/ui/views/ Does that mean I have API access and how can I access this via Excel, PowerBI etc? What would be the URI and do I need a separate key? Thanks!