All Topics

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Topics

I want to put the logo in the top left-hand corner and above the dashboard header. Please refer to the image below for reference. Thanks in Advance
Hello, I configured some urls to be monitored by port monitoring application. Most of the are working fine but for few, It only has data that time_out is false, other fields "total_time= request... See more...
Hello, I configured some urls to be monitored by port monitoring application. Most of the are working fine but for few, It only has data that time_out is false, other fields "total_time= request_time= response_code=" are just empty, with no values. By the way, urls are working OK Anyone has an explanation? Thanks a lot
Hi Splunk Team! i want to running app website monitoring in splunkforwarder how can i dot it ThankS!
Hi All, Would like to know what causes this issue , please see screenshot attached. There's an event "42" showing and time range is showing , but the table is not showing. SplunkEnterpriseSecurit... See more...
Hi All, Would like to know what causes this issue , please see screenshot attached. There's an event "42" showing and time range is showing , but the table is not showing. SplunkEnterpriseSecuritySuite = version :5.3.0
Hello, I set up the Deeplearning toolkit and started the Tensorflow CPU container. On the containers dashboards, on the panel listing the containers I've got an error throwed by the indexer: [... See more...
Hello, I set up the Deeplearning toolkit and started the Tensorflow CPU container. On the containers dashboards, on the panel listing the containers I've got an error throwed by the indexer: [myIndexer] Failed to fetch REST endpoint uri=https://127.0.0.1:8089/services/mltk-container/status?count=0 from server https://127.0.0.1:8089. Check that the URI path provided exists in the REST API. Does the DeepLearning toolkit needs to be also installed on the indexers? When I try to run the "Neural Network Classifier Example" dashboard, I also get an error, even though the dashboard is returning some results: MLTKC error: /fit: ERROR: unable to load algo code from module. Ended with exception: No module named 'model.binary_nn_classifier' Any help would be much appreciated.
Hi Splunkers, Please refer to attached image, i have js and css for the current view, as a part of requirement, how can i add more logic to the tooltip, the mouse over slice. i got my needed ... See more...
Hi Splunkers, Please refer to attached image, i have js and css for the current view, as a part of requirement, how can i add more logic to the tooltip, the mouse over slice. i got my needed view, as i changed field value from Normal to "Normal | Hosts Count with <5 for Today", but when i deed the same change in css and js, those changes are not reflecting. CSS for Needed image: toklabel g.c3-chart-arc.c3-target-"Normal | Hosts Count with <5 for Today" text{ fill:white !important; } toklabel text.c3-chart-arcs-title{ fill:white !important; } #toklabel g.c3-shapes.c3-shapes-"Warning | Hosts count with 5< Count <10 for Today" path.c3-shape.c3-arc-"Warning | Hosts count with 5< Count <10 for Today"{ fill:orange !important; } #toklabel g.c3-shapes.c3-shapes-"Critical | Hosts conut with >10 For Today" path.c3-shape.c3-arc-"Critical | Hosts conut with >10 For Today"{ fill:red !important; } #toklabel g.c3-shapes.c3-shapes-"Normal | Hosts Count with <5 for Today" path.c3.shape.c3-arc-"Normal | Hosts Count with <5 for Today"{ fill:green !important; } #toklabel div.c3-tooltip-container table.c3-tooltip tr.c3-tooltip-name--"Warning | Hosts count with 5< Count <10 for Today" td.name span{ background-color:orange !important; } #toklabel div.c3-tooltip-container table.c3-tooltip tr.c3-tooltip-name--"Critical | Hosts conut with >10 For Today" td.name span{ background-color:red !important; } #toklabel div.c3-tooltip-container table.c3-tooltip tr.c3-tooltip-name--"Normal | Hosts Count with <5 for Today" td.name span{ background-color:green !important; } #toklabel g.c3-legend-item-""Warning | Hosts count with 5< Count <10 for Today"" line.c3-legend-item-tile{ stroke:orange !important; } #toklabel g.c3-legend-item-""Critical | Hosts conut with >10 For Today"" line.c3-legend-item-tile{ stroke:red !important; } #toklabel g.c3-legend-item-""Normal | Hosts Count with <5 for Today"" line.c3-legend-item-tile{ stroke:green !important; }
Hi. I'm a beginner of splunk search query. I saw below search query and I did not understand what a function in sql select query. | dbxquery connection="test_db" query="select col1, col2, func... See more...
Hi. I'm a beginner of splunk search query. I saw below search query and I did not understand what a function in sql select query. | dbxquery connection="test_db" query="select col1, col2, func_comcode(col1,'col2').... from test_table" my question is Is this function(func_comcode) user defined function?? if yes, how can I find the function definition. I think so silly question. I appreciate your answer. Thanks
We were asked to install the app TA-meraki on splunk. Following url were given https://splunkbase.splunk.com/app/3018/ ta-meraki_111.tgz file was downloaded and copied it to the search head s... See more...
We were asked to install the app TA-meraki on splunk. Following url were given https://splunkbase.splunk.com/app/3018/ ta-meraki_111.tgz file was downloaded and copied it to the search head server anaxsplhd01 in the path /opt/splunk/etc/apps. We unzipped the file using tar -xvzf ta_meraki_111.tgz. A folder TA-meraki was created in the path /opt/splunk/etc/apps. After that we restarted splunk. We could able to see the app TA-meraki in splunk web. We made it visible. Now user is complaining that he is unanble to see the data in the app. What steps we are missing. What are the further steps to configure the app. Following are the contents of the file /opt/splunk/etc/apps/TA-meraki/default/app.conf TA-meraki app configuration file [install] is_configured = false state = enabled state_change_requires_restart = false build = 18 [launcher] author=Myron Davis version=1.1.1 description = CIM Compliant Extractions and Tags for meraki [ui] is_visible = false show_in_nav = false label = TA-meraki [package] id = TA-meraki check_for_updates = true
hi , I deployed a search app from deployer on 3 member cluster search head. Deployer successful pushed the bundle but its not pushing local directory. The app got visible on search head but ( ... See more...
hi , I deployed a search app from deployer on 3 member cluster search head. Deployer successful pushed the bundle but its not pushing local directory. The app got visible on search head but ( its missing search and reporting ) . Its showing only Defaultviews instead of standard ( alert, search , dashboard tabs) . I checked permission on the deployed app and its set as execute/read/write.
Hello, I have configured splunk app for jenkin one of our Splunk instances, Post configuration few tabs are not working, they were ending up in blank page as in the screenshot. Insight jobs, Aud... See more...
Hello, I have configured splunk app for jenkin one of our Splunk instances, Post configuration few tabs are not working, they were ending up in blank page as in the screenshot. Insight jobs, Audit trails, health monitoring were not working. APP Versions: Splunk app for Jenkin : 2.0.2 and 2.0.1 (tried both versions and issue is the same) Splunk Enterprise : 7.2.10 I Splunk app of jenkin version 1.0.8 installed in another splunk instance of version 7.2.10 and there is no issues with it. Is there a way i can get the earlier version of splunk app of jenkin prior to 2.0.2 to check if it is a version issue. Thanks,
Can someone please help me to understand how MintWKWebView records calls from web view to Mint management console ? I followed steps here but couldn't understand where mintBridge is coming into pictu... See more...
Can someone please help me to understand how MintWKWebView records calls from web view to Mint management console ? I followed steps here but couldn't understand where mintBridge is coming into picture. My thought was that it is a global javascript object available but not sure how to make use of it as I couldn't find it while inspecting web view in app through dev tools in Safari. Is there a javascript version of SDK needed to complete the integration ?
i just want to use a canlander to select time,but when i add a "time" panel ,there are presets\relative\real-time\... showed on the web page ,i want to remove these panel and only show a canlander ... See more...
i just want to use a canlander to select time,but when i add a "time" panel ,there are presets\relative\real-time\... showed on the web page ,i want to remove these panel and only show a canlander to select time.
I want to show the number of successes and failures in a single value panel. How should I do this? splunk version: 6.4.3 Like the screenshot below, green is successful, red is failures ind... See more...
I want to show the number of successes and failures in a single value panel. How should I do this? splunk version: 6.4.3 Like the screenshot below, green is successful, red is failures index = test |eval classification=if(eventtype="a","successful","failures") |stats count by classification
Is there a way (using the Splunk TA for AWS or otherwise) that Splunk can connect to a publicly available S3 bucket (such as those made available here https://registry.opendata.aws/) and read in th... See more...
Is there a way (using the Splunk TA for AWS or otherwise) that Splunk can connect to a publicly available S3 bucket (such as those made available here https://registry.opendata.aws/) and read in the data? From the Splunk TA, the only buckets that I can read from are those which were created in my account.
I am having trouble extracting individual events from a csv file with the data formatted in the following way. I have tried to look for similar answers online, but can't see any that meet my requir... See more...
I am having trouble extracting individual events from a csv file with the data formatted in the following way. I have tried to look for similar answers online, but can't see any that meet my requirements. year/month airport total_flights num_flights_day_1 num_flights_day_2 num_flights_day_3 etc....31 202001 NEW YORK 5 1 0 0 0 202001 PARIS 10 0 5 5 0 202001 LONDON 15 6 4 6 0 Any help would be appreciated, Thanks
Here is my event log sample below [LOG LEVEL=INFO] [LOGGER=WIFI_ACCESS_INFO] [INTERFACE ID=WIFI_ACCESS] [STEP=START] [RUN_ID=20200426140325679] [Message=Call received for PID: 1234 ] Actually ... See more...
Here is my event log sample below [LOG LEVEL=INFO] [LOGGER=WIFI_ACCESS_INFO] [INTERFACE ID=WIFI_ACCESS] [STEP=START] [RUN_ID=20200426140325679] [Message=Call received for PID: 1234 ] Actually i don't need this event, so I would like filter out this event based on the Message but it is not working as Message has phrase. Please let me know how to filter out this event. Thanks for your help in advance.
On running this search, | makeresults count=20 | streamstats count | eval "genie.name"="foo", "genie:id"="bar" | foreach genie* [eval new_<<MATCHSTR>>=<<FIELD>>+"some strin... See more...
On running this search, | makeresults count=20 | streamstats count | eval "genie.name"="foo", "genie:id"="bar" | foreach genie* [eval new_<<MATCHSTR>>=<<FIELD>>+"some string"] I am expecting that two new fields named new_name and new_id would show, but that doesn't happen. Also an error comes up Failed to parse templatized search for field 'genie:id' I am running on my local Splunk instance. Thanks.
Hello everyone, How i can Add tooltip to a panel on a hover so that if i select in panel anywhere it shows the tooltip. now it is showing only when I click count but my requirement is wherever I ... See more...
Hello everyone, How i can Add tooltip to a panel on a hover so that if i select in panel anywhere it shows the tooltip. now it is showing only when I click count but my requirement is wherever I will select in the panel its will shows the message. i have used below XML <dashboard theme="dark"> <label></label> <row> <panel id="panel1"> <title></title> <html> <style> } .custom-tooltip:hover:after{ background: #33323 ; background: rgba(0,0,0,.8) ; border-radius: 5px ; bottom: 26px ; color: #fff ; content: attr(title) ; left: 20% ; padding: 5px 15px ; position: absolute ; z-index: 98; width: 220px; } </style> <a title="These are high severity Count. Click on the count to view the details." class="custom-tooltip">Count</a> </html> <single> <title></title> <search> <query>|inputlookup TEST1001.csv | eval count = if(ProjectName="CNB", "200", count) | eval count = if(ProjectName="PPN", "400", count) | eval count = if(ProjectName="LLP", "400", count) | eval count = if(ProjectName="DDF", "600", count) | stats sum(count) as Tottle</query> <earliest>0</earliest> <done> <set token="tokToolTipText1">Tooltip1: Search returned $job.Tottle$ Results!</set> </done> <sampleRatio>1</sampleRatio> </search> <option name="colorMode">block</option> <option name="drilldown">none</option> <option name="rangeColors">["0x53a051","0x0877a6","0xf8be34","0xf1813f","0xdc4e41"]</option> <option name="useColors">1</option> </single> </panel> </row> </dashboard>
hi i have lot's of log file that start with this line for each log ********** LOGFILE FOR SERVER 'host22', AT THE DAY OF : 2020/04/25 ********** now how can i set host name for each log, ... See more...
hi i have lot's of log file that start with this line for each log ********** LOGFILE FOR SERVER 'host22', AT THE DAY OF : 2020/04/25 ********** now how can i set host name for each log, expected host name: host22 FYI: all log files copy manually from each server daily, and not use forwarder in this scenario. all loge copy in /opt like below, and splunk continuously index this path: log1 log2 log3 ... any recommendation? Thanks
イベント内に日時の記載はあるものの、検索の際はSplunkに取り込んだ日時を使いたいです。 Splunkのイベントタイムスタンプは、以下に従い付与される認識です。 ①イベント内に日時情報がある場合 props.confで「TIME_FORMAT」が指定されている場合明示された「TIME_FORMAT」を使ってイベント内の時刻や日付を探そうとします。 取り込むデータに対して「TIM... See more...
イベント内に日時の記載はあるものの、検索の際はSplunkに取り込んだ日時を使いたいです。 Splunkのイベントタイムスタンプは、以下に従い付与される認識です。 ①イベント内に日時情報がある場合 props.confで「TIME_FORMAT」が指定されている場合明示された「TIME_FORMAT」を使ってイベント内の時刻や日付を探そうとします。 取り込むデータに対して「TIME_FORMAT」が無かった場合イベント内からタイムスタンプを認識しようとします。 ②イベントに時刻と日付が無い場合 同じソースから取り込んだ直近のタイムスタンプを認識しようとします。 ③どのイベントもソース内に日付情報を持たない場合 Splunkはソース名やファイル名から日付情報を抽出しようとします。 ④ファイル名に日付情報が無い場合 ファイルの最終更新日時をタイムスタンプとして認識しようとします。 ⑤上記1-5でもタイムスタンプを認識できない場合 Splunkサーバーのシステム時刻をタイムスタンプとして認識します。 (取り込んだ時間=そのイベントのタイムスタンプ) イベント内に日時記載があっても、上記⑤のようにイベントのタイムスタンプはSplunkサーバのシステム時刻とすることは可能でしょうか。,イベント内に日時の記載はあるものの、検索の際はSplunkに取り込んだ日時を使いたいです。 Splunkのイベントタイムスタンプは、以下に従い付与される認識です。 ①イベント内に日時情報がある場合 props.confで「TIME_FORMAT」が指定されている場合明示された「TIME_FORMAT」を使ってイベント内の時刻や日付を探そうとします。 取り込むデータに対して「TIME_FORMAT」が無かった場合イベント内からタイムスタンプを認識しようとします。 ②イベントに時刻と日付が無い場合 同じソースから取り込んだ直近のタイムスタンプを認識しようとします。 ③どのイベントもソース内に日付情報を持たない場合 Splunkはソース名やファイル名から日付情報を抽出しようとします。 ④ファイル名に日付情報が無い場合 ファイルの最終更新日時をタイムスタンプとして認識しようとします。 ⑤上記1-5でもタイムスタンプを認識できない場合 Splunkサーバーのシステム時刻をタイムスタンプとして認識します。 (取り込んだ時間=そのイベントのタイムスタンプ) イベント内に日時記載があっても、上記⑤のようにイベントのタイムスタンプはSplunkサーバのシステム時刻とすることは可能でしょうか。