All Topics

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Topics

When i export a dashboard with some single value graph (using thousend separator option enabled) to pdf, the engine is correctly taking my UI locale "it_IT" and it's correctly formatting the thousend... See more...
When i export a dashboard with some single value graph (using thousend separator option enabled) to pdf, the engine is correctly taking my UI locale "it_IT" and it's correctly formatting the thousend separator (a dot). When i try to schedule send pdf with mail, the thousend separator is not a dot but a comma, like it's not taking the correct locale. Can someone provide a solution?
Hello all, lately, I got an on-prem license on VM Mac Address. I received the license mail but I got some problems to start. 1- the old controller license still reading the old SaaS free trial... See more...
Hello all, lately, I got an on-prem license on VM Mac Address. I received the license mail but I got some problems to start. 1- the old controller license still reading the old SaaS free trial license and I couldn't change it.  because I need to install the enterprise console and the controller with new on Prem license.  2- the required environment is ubuntu and my VM MAC address is windows , 3- on the platform install lab file I got info about using AWS with giving information on the file sent by the supportive Sales engineer but it doesn't work as root or even user. so what do you recommend if you have advice for any of the above. 
初めて投稿させていただきます。至らない点が多々あるかと存じますがご容赦願います。 現在、Universal Forwarderを使用して収集している一部のログが断続的に取得できなくなる事象が発生しています。 原因調査のため、ログ収集の仕様についてご教示いただきたく存じます。 <発生している事象>  対象ログ:JP1のスケジュールログ(ajs-log1.log、ajs-log2.... See more...
初めて投稿させていただきます。至らない点が多々あるかと存じますがご容赦願います。 現在、Universal Forwarderを使用して収集している一部のログが断続的に取得できなくなる事象が発生しています。 原因調査のため、ログ収集の仕様についてご教示いただきたく存じます。 <発生している事象>  対象ログ:JP1のスケジュールログ(ajs-log1.log、ajs-log2.log)       ※log1、log2で自動ローテーションしています。(log1(2)が所定の容量になると、log2(1)に切り替わる。)  発生事象:log1、log2ともに、ログファイルの中身が更新されてもsplunkにデータが収集されない場合がある。 <OS、バージョン情報>  マネージャ側   OS:RedHatLinux 7.2   Splunk:7.1.2  クライアント側   OS:Windows Server 2016   Universal Forwarder:7.1.2 <確認事項>  Universal Forwarderは何をトリガーとして、収集対象ファイルの更新を検出しているのでしょうか。 <確認事項の意図>  発生している事象で気になる点として、ログファイルの実態も、中身は更新されているのに  更新日が更新されない状態となっており、こちらがログ収集が正常に行えない要因になっている  のではないかと推測しています。まずはこの推測が正しいことを確認するために、本質問を  起票させていただきました。 以上、ご教示の程何卒よろしくお願いします。
I have pushed all my sourcetype in the main index since it was streaming through single app. Now i required to move the data from main index to a new index and i am using splunk cloud instance. So ca... See more...
I have pushed all my sourcetype in the main index since it was streaming through single app. Now i required to move the data from main index to a new index and i am using splunk cloud instance. So can anyone please help in migrating the data from main index to the new index in splunk cloud instance
Hello, I wanna set up deep learning toolkit on my local machine So as the docker host I used "unix://var/run/docker.sock" and Endpoint URL "localhost" but I have an error "('Connection aborted.'... See more...
Hello, I wanna set up deep learning toolkit on my local machine So as the docker host I used "unix://var/run/docker.sock" and Endpoint URL "localhost" but I have an error "('Connection aborted.', FileNotFoundError(2, 'No such file or directory'))" could you help me with this? thanks
i'm trying to join these 2 tables. table 1 : index ="A" sourcetype = A WITH fields deviceName, physicalElementId, physicalType, productFamily, productId, productType, serialNumber table 2 : inde... See more...
i'm trying to join these 2 tables. table 1 : index ="A" sourcetype = A WITH fields deviceName, physicalElementId, physicalType, productFamily, productId, productType, serialNumber table 2 : index ="A" sourcetype = B WITH fields currentEoxMilestone, devDeviceIp, devProductFamily, devProductId, deviceName, physicalElementId, physicalType, productId this is my search : index ="A" sourcetype = A| fields deviceName, physicalElementId, physicalType, productFamily, productId, productType, serialNumber | join type=left physicalElementId [ search sourcetype = B| fields currentEoxMilestone, devDeviceIp, devProductFamily, devProductId, deviceName, physicalElementId, physicalType, productId ] | table currentEoxMilestone, devDeviceIp, devProductFamily, devProductId, deviceName, physicalElementId, physicalType, productId, deviceName, physicalElementId, physicalType, productFamily, productId, productType, serialNumber | dedup physicalElementId | sort -deviceName the problem is that the resulting table has holes on them because of the join type=left. devProductId is absent in sourcetype = A. devProductId is present in sourcetype = B. I'm thinking, i will need to create another Table - Table C. Table C basically be Table A + additional field devProductId. field devProductId would come from Table B. How do it do this ? I tried append, appendcols, join, lookup, etc. inputlookups requires a .csv file which i don't have. I have Table B. Thanks
Hi, is there a way to have the panel screenshot as a link which could be attached into an external alerting system? Something like telegram for example, so that I could attach the panel screenshot au... See more...
Hi, is there a way to have the panel screenshot as a link which could be attached into an external alerting system? Something like telegram for example, so that I could attach the panel screenshot automatically in the telegram? Thanks
I would like to make a scheduled report out of a dashboard.´So it could be a PDF of the complete dashboard that will be sent via Mail. Is that possible in Splunk?
Hi am getting the earliest tie through a text box and I want to set the latest time automatically to (earliest+24h). Please help me how to do that. I do not want to use the time picker input. <fi... See more...
Hi am getting the earliest tie through a text box and I want to set the latest time automatically to (earliest+24h). Please help me how to do that. I do not want to use the time picker input. <fieldset submitButton="false"> <input type="text" token="time" searchWhenChanged="true"> <label>Enter Date</label> </input> </fieldset> <search> <query> index=abcd application="abcd" earliest="$time$" |--------- </query> <refresh>5m</refresh> </search> For example the user will enter the date as 03/15/2020:18:30:00 in the text field and I want the latest to be updated to this time+24h( 03/16/2020:18:30:00)
Hi. We use Lite Free Splunk v6.4.1 for develop and got license expired message. As i see - expiration date - 28 jan 2020. I try "Change to Splunk Light Free", server restarted, but it not update... See more...
Hi. We use Lite Free Splunk v6.4.1 for develop and got license expired message. As i see - expiration date - 28 jan 2020. I try "Change to Splunk Light Free", server restarted, but it not update license time. How can i update my license?
I want to collect and analyze Netflow from Cisco devices and NetFlow Optimizer (NFO) 60days free trial. I am looking for a free Netflow analyzer solution.
In a normal search I can do the following: index=foo sourcetype=csv field1!="blah" AND field2!="hah" How would I translate this to using a CSV file? I want to use a CSV lookup file to manage the ... See more...
In a normal search I can do the following: index=foo sourcetype=csv field1!="blah" AND field2!="hah" How would I translate this to using a CSV file? I want to use a CSV lookup file to manage the search query without doing the following index=foo sourcetype=csv (field1!="blah" AND field2!="hah) OR (field1!="hic" AND field2!="cup") OR (field1!="crazy" AND field2!="frog")..... I know I can write a lookup such as index=foo sourcetype=csv NOT [|inputlookup mycsv.csv | fields field1] but this would match anything where field1 equals whatever is in the CSV. I need the inputlookup to match field1 AND field2 in the CSV.
I am trying to use the Flow Viz Map app with dynamic values utilizing the icons but am having... This is what I have so far (only drawing one 'tablet' OR the 2 'database' elements but not both and... See more...
I am trying to use the Flow Viz Map app with dynamic values utilizing the icons but am having... This is what I have so far (only drawing one 'tablet' OR the 2 'database' elements but not both and no flow is visable): index=main sourcetype="*:application" | stats sum(eval(event_severity_code="SUCCESS")) as good sum(eval(event_severity_code="ERROR")) as errors sum(eval(event_severity_code="WARNING")) as warn by host | eval path=if(like(host,"business%"),"BEL---"+host,"") | eval node="BEL" how do I add more than one node? | eval icon=if(match(node,"BEL"),"tablet","database") | table path node good warn error icon This second query returns correct results but with no icons: index=main sourcetype="*:application" | stats sum(eval(event_severity_code="SUCCESS")) as good sum(eval(event_severity_code="ERROR")) as errors sum(eval(event_severity_code="WARNING")) as warn by host | eval to=host, from="BEL" | table to from good warn error Any help would be appreciated Thank you @chrisyoungerjds for your help - I was able to achieve these results with your help
Hi all, Is there a way we can see all new/pending/closed investigations created? Mind you we can create investigations without having any notable events. I Know looking into Incident Audit - bu... See more...
Hi all, Is there a way we can see all new/pending/closed investigations created? Mind you we can create investigations without having any notable events. I Know looking into Incident Audit - but i am not sure if you can only fetch those specific things i need.
Hi, I'm trying to work out how I can display values from a column based on a unique number appearing in another column. Here's what I'm working with: Col1 Col2 Item_0 Monkey Item_1 Tiger I... See more...
Hi, I'm trying to work out how I can display values from a column based on a unique number appearing in another column. Here's what I'm working with: Col1 Col2 Item_0 Monkey Item_1 Tiger Item_2 Gorilla Type_0 1 Type_1 1 Type_2 0 For example, Item_0 and Type_0 need to line up, resulting in Monkey 1, Item_2 and Type_2 is Gorilla 0 etc. Thanks in advance, Splunk ninjas!
Hi Just starting to try Splunk with https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/UsetheHTTPEventCollector#Configure_HTTP_Event_Collector_on_self-service_Splunk_Cloud when I do a curl... See more...
Hi Just starting to try Splunk with https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/UsetheHTTPEventCollector#Configure_HTTP_Event_Collector_on_self-service_Splunk_Cloud when I do a curl -k https://input-xyz.cloud.splunk.com:8088/services/collector/event -H "Authorization: Splunk blah" -d ' { "index": "summary", "event": "blah blah blah ","sourcetype": "_json" } ' I get {"text":"Success","code":0} but the "Data Summary" shows nothing except "Waiting for results... " Thanks
With everyone working remotely nowadays, does anyone want to share their content on what a good PAN Global Protect dashboard could look like? I know there's the Palo Alto Networks app that relies o... See more...
With everyone working remotely nowadays, does anyone want to share their content on what a good PAN Global Protect dashboard could look like? I know there's the Palo Alto Networks app that relies on the PAN data model, for those of us that don't use that app: What panels do you like to have on your dashboard? What's your favorite visualization for VPN connections? Does anyone have some good SPL around duration time and data transferred during a session? Just so it doesn't seem like I'm asking someone to build me a dashboard. My panels contain "Total number of users connected today", "Number of users connect to each gateway", " Number of users per department connected to VPN" Also, when is Palo Alto going to parse out the whole VPN event (OS, host, etc) that they dump into the system logs? Thanks in advance.
I downloaded the app from Splunkbase to my local host, how do I upload it to the cloud? It is a certified app. Is the free version limited?
Hi. When there are multiple rows in the table, we get the leftmost value through click.value, but I want to get the value of the second column. How to do this. Or is it possible to extract the ... See more...
Hi. When there are multiple rows in the table, we get the leftmost value through click.value, but I want to get the value of the second column. How to do this. Or is it possible to extract the value of a specific field as a token for the log clicked in the second way? Thank you
Hello, After updating WebLogic from version 12.1 to 12.2.1.3.0 and Java from 6 to 8 (1.8.0_191), we start getting some "JBO-27122: SQL error during statement preparation" errors. After some investi... See more...
Hello, After updating WebLogic from version 12.1 to 12.2.1.3.0 and Java from 6 to 8 (1.8.0_191), we start getting some "JBO-27122: SQL error during statement preparation" errors. After some investigation we remove AppDynamics from our start scripts and this error disappear. We are using AppDynamics agent version 4.5.8.25346. Can you please assist with this issue? Please see error below: 2019-12-16 21:01:32.436 ERROR [faultQuartzScheduler_Worker-0] au.gov.wa.dola.eas2.businesszone.businessprocess.request.EasRequestProcessBean : Caught oracle.jbo.SQLStmtException oracle.jbo.SQLStmtException: JBO-27122: SQL error during statement preparation. Statement: SELECT ParentTitleLot.REQUEST_NUMBER, ParentTitleLot.PI_TYPE, ParentTitleLot.PI_PARCEL, ParentTitleLot.POLYGON_NUMBER, ParentTitleLot.REGISTER_ID, ParentTitleLot.STRATA_LOT_NUMBER, ParentTitleLot.TITLE_PREFIX, ParentTitleLot.TITLE_VOLUME_NUMBER, ParentTitleLot.TITLE_FOLIO_NUMBER, ParentTitleLot.TITLE_SUFFIX, ParentTitleLot.PARCEL_NUMBER FROM EAS.PARENT_TITLE_LOT ParentTitleLot WHERE (ParentTitleLot.REQUEST_NUMBER = :1) at oracle.jbo.server.QueryCollection.buildResultSet(QueryCollection.java:644) at oracle.jbo.server.QueryCollection.executeQuery(QueryCollection.java:521) at oracle.jbo.server.ViewObjectImpl.executeQueryForCollection(ViewObjectImpl.java:3200) at oracle.jbo.server.ViewRowSetImpl.execute(ViewRowSetImpl.java:597) at oracle.jbo.server.ViewRowSetImpl.execute(ViewRowSetImpl.java:574) at oracle.jbo.server.ViewRowSetIteratorImpl.ensureRefreshed(ViewRowSetIteratorImpl.java:2548) at oracle.jbo.server.ViewRowSetIteratorImpl.hasNext(ViewRowSetIteratorImpl.java:1705) at oracle.jbo.server.ViewRowSetImpl.hasNext(ViewRowSetImpl.java:2537) at au.gov.wa.dola.eas2.businesszone.businessprocess.request.EasRequestProcessBean.loadAdviceOfSale(EasRequestProcessBean.java:2961) at au.gov.wa.dola.eas2.businesszone.businessprocess.request.EasRequestProcessBean.loadAdviceOfSale(EasRequestProcessBean.java:2807) at au.gov.wa.dola.eas2.businesszone.businessprocess.request.EasRequestProcessBean.loadRequest(EasRequestProcessBean.java:363) at au.gov.wa.dola.eas2.businesszone.businessprocess.request.EasRequestProcess_3xxnzk_ELOImpl.__WL_invoke(Unknown Source) at weblogic.ejb.container.internal.SessionLocalMethodInvoker.invoke(SessionLocalMethodInvoker.java:33) at au.gov.wa.dola.eas2.businesszone.businessprocess.request.EasRequestProcess_3xxnzk_ELOImpl.loadRequest(Unknown Source) at au.gov.wa.dola.eas2.businesszone.service.eas.CmdLoadRequest.execute(CmdLoadRequest.java:57) at au.gov.wa.dola.framework.businesszone.service.RequestController.execute(RequestController.java:49) at au.gov.wa.dola.framework.businesszone.service.ServiceRequestHelper.execute(ServiceRequestHelper.java:44) at au.gov.wa.dola.eas2.businesszone.businessprocess.message.handler.EmailAgentSummariesBean.getAdviceOfSale(EmailAgentSummariesBean.java:457) at au.gov.wa.dola.eas2.businesszone.businessprocess.message.handler.EmailAgentSummariesBean.emailSummariesToAgent(EmailAgentSummariesBean.java:82) at au.gov.wa.dola.eas2.businesszone.businessprocess.message.handler.EmailAgentSummariesBean.emailAgentSummaries(EmailAgentSummariesBean.java:190) at au.gov.wa.dola.eas2.businesszone.businessprocess.message.handler.EmailSummaries_8me4xv_ELOImpl.__WL_invoke(Unknown Source) at weblogic.ejb.container.internal.SessionLocalMethodInvoker.invoke(SessionLocalMethodInvoker.java:33) at au.gov.wa.dola.eas2.businesszone.businessprocess.message.handler.EmailSummaries_8me4xv_ELOImpl.emailAgentSummaries(Unknown Source) at au.gov.wa.dola.eas2.scheduler.tasks.EmailAgentSummariesTaskRunner.execute(EmailAgentSummariesTaskRunner.java:77) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.springframework.util.MethodInvoker.invoke(MethodInvoker.java:283) at org.springframework.scheduling.quartz.MethodInvokingJobDetailFactoryBean$MethodInvokingJob.executeInternal(MethodInvokingJobDetailFactoryBean.java:272) at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86) at org.quartz.core.JobRunShell.run(JobRunShell.java:203) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520) ## Detail 0 ## java.sql.SQLException: Statement cancelled, probably by transaction timing out at weblogic.jdbc.wrapper.Statement.postInvocationHandler(Statement.java:64) at weblogic.jdbc.wrapper.PreparedStatement_oracle_jdbc_driver_OraclePreparedStatementWrapper.setMaxRows(Unknown Source) at oracle.jbo.server.QueryCollection.buildResultSet(QueryCollection.java:582) at oracle.jbo.server.QueryCollection.executeQuery(QueryCollection.java:521) at oracle.jbo.server.ViewObjectImpl.executeQueryForCollection(ViewObjectImpl.java:3200) at oracle.jbo.server.ViewRowSetImpl.execute(ViewRowSetImpl.java:597) at oracle.jbo.server.ViewRowSetImpl.execute(ViewRowSetImpl.java:574) at oracle.jbo.server.ViewRowSetIteratorImpl.ensureRefreshed(ViewRowSetIteratorImpl.java:2548) at oracle.jbo.server.ViewRowSetIteratorImpl.hasNext(ViewRowSetIteratorImpl.java:1705) at oracle.jbo.server.ViewRowSetImpl.hasNext(ViewRowSetImpl.java:2537) at au.gov.wa.dola.eas2.businesszone.businessprocess.request.EasRequestProcessBean.loadAdviceOfSale(EasRequestProcessBean.java:2961) at au.gov.wa.dola.eas2.businesszone.businessprocess.request.EasRequestProcessBean.loadAdviceOfSale(EasRequestProcessBean.java:2807) at au.gov.wa.dola.eas2.businesszone.businessprocess.request.EasRequestProcessBean.loadRequest(EasRequestProcessBean.java:363) at au.gov.wa.dola.eas2.businesszone.businessprocess.request.EasRequestProcess_3xxnzk_ELOImpl.__WL_invoke(Unknown Source) at weblogic.ejb.container.internal.SessionLocalMethodInvoker.invoke(SessionLocalMethodInvoker.java:33) at au.gov.wa.dola.eas2.businesszone.businessprocess.request.EasRequestProcess_3xxnzk_ELOImpl.loadRequest(Unknown Source) at au.gov.wa.dola.eas2.businesszone.service.eas.CmdLoadRequest.execute(CmdLoadRequest.java:57) at au.gov.wa.dola.framework.businesszone.service.RequestController.execute(RequestController.java:49) at au.gov.wa.dola.framework.businesszone.service.ServiceRequestHelper.execute(ServiceRequestHelper.java:44) at au.gov.wa.dola.eas2.businesszone.businessprocess.message.handler.EmailAgentSummariesBean.getAdviceOfSale(EmailAgentSummariesBean.java:457) at au.gov.wa.dola.eas2.businesszone.businessprocess.message.handler.EmailAgentSummariesBean.emailSummariesToAgent(EmailAgentSummariesBean.java:82) at au.gov.wa.dola.eas2.businesszone.businessprocess.message.handler.EmailAgentSummariesBean.emailAgentSummaries(EmailAgentSummariesBean.java:190) at au.gov.wa.dola.eas2.businesszone.businessprocess.message.handler.EmailSummaries_8me4xv_ELOImpl.__WL_invoke(Unknown Source) at weblogic.ejb.container.internal.SessionLocalMethodInvoker.invoke(SessionLocalMethodInvoker.java:33) at au.gov.wa.dola.eas2.businesszone.businessprocess.message.handler.EmailSummaries_8me4xv_ELOImpl.emailAgentSummaries(Unknown Source) at au.gov.wa.dola.eas2.scheduler.tasks.EmailAgentSummariesTaskRunner.execute(EmailAgentSummariesTaskRunner.java:77) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.springframework.util.MethodInvoker.invoke(MethodInvoker.java:283) at org.springframework.scheduling.quartz.MethodInvokingJobDetailFactoryBean$MethodInvokingJob.executeInternal(MethodInvokingJobDetailFactoryBean.java:272) at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86) at org.quartz.core.JobRunShell.run(JobRunShell.java:203) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520) 2019-12-16 21:01:32.439 ERROR [faultQuartzScheduler_Worker-0] au.gov.wa.dola.eas2.businesszone.businessprocess.request.EasRequestProcessBean : [java.sql.SQLException: Statement cancelled, probably by transaction timing out]