All Topics

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Topics

Hello guys. Our company wants to upgrade from Splunk light to Splunk enterprise. But the sales are unreachable. I have written letters, made calls - no result. Tried different contact forms. Does any... See more...
Hello guys. Our company wants to upgrade from Splunk light to Splunk enterprise. But the sales are unreachable. I have written letters, made calls - no result. Tried different contact forms. Does anyone knows a way to reach sales? Best regards, Andrey
Hi , I want to create visualization based on process run time log field is "TotalExecutionTimeInSeconds":4129. I have to create chart based on this value. Please help me.
hi why "MemoryUsage" doenst return any results? eval FreeMemory = round(Value, 0). " MB" | eval TotalMemory = round((TotalPhysicalMemory / 1024 / 1024), 0). " MB" | eval MemoryUsage = (Tota... See more...
hi why "MemoryUsage" doenst return any results? eval FreeMemory = round(Value, 0). " MB" | eval TotalMemory = round((TotalPhysicalMemory / 1024 / 1024), 0). " MB" | eval MemoryUsage = (TotalMemory - FreeMemory) / TotalMemory | stats last(FreeMemory) as "Free Memory", last(TotalMemory) as "Total memory", values(MemoryUsage) as "Memory Usage" by host Is anybody can help me??
I have files uploaded to the NT share The file is indexed and will be updated daily by QC system Most of the time the file will stay the same the retention time for the index is defined as ... See more...
I have files uploaded to the NT share The file is indexed and will be updated daily by QC system Most of the time the file will stay the same the retention time for the index is defined as 7 days How I can index the file once a day after it's uploaded to the share event the data in the file is not changed ? I tried the below in inputs.conf [monitor://\raanana\Tabi4Splunk\QC_integration_csv\Splunk-ABP_DEV.csv] disabled = 0 index = penetrationtest_pbg sourcetype = csv_current_time ignoreolderthan=1d crcSalt =
Hi Team, We have deployed Splunk Cloud in our environment. We have opted 300 GB of licensing per day and in that we are utilizing approx 250 to 270 GB licensing per day till date. Is it possibl... See more...
Hi Team, We have deployed Splunk Cloud in our environment. We have opted 300 GB of licensing per day and in that we are utilizing approx 250 to 270 GB licensing per day till date. Is it possible to predict the licensing for the upcoming days as well as months? Do we have any search query or an app to predict the license usage approx. forecast based on the current trends? If yes kindly help on the same.
HI All, I have situation where I need to sum every 5 rows which are for every 10 min data for an hour. so for example I need to sum the rows and columns based on 01/01/2020 00:00:00 to 00:50:00 (6... See more...
HI All, I have situation where I need to sum every 5 rows which are for every 10 min data for an hour. so for example I need to sum the rows and columns based on 01/01/2020 00:00:00 to 00:50:00 (6 rows) and i have 5 columns in place. The hourly total should sum all the 6 rows and columns data and should be split after every 6 rows.. as shown in the below example it would be run from 00:00:00 to 23:59:59 _time A B C D E Hourly_Totals 2020-01-01 00:00:00 178 3 0 0 1 2020-01-01 00:10:00 267 4 0 0 0 2020-01-01 00:20:00 250 2 0 0 3 2020-01-01 00:30:00 192 3 0 0 0 2020-01-01 00:40:00 233 4 0 0 0 2020-01-01 00:50:00 183 7 0 0 0 1330 ------------------------------------------------------------------------------ 2020-01-01 01:00:00 160 7 1 0 0 2020-01-01 01:10:00 142 5 0 0 0 2020-01-01 01:20:00 209 12 2 0 0 2020-01-01 01:30:00 399 31 0 0 0 2020-01-01 01:40:00 355 26 0 0 0 2020-01-01 01:50:00 661 15 3 0 1 <Total>
HIhi why I have no resulys even if I merge 2 index even if I have results when I execute one or the other? (index=ai-pe-* sourcetype="Perfmon:Mem OR index=ai-wmi-* sourcetype="WMI:Mem") ... See more...
HIhi why I have no resulys even if I merge 2 index even if I have results when I execute one or the other? (index=ai-pe-* sourcetype="Perfmon:Mem OR index=ai-wmi-* sourcetype="WMI:Mem") | fields host Value TotalPhysicalMemory | eval FreeMemory = round(Value, 2). " MB" | eval TotalMemory = round((TotalPhysicalMemory / 1024 / 1024), 2). " MB"
I need three dropdowns which should be shown based on the check box.. If there is no check box choosen, the dropdown should be hidden.. Like checkbox1 dropdown1 checkbox2 dropdown2 checkb... See more...
I need three dropdowns which should be shown based on the check box.. If there is no check box choosen, the dropdown should be hidden.. Like checkbox1 dropdown1 checkbox2 dropdown2 checkbox3 dropdown3 when I click on the checkbox1 then only the dropdown1 should showup and fetch the result based on my search query.
Hello! First of all thanks a lot for the App as it was really useful for us in various ways! I am using the popover js in some of our dashboards. It was working nice but since we have upgrad... See more...
Hello! First of all thanks a lot for the App as it was really useful for us in various ways! I am using the popover js in some of our dashboards. It was working nice but since we have upgraded to 7.3.4 it sadly does not "popover" anymore. I have tried from the App to be sure as well as from various Web browsers. I would be glad to help but I just can't do js require(["jquery", "splunkjs/ready!", "bootstrap.popover", "bootstrap.tooltip" ], function( $, Ready) { $("[data-popover]").attr("data-toggle", "popover").popover() $("[data-tooltip]").attr("data-toggle", "tooltip").tooltip() }) //# sourceURL=ex36-tooltips-and-popovers.js If anyone as a hint on what is wrong here it would be great!
I have installed MLTK on my latest splunk 8.0.0 and i could see few Pre-defined alogrithms in it. how do we use it for our requirement to predict and how do i create a visualization for that. Can som... See more...
I have installed MLTK on my latest splunk 8.0.0 and i could see few Pre-defined alogrithms in it. how do we use it for our requirement to predict and how do i create a visualization for that. Can some one help me out ?
Hi Everyone, I am trying to create an alert on the dashboard click button similar to Splunk Web. Is there any way to achieve this using Splunk Javascript SDK? Please help me to out of t... See more...
Hi Everyone, I am trying to create an alert on the dashboard click button similar to Splunk Web. Is there any way to achieve this using Splunk Javascript SDK? Please help me to out of this?
Hi everybody, I was on PTS in Europe last year and visited the Trumpet talk over there. However during the talk a website was shown that presented a interactive map on how you could onboard differ... See more...
Hi everybody, I was on PTS in Europe last year and visited the Trumpet talk over there. However during the talk a website was shown that presented a interactive map on how you could onboard different AWS data sources to Splunk. Does anybody know the linkt to that website?
hi i use the search below for displaying a timechart as you can see, the timechart is sorted by host `toto` earliest=-5d latest=now | lookup test.csv HOSTNAME as host output SITE MODEL... See more...
hi i use the search below for displaying a timechart as you can see, the timechart is sorted by host `toto` earliest=-5d latest=now | lookup test.csv HOSTNAME as host output SITE MODEL | timechart avg(BootTime) as "Boot time" by host limit=10 useother=false but I also need to values the fields SITE and MODEL in order to have for an host, the avg(BootTime), the SITE and the MODEL Something like : | timechart avg(BootTime) as "Boot time" by host SITE MODEL How to do for values other fields with a timechart command please???
Hi Team, We have deployed Splunk Cloud in our environment. We have opted 300 GB of licensing per day and in that we are utilizing approx 250 to 270 GB licensing per day till date. Is it possibl... See more...
Hi Team, We have deployed Splunk Cloud in our environment. We have opted 300 GB of licensing per day and in that we are utilizing approx 250 to 270 GB licensing per day till date. Is it possible to predict the licensing for the upcoming days as well as months? Do we have any search query or an app to predict the license usage approx. forecast based on the current trends? If yes kindly help on the same.
Hai I need to pass trace id from jmeter . That trace id needs to be captured in splunk and the logs of that should be parsed for end report in splunk. Can someone pls guide me on this.
I have displayed percentile of certain metric values by grouping with month & host in a table representation. Whatever host category, we select from the dropdown, the value of the metrics will be dis... See more...
I have displayed percentile of certain metric values by grouping with month & host in a table representation. Whatever host category, we select from the dropdown, the value of the metrics will be displayed for each of its hosts. No. of servers in each host category will differs. As like addtotals I want to take percentile of my entire row values. Below are sample data from my table panel. Month host1 host2 host3 Jan 90 40 78 Feb 36 27 56 : Dec 12 49 22 The command addtotals will sum all the values of a row and provide one more column with the cumulative value. But in my case instead of sum I want to do percentile of all those values. Below is the way I wanted Month host1 host2 host3 P95(host) Jan 90 40 78 Feb 36 27 56 : Dec 12 49 22 Could anyone help me on this asap?
Hi, The below values are first event occurrence of that particular driver_id in respect of their unique dispatch_id. I am having the following values after doing search _time ... See more...
Hi, The below values are first event occurrence of that particular driver_id in respect of their unique dispatch_id. I am having the following values after doing search _time store_id driver_id dispatch_id error_code status_code miles 2020-02-18 12:43:23.589 744107 y 41647 1000 200 0 2020-02-18 12:43:24.235 744107 x 41648 1000 200 0 2020-02-18 12:43:22.911 744107 y 41646 1000 200 0 2020-02-18 12:43:22.260 744107 y 41645 1000 200 0 I need to send the alert whenever there is sudden change of dispatch_id of that driver_id. Currently, I am getting all the values in the alert. Kindly help me on this.
I am using splunk cloud 7.2.9. i want to hide a table visualization when it has no results/data from the results. I was not able to hide a table if it has no results or empty.
Dear support team. we have some question about NewRelic's infrastructure information. how to add NewRelic's infrastructure information into Splunk service? Already NewRelic APP , ADD-on has be... See more...
Dear support team. we have some question about NewRelic's infrastructure information. how to add NewRelic's infrastructure information into Splunk service? Already NewRelic APP , ADD-on has been installed to Splunk service. but we can't find NewRelic's infrastructure information anywhere. so, please let me know how to add NewRelic's infrastructure information to Splunk service? if you have any question please let me know. Thanks, John.
I have a use case where i need to plot the time graph, which shows the events count based on time. I must be able to see the graphical view of spike in the events I receive over time. I have some log... See more...
I have a use case where i need to plot the time graph, which shows the events count based on time. I must be able to see the graphical view of spike in the events I receive over time. I have some log similar to the one mentioned below: { @timestamp: 2020-02-04T13:46:41.274+00:00 domain: test environment: dev level: INFO logger_name: com.test.practice.evthub.sse.impl.EventEncrypter message: Published records to Kinesis stream thread_name: main } Query: domain="test" environment="dev" logger_name="com.test.practice.evthub.sse.impl.EventEncrypter" message="Published records to Kinesis stream"|stats count by message I tried using timechart function by passing the message as input but was getting some tabular format instead of graph plots. Can someone help me to do this query ?