Hi, I am looking for some solution how to find in Splunk scheduled searches not used for several weeks by users or apps (for example user left and search is not checked). I tried to focus to audit lo...
We run a report every week that counts how many times a firewall policy was used. (A firewall policy is represented by a number)
What I would like to do is compare a master list of all the firewa...
Given a search:
index="muni" | nbclosest | timechart span=30m dc(vehicle_id) as NumVehicles
(where nbclosest is a custom search command that filters results and isn't relevant to this ques...
This issue is primarily related to events ingested via the IMAP Mailbox App We are running a distributed environment with a HF, 3x indexer and 3x search head (accessed via a VIP). The install has b...
Events were being split improperly when indexed:
One event:
2014-04-14T11:34:59-07:00 Database="<Database>" Active="Active" MasterType="Server" Status="Mounted" PublicFolderDatabase="&l...
Hi all.
I currently experiencing an issue where simple strings won't provide any events while two weeks ago I had. Doesn't matter the time frame. Tried "All time" and still zero events.
So, I wis...
I am looking for indexes which are utilizing only 10%-20% of storage allocated to them. Can i please know is there any query to find out that.I know that we can look into DMC but i specifically need ...
I got this error while starting Splunk on the indexer.
homePath='/opt/splunk/var/lib/splunk/audit/db' of index=_audit on unusable filesystem. Validating databases (splunkd validatedb) failed w...
...ntroduce a second dimension, 1 = used , 0 = unused. Punch card looks interesting - anyone done anything similar - maybe ip addressing or something else? my use case is charting ldap attributes (I...