...he search only looks in the main index.
i have to add index="syslogservers" to the search filter for any events to be returned.
I've tried to figure this out, but i'm still a bit green to splunk....
...ame that is returned from the first search is static.
How can I correlate the name/value/field(s) from a search to a source of other eventsand build access control ontop of that? I cannot change the w...
...for a given hour and other_field, that other_field doesn't appear at this hour in the resulting table.
Is there a way to modify this to add 0's for the hours and other_fields with no events?
I t...
...ime that the event occurred. The information is in the detailed data, however makes for a very ugly report. Being a novice at best I’ve reached the limit of my knowledge. What can I add to the s...
...s add that link to the alert email so the recipient can read the email reportand if necessary, hit the link and be taken to the report with all the specific events.
Is this possible in Splunk?
~Ed
We have an issue with the Microsoft Azure Active Directory Reporting Add-on for Splunk where it's not retrieving all the signin events.
We currently have our interval set at 60 seconds. We can t...
...he timeline showed "No events found" and none were displayed. In other instances fewer events are displayed than the counter states that there should be.
In the search log there are errors for T...
...arks for the start and end events, the IP Addresses (all in different events - thank you) and I have created a transaction to group them together. Here is my search string, as is:
index=i...
I have a single search head and configured the props.conf to have DATETIME_CONFIG = CURRENT as I want the data to be indexed at the time Splunk receives the report. I restarted splunk after every c...