There is a csv file I had added to a a directory which HF monitors. That input is set as Batch input. Because there was some issue with the data was getting formatted, I deleted the results from t...
..." ".KCQEndTime, "%Y-%m-%d %H:%M:%S"))
However, I'm not able to get it to work when I create this field using the Splunk Web App (Settings->Fields->Calculated Fields) or editing the props.conf file. T...
Hi Community, I am having a weird issue with Splunk Enterprise. I had setup a universal internal forwarder to execute a script that gives me the list of all different processes within the L...
...hat, I need to create a field with the value of 5 minutes for each Alert (is more or less the time I think the people spent handling this).
I want to set it for then, sum up the field for each e...
Hi,
I have setup a Alert as such
index=rest because the offer is shutoff. partnerId="*" host="*-prd-rst*" | stats count by partnerId,offerId | lookup partneridlookup partnerId OUTPUT R...
I am using a HEC and configured a custom source type that sets _time based on a field in the JSON data and when using the "add data" sample data, it works great. _time gets updated, however, w...
I'ved been having issues with getting "CPU utilization" to up on the Windows infrastructure dashboard. I found that when i click on the Windows entities and move onto a single windows machine i...
...hen I put in my tested regex in the hostname field it ofc doesn't work. So I guess I first have to setup the sourcetype in props.conf and configure the extraction in transforms.conf 2.) I c...
Hi
I am running an splunk instance within my AWS account, and i'm trying to setup an Cloudtrail SQS based S3 imput. The cloud trail logs are stored in a bucket (auditlogs) in separate account, w...