Hi, I am unable to use strptime() here correctly. My code is: index="ABC" | eval time=strptime(_time, "%Y-%m-%dT%H:%M:%S") | bin time span=15m | table time But the table has no output ..... Can you please help? Thanks! ... View more

Hi, My overall goal is to create a resulting data table with headings including HourOfDay, BucketMinuteOfHour, DayOfWeek, and source, as well as creating an upperBound and lowerBound. My current query is as follows: index="akamai" sourcetype=akamaisiem | eval time = _time | eval time=strptime(time, "%Y-%m-%dT%H:%M:%S") | bin time span=15m | eval HourOfDay=strftime(time, "%H") | eval BucketMinuteOfHour=strftime(time, "%M") | eval DayOfWeek=strftime(time, "%A") | stats avg(count) as avg stdev(count) as stdev by HourOfDay,BucketMinuteOfHour,DayOfWeek,source | eval lowerBound=(avg-stdev*exact(2)), upperBound=(avg+stdev*exact(2)) | fields lowerBound,upperBound,HourOfDay,BucketMinuteOfHour,DayOfWeek,source | outputlookup state.csv However, it produces zero results. Can you please help? I am using the following article as a guide as this is for an anomaly detection project: https://www.splunk.com/en_us/blog/platform/cyclical-statistical-forecasts-and-anomalies-part-1.html I appreciate any help. tHANKS! ... View more

Hi, I am running the following query to check seasonality in my index: index="ABC | timechart count by _time | timechart Error in 'timechart' command: Repeated group-by field '_time'. The search job has failed due to an error. You may be able view the job in the Job Inspector.However, I am receiving the following error and I do not understand it at all: Can you please help? Many thanks! ... View more

Hi. I have a dataset and one of the index columns is "X". I need to check whether or not this "X" feature is normally-distributed by plotting a histogram. I tried doing this but this doesn't plot the actual actual values:   Can you please help? ... View more

Hi, I created a Splunk app with React but when I symlinked into Splunk's application directory, I receive the expected message as follows: BUT .... even after restarting my Splunk instance, the Splunk app does not appear on my list of apps on my Splunk instance. Why would this be and how can I fix this? Many thanks. ... View more

Hi,   I have an alert that is supposed to trigger an email each subsequent day when there are 0 logs in the last 24 hours against a particular search.   However, when there ARE 0 logs in the past 24 hours, my alert does not get triggered for some reason. My alert is as follows:   Can you please help as I do not understand why this alert is not working as expected? Many thanks! ... View more

Hi, I need to create an index called "assets" from a JSON data file that I have. However, wen I try and create such an index and navigate to the given data file, I receive the following error: The index in question does not currently exist on my Splunk instance and I am trying to create a new index and populate this index with this data. Can you please help?   Thanks. ... View more

Hi,   I have a query that outputs a table with the following 3 fields: Latitude, Longitude, Count   How can I turn this query into a JSON format so that I can use it with React?   Many thanks, Patrick ... View more

Hi, I need to use a number of regression models on some index data. This index data is in an app called "XY". However, thus far, I have only been able to use the regression modelling on the Splunk MLTK app. Is it possible to call such  functionality in the Splunk MLTK app while inside another app which has the data you wish to model on? Otherwise, what alternatives can I do in this situation? Many thanks, ... View more

Hi, I have a dashboard where one row has the panels appearing overlapping: This is the current HTML code for this row:   How can I fix this? Thanks as always! ... View more

Hi, I have a row on a dashboard with a number of panels with metrics. However, the panels appear off-set  and the metrics are not centered: Currently, the row is defined as follows: <row> <panel id="tn"> <title>Total</title> <html> <style> single{ width: auto; font-size=20%; } </style> </html> How can I fix this? Thanks, ... View more

Hey, I have a big query and I need to have a command on the query that would filter all  Asset_State!="Development" OR Asset_State!="Pre-Production", bit for ONLY Asset_Environment!="PKI  AND Offline" Status="2". If tried the following command: | if( Asset_Environment!="PKI  AND Offline" Status="2".,search NOT (Asset_State!="Development" OR Asset_State!="Pre-Production"))   I know the syntax is wrong, can you help ? Many thanks ... View more

Hey, I have a big base search  and I want to add a condition in the search that would remove/ filter out Asset_State if either Development or "Pre-Production" ONLY IF     Asset_Environment!="PKI Offline" Status="2. At the moment, this is the line in the query I have for this: .......| if(Asset_Environment!="PKI Offline" Status="2, search NOT (Asset_State!="Development" OR Asset_State!="Pre-Production") |.... Syntactically, I know this is incorrect .... can someone please help??? Many thanks as always!!! ... View more