×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
chengka
Explorer
Member since: ‎03-10-2014
‎02-25-2022
Community Statistics
Posts 33
Solutions 0
Karma Given 3
Karma Received 2
Member Since ‎03-10-2014
Activity Feed
Topics I've Started
View All

Re: Why is INDEXED_EXTRACTIONS=csv not working in ...

by in Splunk Search
‎05-22-2025 11:48 PM
‎05-22-2025 11:48 PM
what do you mean by inputs.conf what should I configure in that file, can you please elaborate ? ... View more

Re: Splunk for mathematical difference in stats?

by in Splunk Search
‎02-25-2022 07:14 AM
‎02-25-2022 07:14 AM
Thank you. You are correct,  355-200 was a mistake.  ... View more

Re: Is mgmtHostPort secure?

by in Security
‎06-21-2019 09:49 AM
‎06-21-2019 09:49 AM
By default the management port uses self-signed certs, but it absolutely is SSL (TLS) enabled. If you'd like to secure it with properly signed, or locally signed by your company's CA, there are lots of docs out there. This was a great presentation by splunk legend Dwaddle a few years back. https://conf.splunk.com/session/2015/conf2015_DWaddle_DefensePointSecurity_deploying_SplunkSSLBestPractices.pdf ... View more

Re: How to create alerts based on 2 sourcetypes an...

by in Splunk Search
‎06-13-2019 09:47 AM
‎06-13-2019 09:47 AM
Hi @chengka , You could also try the following: index=stats (sourcetype=services History Service) OR (sourcetype=logs_sl "org.apache.coyote.AbstractProtocol start") | eval restart = if(sourcetype==logs_sl, 1, 0) | stats max(restart) as restart count | where (restart==0) AND (count < 40) Each event will be assigned a restart value of 0, unless it's the logs_sl sourcetype that matches the restart string, which will then get assigned a restart value of 1. Then stats will find the highest value of restart, which should always be 0 unless there's a restart, in which case it's 1. Finally the where statement only shows results of there is no restart and the count is less than 40. ... View more

Re: Did 6.2.2 close a loophole or break HTML links...

by in Dashboards & Visualizations
‎08-02-2017 11:35 AM
‎08-02-2017 11:35 AM
I am having the same issue; but the links must be generated by our custom navigation menues.... I never set this. Is there a bulk way to get this to come back? Just rolled forward from 6.5 to 6.6 today and things went bad. ... View more

Re: Display only differences in values, between 2 ...

by in Splunk Search
‎03-01-2017 12:01 PM
‎03-01-2017 12:01 PM
That worked! I added some OR statements to the where, so I can see other relevant fields that identify the resource. Thank you! ... View more

Re: Splunk Add-on for Apache Web Server: Where are...

by in All Apps and Add-ons
‎08-17-2016 01:27 PM
‎08-17-2016 01:27 PM
Hi @chengka You should be able to access the prebuilt panels following this page from documentation: http://docs.splunk.com/Documentation/AddOns/released/Overview/Prebuiltpanels ... View more

Re: How do I add fields to output from predict

by in Splunk Search
‎01-26-2016 03:04 PM
‎01-26-2016 03:04 PM
That worked. Thank you. ... View more

Re: How to set up a cron schedule for every 12 hou...

by in Alerting
‎10-29-2015 09:05 AM
‎10-29-2015 09:05 AM
Wow, so simple and I tried lots of complicated permutations. Thank you. ... View more

Re: How do I index files which do not grow, just c...

by Splunk Employee in Getting Data In
‎02-19-2015 10:05 AM
‎02-19-2015 10:05 AM
Option 1: Put a timestamp in the filename: filename-01-19-2015-13-03-00.txt Be sure to script a clean up of the directory every week or so. Option 2: Use a scripted input. Have the script read out the file into splunk, then delete the file from the file system. Scripted inputs are covered here: http://docs.splunk.com/Documentation/Splunk/6.2.1/AdvancedDev/ScriptedInputsIntro ... View more

Re: How to alter or create dashboards using Sidevi...

by SplunkTrust in All Apps and Add-ons
‎02-06-2015 03:58 PM
‎02-06-2015 03:58 PM
I'm sorry that to date there is still no converter from Simple XML to Sideview XML. It's a pain. The best answer right now though, is to rewrite the view from scratch. And for the first one you have to somewhat blindly trust that it wont take as long as it feels it will. Either in a texteditor writing XML, or if that's not your style, using the Sideview Editor. If you have a couple pulldowns and a textfield and a search and chart, go crib from the Pulldown and TextField examples in the docs. If the examples aren't loading for you it most likely means that you're not an admin user on that system and thus you can't see the "_internal" index. (Install splunk and Utils locally but dont index any data, and you'll have a small but usable set of _internal data and the examples will run) You'll get the hang of the manual conversion more quickly than you might think. And I can't promise to do the conversion for you, but I'll be happy to read any simple XML you send to nick [at] sideviewapps.com and I'll convert it if I can do it in a few minutes. ... View more

Re: How to extract a field that can possibly have ...

by Splunk Employee in Splunk Search
‎01-26-2015 09:17 PM
‎01-26-2015 09:17 PM
Try this regex: MCAUSER\('(?<MCAUSER>[^']*)'\) that will look for the string MCAUSER and extract everything between (' and ') in a field called MCAUSER ... View more

Re: Problem extracting field from a field

by in Splunk Search
‎12-11-2014 07:21 AM
‎12-11-2014 07:21 AM
Thank you, changing the class name did the trick. ... View more

Re: Unable to initialize modular input "jmx" defi...

by in Getting Data In
‎12-03-2014 09:08 AM
‎12-03-2014 09:08 AM
I had this exact error and I resolved it by removing Python v3.4 and using v2.7(which was listed as a prereq in the documentation) ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎02-25-2022 10:40 AM
Karma from
View All
Karma given to
View All