Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About allan_newton
allan_newton
Path Finder
Member since:
06-14-2013
06-05-2020
Community Statistics
| Posts | 38 |
| Solutions | 0 |
| Karma Given | 8 |
| Karma Received | 8 |
| Member Since | 06-14-2013 |
Activity Feed
- Got Karma for How to insert checkboxes in a simple statistics results table?. 07-06-2020 07:40 AM
- Got Karma for How to move glass table from Dev environment to Production environment?. 06-05-2020 12:49 AM
- Karma Re: How do I consume tokens from the URL? for thirumalreddyb. 06-05-2020 12:47 AM
- Karma Re: How to calculate the average time of day a job will finish with end_time field? for martin_mueller. 06-05-2020 12:47 AM
- Karma Re: How to calculate the average time of day a job will finish with end_time field? for datasearchninja. 06-05-2020 12:47 AM
- Karma Re: How to calculate the average time of day a job will finish with end_time field? for HiroshiSatoh. 06-05-2020 12:47 AM
- Got Karma for How to calculate the average time of day a job will finish with end_time field?. 06-05-2020 12:47 AM
- Got Karma for How can I create and use a searchmanager in simple xml?. 06-05-2020 12:47 AM
- Karma Re: eventtype definition in a search for lguinn2. 06-05-2020 12:46 AM
- Karma Re: A simple drilldown. for martin_mueller. 06-05-2020 12:46 AM
- Karma Re: Problems in drill down for martin_mueller. 06-05-2020 12:46 AM
- Karma Re: Compare data in two different sourcetypes for somesoni2. 06-05-2020 12:46 AM
- Got Karma for How to create a new field with values in existing field based on the values in other field.. 06-05-2020 12:46 AM
- Got Karma for How to create a new field with values in existing field based on the values in other field.. 06-05-2020 12:46 AM
- Got Karma for How to create a new field with values in existing field based on the values in other field.. 06-05-2020 12:46 AM
- Got Karma for Re: How to create a new field with values in existing field based on the values in other field.. 06-05-2020 12:46 AM
- Posted Re: How to move glass table from Dev environment to Production environment? on Dashboards & Visualizations. 03-20-2018 08:26 PM
- Posted Re: How to move glass table from Dev environment to Production environment? on Dashboards & Visualizations. 03-20-2018 08:26 PM
- Posted Re: How to move glass table from Dev environment to Production environment? on Dashboards & Visualizations. 03-19-2018 07:11 PM
- Posted How to move glass table from Dev environment to Production environment? on Dashboards & Visualizations. 03-19-2018 10:07 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 1 |
03-20-2018
08:26 PM
I'm looking to copy just one glass table.
... View more
03-20-2018
08:26 PM
Environment is quite huge and the architects choose to keep everything separate. Else no reason! Your thought is quite convincing and logical.
... View more
03-19-2018
07:11 PM
Is it possible to migrate just one glass table?
... View more
03-19-2018
10:07 AM
1 Karma
Hi Splunkers,
We have a dev environment with ITSI implementation where we develop dashboards and test them.
Now the tested dashboards are moved to production, currently I have to move a couple of glass tables with respective IDs.
Please help.
Thanks in advance.
Allan N.
... View more
01-17-2018
06:31 AM
1 Karma
Hello Splunkers,
I have a situation where I have to replace the first cell in each row in a statistics table with a checkbox.
example query: index=_internal | dedup sourcetype | head 5 | eval select="select" | table select, sourcetype, source, index
The first cell in each row except heading should now be having a select button.
Thanks in advance.
... View more
10-23-2017
12:17 PM
Hi All,
I'm trying to create a sh cluster, here are the sequential things that I have. Please correct me.
On the deployer
[shclustering]
pass4SymmKey = shc@cluster
shcluster_label = sh_cluster
restart the deployer
On all the search heads except deployer
splunk init shcluster-config -auth admin:changeme -mgmt_uri https://respective_sh_ip:mgmt_port -replication_port rep_port -replication_factor 2 -conf_deploy_fetch_url https://deployer_ip:mgmt_port -secret shc@cluster -shcluster_label sh_cluster
restart the search heads after the configuration.
Only on one search head and not deployer
splunk bootstrap shcluster-captain -servers_list "https://sh1_ip:mgmt_port,https://sh2_ip:mgmt_port,https://sh3_ip:mgmt_port" -auth admin:admin
Push configurations from deployer to sh member.
create a app and moved it to etc/shcluster on deployer, then
splunk apply shcluster-bundle -target https://sh1_ip:mgmt_port
Thanks,
Allan
... View more
06-21-2017
06:19 AM
Dear Members,
We have a peculiar problem, there are 3 regions from which we collect data. Each region data should maintain its own integrity for various purposes.
The indexers, search heads and primary deployment server are in the 4th region. Now we use a secondary deployment server in each region which poll to primary DS, the secondary DSs also act as HF to forward data to the common indexers in the 4th region.
Now the requirement is to secure the forwarded data using different certificates for each location. Server certificate could be same but the client certificates should be unique for each region.
Thanks in advance.
... View more
08-25-2016
04:48 AM
Thanks much Sundareshr! You saved my day.
... View more
08-24-2016
12:59 PM
I have already seen this. If your help is not a direct/targeted one to the question, others would assume the question is answered. 😞
... View more
08-24-2016
12:57 PM
Would you please help me with this.
https://answers.splunk.com/answers/443784/change-background-of-single-value-based-on-its-tex.html
... View more
08-24-2016
12:46 PM
Dear Saviours,
I have multiple single-value elements which have three possible values (Passed, Failed, Executed). Now my single value background has to turn green if the value is "Passed", red if the value is "Failed" and grey if the value is "Executed".
I know i can achieve this with range maps, but I want to retain the text in the final view.
... View more
12-14-2015
03:26 AM
How do I save my license ? Please help.
... View more
12-10-2015
10:09 AM
Please help with this! I believe I'm missing something.
https://answers.splunk.com/answers/334199/index-only-few-fields-and-ignore-the-other-fields.html
... View more
12-10-2015
08:38 AM
But that is for anonymizing the incoming data.
For example :
1335-1235-1531-1353 is a card number and need to be indexed in a masked format xxxx-xxxx-xxxx-xx53.
please correct me if I'm wrong.
... View more
12-10-2015
06:52 AM
I tried all the possible things in Splunk, but couldn't index only some part of the file.
For example:
2015/11/30 19:00:00 ad32ah req:connection srv:vm1pskndx3 method HTTPS txnid:986218312825 and from here 20 to 30 lines of event.
I need to index only ad32ah , vm1pskndx3 , HTTPS and 986218312825 . I only need these 4 fields and ignore the other part of the event, and it should be repeated for all the events.
I understand I should do something in props.conf or transforms.conf .
Please advise!
... View more
09-15-2015
11:08 PM
Hi,
I'm using Splunk on Splunk (sos) app to know the size of the disk usage, and index size. Index usage is more than 5 GB per day, but the size of the index on disk is only few hundred mb.
What is the size of logs during ingestion?
What is the size of logs on the disk?
What is the size of the index?
Thanks in advance.
... View more
09-15-2015
04:42 AM
If I'm doing it on the forwarder. Can I do it in the etc/system/default folder's transforms.conf & props.conf?
... View more
09-14-2015
09:04 PM
Instead of ^host::(10.10.10.d+)$ can i use host::(10.10.10.32) ?
... View more
09-14-2015
08:53 PM
Hi,
I have 4 forwarders, 4 search heads, and 2 forwarders in my Splunk cluster. Now one of the forwarders is configured to read data from UDP port 514. The data comes in to the forwarder and it then is forwarded to the indexers.
Now I need to apply configurations in transforms.conf and props.conf to write few events into a separate index by host. Where do I put those configurations? Should I do the changes in the forwarder or the indexer?
Thanks.
... View more
09-10-2015
02:19 AM
@dshpritz Thank you very much.
There is a different index in inputs.conf for the port. Still I can force it to take up a new index in transforms.conf ??
Thanks.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
Karma given to
| User | Karma Count |
|---|---|
| 1 | |
| 3 | |
| 1 | |
| 1 | |
| 1 |
