@JMichaelis  just like you mentioned, I have successfully translated things written in javascript to japanese language. But I am stuck where I need to translate token values to japanese. I have a token in the dashboard that has value “validation error” and this token is used to display a warning message on input text. Below is snippet of token in xml, $vuln_input_error$ is the token that I set elsewhere in same xml. ———— <row id=“row1”> <html depends=“$vuln_input_error$” id=“vuln_error_msg”> <div id=“vuln_error_container”><code>$vuln_input_error$</code></div></html> ———- Using the same approach that you have described, I have tried with i18n in js, but token value does not get translated as expected. Do you have an idea on how to translate token values in splunk? ... View more

Thanks Michaelis... got the answer ... View more

Hi bankze, I'm sorry but I'm not able to teach JS over Splunk Answers. Use this as a guideline and notice the comment from my coworker regarding the require function: https://answers.splunk.com/answers/319267/how-do-i-correctly-use-leaflet-maps-in-splunk-63.html ... View more

Hi there splunker, try like this. index=_audit tag=authentication info=succeeded | stats count by user, info, host | sort - info index=_audit tag=authentication info=failed | stats count by user, info, host | sort - info Dont know about your Splunk environment, but if you are looking to get this from all your instances, you have to forward _audit index to your Search Head. Hope it helps. ... View more

Hi @akash5333, I'm not sure which query you are using. Is it one of the original queries you posted or the suggested queries in this post? I think there may be a couple problems with the trigger condition. It sounds like your query renames the average CPU percentage but your trigger condition is checking a field in the original event data. Keep in mind that a custom trigger condition is a secondary search applied to your base query's results. So you might need to double-check the query result fields to make sure you are using the right fields in the trigger condition. Also, I'm not sure that the "pctCPU>10" and "in 10 seconds" part of the condition match the alert scenario you mentioned at first. This might be something to double-check too. Have you tried the suggested queries from @JMichaelis? They might match the scenario you want more closely. Hope this helps! ... View more

yes CHARSET=AUTO worked for me . So my inputs.conf [monitor://C:\Windows\System32\LogFiles\SMTPSVC1] disabled = false index=smtp sourcetype = ms:iis:auto crcSalt = initCrcLength = 512 props.conf [ms:iis:auto] TZ = Australia/Melbourne NO_BINARY_CHECK = true CHARSET=AUTO ... View more