Hi @anooshac If my understanding is correct, then you can try this. In static option, Task1_all --- "Task1_a" OR "Task1_b" OR "Task1_c" Task2_all --- "Task2_a" OR "Task2_b" OR "Task2_c" My Simulation Current Values in the dropdown I tried to combine splunk_web_access and splunk_web_service as Splunk_web I used, Splunk_web --- "splunk_web_access" OR "splunk_web_service" This is working for me!!! Regards
... View more
Hi @djreschke This is based on the default timezone of the Splunk server. The time zone can be changed based on the steps in the link below. Set your time zone Choose the time zone in which you view events, anomalies, and threats. Select your username from the menu. Click Profile. Select Preferences. Select a Time Zone of UTC or Local. The local time zone is detected based on your web browser settings. Click OK to save. Reference Link: https://docs.splunk.com/Documentation/UBA/5.0.5/User/Profile Regards
... View more
Hi @michaelnorup Based on my understanding, the regex you are using is matching all the events. So you need to use any unique value in the regex. Ex. Eventcode. Else you can disable this input [WinEventLog:Microsoft-Windows-Powershell/Operational] disabled = 1
... View more
Hi @ND Based on my understanding, You have to run the search in the dynamic option in multiselect filter as shown below. If the search is completed, then the results will start populating if you start typing "spl" then it will show the partial matches in the dropdown as shown below. Regards
... View more
Hi @ikrainovic This might help you, https://community.splunk.com/t5/Splunk-Search/List-of-Serverclass-and-apps-in-deployment-server/m-p/540084
... View more
Hi @Wim The dashboard will run the search in the indexer, that is the data transferred to the Splunk indexer from the agent. But there will be some data transfer from the Splunk Enterprise to the Agent (UF). The will be some instructions send from Splunk to the agent via 8089 port. Apart from this, there will not be any downstream packet transfer between this two. Regards,
... View more
Hi @mxanareckless The following are some of the scenarios where this issue can arise. 1. Check the permissions for the index and the dashboard with the User. 2. Check the Scheduled report's permission (Private, App, system). 3. Increase the priority of the Email alert.
... View more
Hi @splunkingsplk To create a New Input -> VPC Flow Logs -> CloudWatch Logs You must mention the specific log group name which is created under the cloudwatch log groups. You shouldn't mention the wildcard. Thanks
... View more
Hi @alanhodreamshub You have to include the lookup life in the search for mapping the id and name. Try this one Search: index=myidx type=groups | lookup groups.csv groupid OUTPUT groupname | table _time groupid groupname
... View more
Hi @sanjum01 You can hide the Legends by using the following parameter. <option name="charting.legend.placement">none</option> But the drill-down is enabled. Without clicking the value there is no point in using the drill-down. If there is more info regarding the requirement, it will be better to sort it out.
... View more
Hi @PPrice As per my understanding, You can use "mvexpand" and "dedup" commands in search to get unique results in rows. I tried this, Thanks..
... View more
Hi @Mary666 As per my understanding, you can use the field name and the value with the starting common character with a wildcard. Source: 1 field:SerialId value: 123* Source: 2 field: SerialId value: 123* This will fetch the common values from that fields. Example Screenprint: Thanks
... View more
Hi @adetheodore In Splunk Enterprise, you can use the "Splunk App for Infrastructure" for Windows Monitoring. APP URL: https://splunkbase.splunk.com/app/3975/ Installation Reference: https://docs.splunk.com/Documentation/InfraApp/2.2.4/Install/Install If you are monitoring the local machine, then the "Monitoring Console" will provide the necessary details about the local machine metrics. Reference: https://docs.splunk.com/Documentation/SplunkCloud/8.2.2109/Data/MonitorWindowsperformance#Enable_local_Windows_performance_monitoring Thanks
... View more
Hi Vagnet You can try this @vagnet , | from datamodel:"Authentication"."Insecure_Authentication" | search "*Failure*" | rex field=_raw "Failure\sReason:\t\t(?<Failure_Reason>.*)\n"
... View more
Hi Noman I think this will be helpful to you. To get the Timeange picker value in another filter query, you can use the $field1.earliest$ and $field1.latest$ values from the time range picker. TimeRange picker Test Dropdown: I tried this and it is working..
... View more