Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About eholz1
eholz1
Builder
Member since:
03-25-2019
Tuesday
Community Statistics
| Posts | 159 |
| Solutions | 2 |
| Karma Given | 61 |
| Karma Received | 6 |
| Member Since | 03-25-2019 |
Activity Feed
- Posted Re: Need suggestions or advice to check status of same device on two systems on Splunk Search. Wednesday
- Karma Re: Need suggestions or advice to check status of same device on two systems for PickleRick. Wednesday
- Karma Re: Need suggestions or advice to check status of same device on two systems for bowesmana. Wednesday
- Posted Need suggestions or advice to check status of same device on two systems on Splunk Search. Tuesday
- Tagged Need suggestions or advice to check status of same device on two systems on Splunk Search. Tuesday
- Posted Re: Set color in table header with dashboard on Dashboards & Visualizations. 08-12-2025 08:38 AM
- Karma Re: Set color in table header with dashboard for ITWhisperer. 08-12-2025 08:27 AM
- Karma Re: Set color in table header with dashboard for livehybrid. 08-12-2025 08:27 AM
- Karma Re: Set color in table header with dashboard for tej57. 08-12-2025 08:27 AM
- Posted Set color in table header with dashboard on Dashboards & Visualizations. 08-11-2025 03:54 PM
- Posted Re: Display received html file on dashboard on Dashboards & Visualizations. 07-28-2025 01:12 PM
- Tagged Re: Display received html file on dashboard on Dashboards & Visualizations. 07-28-2025 01:12 PM
- Karma Re: Display received html file on dashboard for PickleRick. 07-28-2025 01:09 PM
- Posted Re: Display received html file on dashboard on Dashboards & Visualizations. 07-28-2025 09:51 AM
- Karma Re: Display received html file on dashboard for livehybrid. 07-28-2025 09:49 AM
- Posted Display received html file on dashboard on Dashboards & Visualizations. 07-28-2025 07:53 AM
- Got Karma for Can I hide table in Splunk Dashboard Studio?. 01-24-2025 08:30 AM
- Posted Re: Splunk Enterprise - how does it detect IOWAIT warning or error on Splunk Enterprise. 06-12-2024 07:33 AM
- Karma Re: Splunk Enterprise - how does it detect IOWAIT warning or error for deepakc. 06-12-2024 07:31 AM
- Posted Splunk Enterprise - how does it detect IOWAIT warning or error on Splunk Enterprise. 06-11-2024 03:38 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
Wednesday
Hello, Thank you for the replies to my post. By "system" I mean a virtual machine running Linux with each server running an application that monitory network switch and router status. I have a universal forwarder running on System B. I thought I could use the Splunk hec to send device status to Splunk, and check the system B log data on the indexer for a match, primarily the "down" state. Both virtual machines have the same application running, and monitor the same devices. Here is the base issue, these vms are in different locations and on different networks. If a switch show as "down" on system A, it does not mean the switch is really down, but sometimes the network path to the device is interrupted, so the idea is to check the same device from the other location over a different network path. If both systems indicate a "down" condition, then the device may reall be down. I can put a forwarder on system A, and it might be better to compare that way. Sorry for long-winded reply. eholz1
... View more
Tuesday
Hello All, I have a generic question on using splunk. I have two systems, system A, and system B. If a device changes state on system A I want to check the state of the same device on system B. Currently I have log file data from system B being forwarder to the indexer. I have an application on system A, that can send an http event to the indexer with UP or DOWN status of device on system A. I was thinking about creating a search when the hec message comes to the indexer, and searching the log data on system B for the same device. If there is a match, send an alert, and if no match i.e system A idevice shows DOWN, and system B show UP for the device, send an alert. I know there are at least two ways to do this. But I am open for suggestions. Thanks, ewholz
... View more
- Tags:
- search
Labels
- Labels:
-
regex
08-12-2025
08:38 AM
To all that responded to my post, "Thank you So Much" It has been a while since I have looked into using Dashboard Studio (like 3+ years!) and the solutions posted here are excellent and very helpful to me. Thanks Again, eholz1 - a little smarter now!
... View more
08-11-2025
03:54 PM
Hello All, Thanks for the help this forum provides. I have a table in dashboard studio. I can set the backgrould color for the header. I would like to be able to change the color of the text in the table header without using the dark mode which sets text color in the header to white (and the table rows too). I would like to have the text color in my header to be white (or some other color) when the dashboard is set to the "light mode". It there a way to do this? Thanks, Eholz1
... View more
Labels
- Labels:
-
Dashboard Studio
-
table
07-28-2025
01:12 PM
Hello PickleRick, I now know what you mean, the demo link using "| makeresults" fails. Lucky for me the html I use seems OK, and I do get the display of the table and the data iin the html code/file, thanks for the TIP. @eholz1
... View more
- Tags:
- dashboard
07-28-2025
09:51 AM
Hello There Ultra Champ, Thanks for quick response. I will take a look at the process. Thanks again, @eholz1
... View more
07-28-2025
07:53 AM
Hello Splunkers! I am using HEC to send an html file to splunk. The received event contains the html lines of code. The html is a table with some data, and forms a table with the data. Is there a way, or how can I create a dashboard from the html text that shows the table? Maybe another way to say this is: How can I extract the html code from the hec event, and display same on a dashboard? Thank You So Much, E Holz
... View more
- Tags:
- panel
Labels
- Labels:
-
Classic dashboard
06-12-2024
07:33 AM
Hello deepakc, Thank you very much for this information. This forum is great. Kudos to you for helping me understanding the "internals" of Splunk, eholz1
... View more
06-11-2024
03:38 PM
Hello All, Perhaps I have the 64K $ question. I am trying to understand (better) the IOWAIT warnings and errors. The yellow and red icons, etc. I know that IOWAIT can be an issue, and only on Linux based servers. I will guess that running Splunk Enterprise on a virtual linux machine makes things harder. I have revised the Health Report Managaer settings per a Splunk forum posting, and the issue is resolved for the most part. I can run an "unreasonable" search and get the warining icon, and then as the search progresses, the red error icon. I have run some linux commands like iostat, and iotop while the search is running but do not see any useful data. I am just curious how Splunk determines the IOWAIT values as part of the health monitoring. I was also wondering if I reset the healh repoting values back to the default, how I might go about reducing the "IOWAIT" characteristic on the Splunk server. Thanks for any hints or tips ewholz
... View more
Labels
- Labels:
-
configuration
06-10-2024
08:52 AM
How can I use this app? I have it installed, but configuration I do not understand how to set this up Thanks, ewholz
... View more
Labels
- Labels:
-
app
06-10-2024
08:39 AM
Hello and Thanks, It looks like this app, desires to store data in some sort of "cloud" based storage. Is this correct? The data I have cannot be anywhere but on a private LAN. I am not sure how to use this app, is there a posting or source of instructions on how to use this SplukBase app? Thanks for the reply, ewholz
... View more
- Tags:
- Splunk App
06-06-2024
11:17 AM
OK, thanks so much, I will review the information you provided. Since our Splunk Enterprise instance is running on a virtual machine - the info you provided could be the issue. Splunk internals are tricky, I will check things over. Thanks Again, EWHOLZ
... View more
- Tags:
- IOWait
06-06-2024
11:12 AM
thanks, will check
... View more
06-05-2024
11:07 AM
Hello All, The question is is IOWAIT mean anything? I am in the process of upgrading Splunk 8.2.12 to 9.1.2, and then 9.2.1. I have not yet upgraded to 9.1.2. The Health Report is set at default settings i.e. 3, etc.I have tried the suggestion of doubling threshold vales, but eventually get a Warning yellow, or sometimes red, etc. I am running Splunk Enterprise 8.2.12 on an Oracle Linux (ver 7.9) with 12 cpu and 64GB memory. Do these settings have any benefit for the IOWAIT thresholds? I see where I can disable IOWAIT - or does it make any sense to try to generate some sort if Diag, which has a link when opeing the "Health Report Manager" Any info here? Am I missing something? Thanks as always for a very helpful Splunk community. EWHOLZ I
... View more
Labels
- Labels:
-
configuration
06-03-2024
10:07 AM
This has not worked for me, any ideas? here is my SSLconfig line in server.conf [sslConfig] sslPassword = $7$IVRDJa9zz5Rmt3ZehltRkIK2vnYpOPiMSSAZMNAUqdQ7hQAGf2GNXg No other lines in the file. I am open to suggestions, and get this as well: WARNING: Server Certificate Hostname Validation is disabled., see server.conf, etc Thanks, EWHolzx
... View more
06-03-2024
08:22 AM
Hello, and Thanks for tip. I will look into getting TLS set and/or a new cert - the cert will need to be self-signed. Splunk was re-started after each upgrade. I am not familiar with the acronym of "SHC" -Thanks for the info. ewholz
... View more
05-31-2024
12:16 PM
Hello All, I have searched high and low to try to discover why the kvstore process will not start. This system was upgraded from Splunk 8.0, to 8.2, and finally 9.2.1. I have looked in mongod.log and splunkd.log, but do not really see any thing that helps resolve the issue. Is ssl required for this? the - is there a way to set a correct ssl config, or disable it in the server.conf file? Would the failure of the KVstore process affect IOWAIT? I am running on Oracle Linux, ver 7.9 - I am open to any suggestions. Thanks ewholz
... View more
Labels
- Labels:
-
kvstore
05-16-2024
07:33 AM
Hello, Thanks for the reply. It works, sort of... The "dark" theme truns everything dark. It was my hope to have just the Apps panel be dark. I will guess the new version of Splunk over-writes a css file for the web interface. I have an older version of Splunk running, I will see if I can find the css file. Thanks again for the reply. Eric W.
... View more
05-15-2024
01:52 PM
Hello All, I have just upgraded Splunk ver 9.0.1 to 9.2.1. I have one question: the "Apps" panel on the left side of the window has a "white" background. Version 9.0.1 and older had a "dark" or "black" backgrould (my preferred view). Is there a way to set the background for the Apps panel to dark or black? Thanks, Eric W.
... View more
Labels
- Labels:
-
configuration
-
installation
01-16-2024
11:58 AM
Hello There, I have installed Splunk DB Connect and all its requirements on ver 9.0 This works pretty well for queries either in Search or in SQL Exploereer. I want to use a stored procedure to return data using DB Connect. The procedure works fine in SQL Exploereer, and from the MySQL commang line. If I try to call the procedure from Splunk Search - I get no results I am using this format: dbxquery connection=myconn procedure="{call my_nice_proc(@val);}" this should return a text string, or a table of results if the query/procedure retuns 1 or more rows.. Any ideas on what I am missing? thanks, eholz1
... View more
Labels
- Labels:
-
search
12-20-2023
04:07 PM
dtbur;rows3 Wow, fast reply. Thanks. The ID gets set when the csv file is written. I have a python program that queries a MySQL database, and writes a "0" as ID if no results are returned from the query. If there is data returned, the ID is taken from query results (i.e ID=34, etc). The csv file is on a remote server. I use the Splunk Universal Forwarder to send the file to splunk. Is there a way to get this file set as an "input lookup" or does the "input lookupo" required the file to be local to the Splunk server? Thanks for quick help. EWHolz
... View more
12-20-2023
03:21 PM
Hello All, I have a search question. I have a csv file that returnds data. the ID field if there is no data - I want to have a table which shows 4 columns: NAME,STATUS,DATE,ACTION. These come from the csv file header line. If the ID >0 I want to show these columns: DATE-Changed,ID,NAME,DATE_DOWN,ACTION. I have not yet seen how I might do this. What I need, in a sense, it two searches, one when ID=0, and one when ID>0. Any suggestions? Thanks, EWHOLZ
... View more
Labels
- Labels:
-
subsearch
12-20-2023
07:41 AM
1 Karma
Hello Members and richgallowy, Thanks for the tip. It has been a while since I have needed to apply my limited "Splunk" skills, I appreciate this suggestion, and will try it out;. Regards, EWHolz
... View more
12-19-2023
11:37 AM
Hello, I need some help. Icreate a csv file on remote server from a mysql quert. I forward the csv file from the remote server to splunk. I can read the data. The csv file is over written each day, it have have only 1 line of data, or multiple lines of data - it is a list of device that have gon down. If no devices are down, the the file only has the hearder, and data that says: :No Devices Down:" I only want to see data from the file on the day the file is writtern. The challenge I have is to read only the data in the file for that day. The issue is that splunk indexes the data, so splunk retains the data over time, like I want only 1 day info from the file, but splunk has all the data indexed How can I return only the data for the day, not for all data in splunk indes? thanks, EWHolz
... View more
- Tags:
- csv
Labels
- Labels:
-
universal forwarder
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
Tuesday
|
Karma given to
