Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
- About eholz1
eholz1
Builder
Member since:
03-25-2019
Tuesday
Community Statistics
| Posts | 164 |
| Solutions | 2 |
| Karma Given | 64 |
| Karma Received | 6 |
| Member Since | 03-25-2019 |
Activity Feed
- Posted Re: Add custom field colors to Classic Dashboard Column chart on Dashboards & Visualizations. Wednesday
- Karma Re: Add custom field colors to Classic Dashboard Column chart for bowesmana. Wednesday
- Posted Re: Add custom field colors to Classic Dashboard Column chart on Dashboards & Visualizations. Wednesday
- Karma Re: Add custom field colors to Classic Dashboard Column chart for ITWhisperer. Wednesday
- Posted Add custom field colors to Classic Dashboard Column chart on Dashboards & Visualizations. Tuesday
- Posted Re: Unable to get resultsfrom search with splunk-sdk for node.js on Splunk Dev. Tuesday
- Karma Re: Unable to get resultsfrom search with splunk-sdk for node.js for livehybrid. Tuesday
- Posted Unable to get resultsfrom search with splunk-sdk for node.js on Splunk Dev. a week ago
- Posted Re: Need suggestions or advice to check status of same device on two systems on Splunk Search. 01-14-2026 08:34 AM
- Karma Re: Need suggestions or advice to check status of same device on two systems for PickleRick. 01-14-2026 08:34 AM
- Karma Re: Need suggestions or advice to check status of same device on two systems for bowesmana. 01-14-2026 08:34 AM
- Posted Need suggestions or advice to check status of same device on two systems on Splunk Search. 01-13-2026 11:58 AM
- Tagged Need suggestions or advice to check status of same device on two systems on Splunk Search. 01-13-2026 11:58 AM
- Posted Re: Set color in table header with dashboard on Dashboards & Visualizations. 08-12-2025 08:38 AM
- Karma Re: Set color in table header with dashboard for ITWhisperer. 08-12-2025 08:27 AM
- Karma Re: Set color in table header with dashboard for livehybrid. 08-12-2025 08:27 AM
- Karma Re: Set color in table header with dashboard for tej57. 08-12-2025 08:27 AM
- Posted Set color in table header with dashboard on Dashboards & Visualizations. 08-11-2025 03:54 PM
- Posted Re: Display received html file on dashboard on Dashboards & Visualizations. 07-28-2025 01:12 PM
- Tagged Re: Display received html file on dashboard on Dashboards & Visualizations. 07-28-2025 01:12 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
Wednesday
Hello Bowesmana, Thanks for this. I need to review the transpose part of the search to better understand what I wanted to do. I knew I was missing something here in my searc. So I have learned more. Thanks for the clarification. eholz1
... View more
Wednesday
Hello Whisperere, Thanks. I will check this out. I knew I was missing something! eholz1
... View more
Tuesday
I have a column chart in classic dashboard (xml) using this SPL index=nms-log-idx sourcetype="sea-nms-log" ("ERROR" OR "WARNING") | eval severity=case(searchmatch("ERROR"), "ERRORS", searchmatch("WARNING"), "WARNINGS") | stats count by severity I want the color red for errors, and a color like yellow or orage, etc for warnings. This line does not wrok, it applies the color specified in "count" to both columns. <option name="charting.fieldColors">{"ERRORS": 0xFF0000, "WARNINGS": 0xFF9900, "count": 0x009900}</option> What am I missing? Thanks for the support, eholz1
... View more
Labels
- Labels:
-
chart
Tuesday
As Always, the Splunk community comes to the rescue. Thanks for the input. I know have a better understanding on how to implement this feature. Thanks Again, eholz1
... View more
a week ago
Hello Members! I have been attempting to get search results using the splunk-sdk for node.js. I am using version 24. of node. I have and can use the Python splunk-sdk without issue, works well! I have been having no joy with the node.js splunk-sdk. I can easily create a search in node, lgin in to splunk via the sdk, and return a sid - no problem there. But, I want to get the results of the search using the retreived sid. So far, even with AI and internet help, I have been unable to get the results . I always get "unhandled errors" - I have tried using an "async myFunc()" etc, no dice. My goal here is to: have a function that gets a sid, and then another function that using the side to get search results. My over all plan is this: Get a webhook POST from a Splunk alert, get the sid from the payload, use this sid to perform a GET request to return results. I am using a "server" created by node.js. The whold process above works fine with Python and Flask. I want to have persistent data on my "web page", so it is my understaning that JavaScript/Node has more "capability". Also I do have "express" installed in my node environment. It is my understanding that using "promisify" is deprecated - I have not got that to work either. Whata am I missing in terms of getting search results using the splunk-sdk for node? Thanks So Much, eholz1 - frustrated!
... View more
Labels
- Labels:
-
JSON
01-14-2026
08:34 AM
Hello, Thank you for the replies to my post. By "system" I mean a virtual machine running Linux with each server running an application that monitory network switch and router status. I have a universal forwarder running on System B. I thought I could use the Splunk hec to send device status to Splunk, and check the system B log data on the indexer for a match, primarily the "down" state. Both virtual machines have the same application running, and monitor the same devices. Here is the base issue, these vms are in different locations and on different networks. If a switch show as "down" on system A, it does not mean the switch is really down, but sometimes the network path to the device is interrupted, so the idea is to check the same device from the other location over a different network path. If both systems indicate a "down" condition, then the device may reall be down. I can put a forwarder on system A, and it might be better to compare that way. Sorry for long-winded reply. eholz1
... View more
01-13-2026
11:58 AM
Hello All, I have a generic question on using splunk. I have two systems, system A, and system B. If a device changes state on system A I want to check the state of the same device on system B. Currently I have log file data from system B being forwarder to the indexer. I have an application on system A, that can send an http event to the indexer with UP or DOWN status of device on system A. I was thinking about creating a search when the hec message comes to the indexer, and searching the log data on system B for the same device. If there is a match, send an alert, and if no match i.e system A idevice shows DOWN, and system B show UP for the device, send an alert. I know there are at least two ways to do this. But I am open for suggestions. Thanks, ewholz
... View more
- Tags:
- search
Labels
- Labels:
-
regex
08-12-2025
08:38 AM
To all that responded to my post, "Thank you So Much" It has been a while since I have looked into using Dashboard Studio (like 3+ years!) and the solutions posted here are excellent and very helpful to me. Thanks Again, eholz1 - a little smarter now!
... View more
08-11-2025
03:54 PM
Hello All, Thanks for the help this forum provides. I have a table in dashboard studio. I can set the backgrould color for the header. I would like to be able to change the color of the text in the table header without using the dark mode which sets text color in the header to white (and the table rows too). I would like to have the text color in my header to be white (or some other color) when the dashboard is set to the "light mode". It there a way to do this? Thanks, Eholz1
... View more
Labels
- Labels:
-
Dashboard Studio
-
table
07-28-2025
01:12 PM
Hello PickleRick, I now know what you mean, the demo link using "| makeresults" fails. Lucky for me the html I use seems OK, and I do get the display of the table and the data iin the html code/file, thanks for the TIP. @eholz1
... View more
- Tags:
- dashboard
07-28-2025
09:51 AM
Hello There Ultra Champ, Thanks for quick response. I will take a look at the process. Thanks again, @eholz1
... View more
07-28-2025
07:53 AM
Hello Splunkers! I am using HEC to send an html file to splunk. The received event contains the html lines of code. The html is a table with some data, and forms a table with the data. Is there a way, or how can I create a dashboard from the html text that shows the table? Maybe another way to say this is: How can I extract the html code from the hec event, and display same on a dashboard? Thank You So Much, E Holz
... View more
- Tags:
- panel
Labels
- Labels:
-
Classic dashboard
06-12-2024
07:33 AM
Hello deepakc, Thank you very much for this information. This forum is great. Kudos to you for helping me understanding the "internals" of Splunk, eholz1
... View more
06-11-2024
03:38 PM
Hello All, Perhaps I have the 64K $ question. I am trying to understand (better) the IOWAIT warnings and errors. The yellow and red icons, etc. I know that IOWAIT can be an issue, and only on Linux based servers. I will guess that running Splunk Enterprise on a virtual linux machine makes things harder. I have revised the Health Report Managaer settings per a Splunk forum posting, and the issue is resolved for the most part. I can run an "unreasonable" search and get the warining icon, and then as the search progresses, the red error icon. I have run some linux commands like iostat, and iotop while the search is running but do not see any useful data. I am just curious how Splunk determines the IOWAIT values as part of the health monitoring. I was also wondering if I reset the healh repoting values back to the default, how I might go about reducing the "IOWAIT" characteristic on the Splunk server. Thanks for any hints or tips ewholz
... View more
Labels
- Labels:
-
configuration
06-10-2024
08:52 AM
How can I use this app? I have it installed, but configuration I do not understand how to set this up Thanks, ewholz
... View more
Labels
- Labels:
-
app
06-10-2024
08:39 AM
Hello and Thanks, It looks like this app, desires to store data in some sort of "cloud" based storage. Is this correct? The data I have cannot be anywhere but on a private LAN. I am not sure how to use this app, is there a posting or source of instructions on how to use this SplukBase app? Thanks for the reply, ewholz
... View more
- Tags:
- Splunk App
06-06-2024
11:17 AM
OK, thanks so much, I will review the information you provided. Since our Splunk Enterprise instance is running on a virtual machine - the info you provided could be the issue. Splunk internals are tricky, I will check things over. Thanks Again, EWHOLZ
... View more
- Tags:
- IOWait
06-06-2024
11:12 AM
thanks, will check
... View more
06-05-2024
11:07 AM
Hello All, The question is is IOWAIT mean anything? I am in the process of upgrading Splunk 8.2.12 to 9.1.2, and then 9.2.1. I have not yet upgraded to 9.1.2. The Health Report is set at default settings i.e. 3, etc.I have tried the suggestion of doubling threshold vales, but eventually get a Warning yellow, or sometimes red, etc. I am running Splunk Enterprise 8.2.12 on an Oracle Linux (ver 7.9) with 12 cpu and 64GB memory. Do these settings have any benefit for the IOWAIT thresholds? I see where I can disable IOWAIT - or does it make any sense to try to generate some sort if Diag, which has a link when opeing the "Health Report Manager" Any info here? Am I missing something? Thanks as always for a very helpful Splunk community. EWHOLZ I
... View more
Labels
- Labels:
-
configuration
06-03-2024
10:07 AM
This has not worked for me, any ideas? here is my SSLconfig line in server.conf [sslConfig] sslPassword = $7$IVRDJa9zz5Rmt3ZehltRkIK2vnYpOPiMSSAZMNAUqdQ7hQAGf2GNXg No other lines in the file. I am open to suggestions, and get this as well: WARNING: Server Certificate Hostname Validation is disabled., see server.conf, etc Thanks, EWHolzx
... View more
06-03-2024
08:22 AM
Hello, and Thanks for tip. I will look into getting TLS set and/or a new cert - the cert will need to be self-signed. Splunk was re-started after each upgrade. I am not familiar with the acronym of "SHC" -Thanks for the info. ewholz
... View more
05-31-2024
12:16 PM
Hello All, I have searched high and low to try to discover why the kvstore process will not start. This system was upgraded from Splunk 8.0, to 8.2, and finally 9.2.1. I have looked in mongod.log and splunkd.log, but do not really see any thing that helps resolve the issue. Is ssl required for this? the - is there a way to set a correct ssl config, or disable it in the server.conf file? Would the failure of the KVstore process affect IOWAIT? I am running on Oracle Linux, ver 7.9 - I am open to any suggestions. Thanks ewholz
... View more
Labels
- Labels:
-
kvstore
05-16-2024
07:33 AM
Hello, Thanks for the reply. It works, sort of... The "dark" theme truns everything dark. It was my hope to have just the Apps panel be dark. I will guess the new version of Splunk over-writes a css file for the web interface. I have an older version of Splunk running, I will see if I can find the css file. Thanks again for the reply. Eric W.
... View more
05-15-2024
01:52 PM
Hello All, I have just upgraded Splunk ver 9.0.1 to 9.2.1. I have one question: the "Apps" panel on the left side of the window has a "white" background. Version 9.0.1 and older had a "dark" or "black" backgrould (my preferred view). Is there a way to set the background for the Apps panel to dark or black? Thanks, Eric W.
... View more
Labels
- Labels:
-
configuration
-
installation
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
Tuesday
|
Karma given to
