Try this for a workaround.
Create a restmap.conf in the etc/system/local
Add the following
[script:pdfgenHandler]
python.version = python3
Restart Splunk
... View more
I would try using stats/chart command first then table the results.
index=_internal | stats sparkline count by host | table host sparkline count
... View more
You could try using transaction this will combine the events and create a duration field which will be the time between the 2 events. "| transaction server startswith=status=Up endswith=status=Down"
You would then need to calculate the time from last 24 hrs for example and then work the percentage.
... View more
So i've used the example you provided and created a binx app using the following and mine works.
inputs.conf
[monitor://C:\program files\splunk\etc\apps\binx\spool\*]
disabled = 0
followTail = 0
host = myhost
index = binx
sourcetype = binx_binary
props.conf
[source::....binx]
invalid_cause = archive
unarchive_cmd = binx.pl
I don't have any sourcetype for binx_binary in my props.conf or NO_BINARY_CHECK
... View more
This no longer works for splunk 6.5+ and would suggest the Following
To disable the message bar
[data-view="views/shared/splunkbar/messages/Master"] {
/* Styles */
display:none;
}
SplunkBar options.
views/shared/splunkbar/user/Master
views/shared/splunkbar/messages/Master
views/shared/splunkbar/system/Master
views/shared/splunkbar/activity/Master
views/shared/splunkbar/help/Master
views/shared/splunkbar/find/Master
... View more