cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Sheela
Path Finder
Member since: ‎09-19-2011
‎06-05-2020
Community Statistics
Posts 17
Solutions 0
Karma Given 5
Karma Received 4
Member Since ‎09-19-2011
Activity Feed
View All

Re: Removing certain results from reports

by in Splunk Search
‎03-03-2022 07:51 AM
‎03-03-2022 07:51 AM
I am having this same problem. Maybe I can add some clarity to the specific problem with a specific example. This is my search (minus the host data):  source="WinEventLog:Security" Keywords="Audit Failure" Failure_Reason="Unknown user name or bad password." | top Account_Name Looking in the events it returns, about 70% of the events have this: Account Name: - As well as: Account Name: actual user account name So when it outputs as a bar chart, the account name '-' shows as the largest, because it totals up every result that has that name in it, but it then also lists out the actual user account names. So the data is all listed twice in effect. But doing =! to the '-' user name ends up excluding the bulk of my other results, the info I am trying to track. Obviously this isn't the end of the world, I could just ignore that, but it does skew my bar charts a bit. ... View more

Re: Vertical Scrollbar

by SplunkTrust in Dashboards & Visualizations
‎04-12-2012 04:02 PM
‎04-12-2012 04:02 PM
what kind of data is it that you're displaying -- raw events, tabular output, a flash chart? ... View more

Re: XML Field extraction

by in Dashboards & Visualizations
‎05-21-2013 07:01 PM
‎05-21-2013 07:01 PM
Kristian, I just wanted to say thanks for the tip. I've been able to successfully use this method to do field extractions in some xml logs I'm working with. ... View more

Re: XML Reports

by in Dashboards & Visualizations
‎09-07-2016 02:56 AM
‎09-07-2016 02:56 AM
Anything about openvas vulnerability scans in xml format ? ... View more

Re: Splunk not indexing data

by in Getting Data In
‎02-22-2012 09:23 AM
‎02-22-2012 09:23 AM
This was my bad. I apologize, this is a syslog issue. Thanks so much for your help. ... View more

Re: Monitor remote directory

by in Getting Data In
‎01-17-2012 06:50 PM
‎01-17-2012 06:50 PM
The easiest way, simply add your directory you'd like to monitor on your forwarder through the gui prior to enabling it as a forwarder. If you've already done set the machine as a forwarder, simply follow the cli instructions for adding an input. Below is the link to the page in the documentation you're looking for: Configure your inputs ... View more

Re: Standalone Splunk App

by in All Apps and Add-ons
‎11-02-2011 08:36 AM
1 Karma
‎11-02-2011 08:36 AM
1 Karma
Well the easiest way is to change the default app for users to your own app via; http://docs.splunk.com/Documentation/Splunk/latest/Admin/Setupbuilt-inauthentication#Add_and_edit_users From here you could select your App as the default. Each time a user sign's in this will be displayed. For a splash screen you are best editing the welcome/login page. http://docs.splunk.com/Documentation/Splunk/latest/Developer/CustomizeLogin Finally. You can remove all the links in the top right if you wanted to create a seamless look for your App, you don't even need to have a Splunk logo on it! Have look here for advanced customization options for the XML. http://docs.splunk.com/Documentation/Splunk/latest/Developer/AdvancedSearch If you wanted to run it outside of Splunk, then no. Not at the moment, it requires a browser to access as it is run from a Python based Web Server. ... View more

Re: Field extraction

by in Splunk Search
‎09-21-2011 08:43 AM
‎09-21-2011 08:43 AM
That worked perfectly! Thanks. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma from
View All
Karma given to