We send a company newsletter out to thousands of employees. We would like to know who has read the newsletter. It is simply embedded in an email. Newsletter read means the email status goes from 'unread' to 'read'. I would hope to present the email ID for the newsletter email to the exchange server and it would give me a list of who has read it or at least a count of who has read it. Wondering if the App for Microsoft Exchange would do the job or if there is another way. Thanks Aleem ... View more

Hi, I have a query around file system auditing and NetApp. The goal is to audit changes on NetApp arrays without the requirement to turn Auditing on (not recommended). Can I collect the meta data via the FPolicy feature/API of the NetApp controller? If this is possible that would be amazing. Examples would be even more amazing. Thanks Aleem Splunk User Group London ... View more

Hi, I have events with 360 lines of text. My problem is that Splunk 1. writes the first 257 lines of the event 2. writes the next event that happends to have the same timestamp 3. finishes off the writing the remaining 104 lines of the first event as a new event I am not sure if having 360 lines in an event causes a bottle neck or if I need to modify a file somewhere. Hopefully, it is a simple config update 😉 ... View more

I have a field called fldTimeStamp which I use to hold the date in which events were raised rather than what date I imported them in to Splunk. This works great. However, I need to know if the most recent fldTimeStamp is more than 20 minutes old. I can use "head 1 | fields timestamp fldTimeStamp | eval fldNow = time() | convert ctime(fldNow)" to get the current time. However, I am struggling to subtract fldTimeStamp from now (fldNow). Presumably, I need to do some evals and converts. Any ideas how to do this? ... View more

I have 66 single value panels to display in my dashboard. So far I am finding that I can only go three columns wide. I need 11 columns wide. Is there any way to have a grid or table with 11 columns and 6 rows that I can fill with my single value panels? I would rather make a custom html page that could have placeholders for the 66 single value panels. However, any suggestions would be most welcome ... View more

Hi, I am importing custom CSV files. The heading are are the first line. What is the simplest way to ignore these headings? Which files to I need to edit? ... View more