cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
anwarmmian
Explorer
Member since: ‎08-31-2020
‎12-19-2022
Community Statistics
Posts 5
Solutions 0
Karma Given 0
Karma Received 2
Member Since ‎08-31-2020
Topics I've Started
No posts to display.
View All

Re: Why export button is grayed out in some of my ...

by in Other Usage
‎06-21-2023 07:48 AM
1 Karma
‎06-21-2023 07:48 AM
1 Karma
It still grayed out on Splunk Enterprise 9.0.1 when using a post process search. There is a workaround mentioned by @gjanders in a Splunk Ideas comment about this issue involving the use of the loadjob command. https://ideas.splunk.com/ideas/EID-I-1937 Here is the comment: Consider this example for a base/post-process search: <search id="basesearch"> <query>| makeresults count=1 | streamstats count</query> <done> <set token="sid">$job.sid$</set> </done> </search> <row> <panel> <title>loadjob of basesearch</title> <table> <title>Can export</title> <search> <query>| loadjob $sid$</query> </search> <option name="drilldown">none</option> </table> </panel> </row> That should do what you expect, note that the loadjob isn't technically the same as a post-process search but you can use to achieve the same goal... ... View more

Re: SQS Based Input from S3: Assign different sour...

by SplunkTrust in Getting Data In
‎12-16-2021 03:22 PM
‎12-16-2021 03:22 PM
Hi @LegalPrime  If you want to ingest custom logs other than the natively supported AWS log types, you must set s3_file_decoder = CustomLogs. This setting lets you ingest custom logs into the Splunk platform instance, but it does not parse the data. To process custom logs into meaningful events, you need to perform additional configurations in props.conf and transforms.conf to parse the collected data to meet your specific requirements. For more information on these settings, see /README/inputs.conf.spec under your add-on directory. https://docs.splunk.com/Documentation/AddOns/released/AWS/SQS-basedS3 Hope this helps! ... View more

Re: Can I set _TCP_ROUTING in the default stanza f...

by in Getting Data In
‎04-19-2021 03:35 PM
‎04-19-2021 03:35 PM
_TCP_ROUTING in the default stanza should work, but it didn't work for me either. ... View more

Re: How do I remove the chart on the top of the PD...

by in Splunk Search
‎01-13-2021 02:53 AM
‎01-13-2021 02:53 AM
Hi @anwarmmian can be the setting of display.visualizations.show = 0 in GUI overruled by different setting? I have the value set to 0 and I am still getting the chart at the top of pdf send by sendemail command. Thank you for help. ... View more

Re: Windows Event Index redirects

by in Splunk Enterprise
‎10-22-2020 01:58 PM
1 Karma
‎10-22-2020 01:58 PM
1 Karma
sean_auditum, I have had the same issue. I wanted to redirect WinEventLog:Setup and XmlWinEventLog:Security to a different index as the logs were/are coming in main index.  I have had a similar stanza as yours except I had  "REGEX = ." in transforms.conf  to send all logs to a different index.  However, WinEventLog:Setup working but XmlWinEventLog:Security is not.  Still investigating. I'll provide an update once I resolve this issue.   ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎12-19-2022 07:12 PM
Karma from
View All