This widget could not be displayed.
This widget could not be displayed.
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
termcap
Path Finder
Member since: ‎12-10-2020
‎08-01-2022
This widget could not be displayed.
This widget could not be displayed.
This widget could not be displayed.
Activity Feed
Topics I've Started
View All

How to add a drill down link to my dashboard that ...

by in Dashboards & Visualizations
‎08-01-2022 09:36 AM
‎08-01-2022 09:36 AM
Dear Splunkers, I want to add a drill down link to my dashboard that redirects to a remote website. Currently, I do it with the following URL using the <link> tab inside drill down.     <link>http[:]//website.com/param1=xyz</link>   The problem is when the user clicks on the link the param1=xyz is part of the URL and is visible in the browser. Does drilldown support HTTP POST so that I can hide the param1=xyz from being displayed in the browser? Regards. ... View more
Labels

How can I get Splunk to log the URL that was click...

by in Dashboards & Visualizations
‎07-28-2022 08:06 AM
‎07-28-2022 08:06 AM
Hi Splunkers, I have a simple drilldown on my Splunk dashboard that links to an external website. How can I get Splunk to log the URL that was clicked by the user ?  I would like to see a log of all the URLs clicked by each user for audit purpose.   Regards. ... View more
Labels

How to create drilldown external URL with POST ins...

by in Dashboards & Visualizations
‎07-28-2022 08:03 AM
‎07-28-2022 08:03 AM
Hi Splunkers, I have a simple drilldown configured that links to an external website. The link generated by the drilldown has data clearly visible in the URL like http[:]//site.com/name=joe Is it possible to POST data to an external website using drilldown I would prefer my url to be http[/]site.com and the name=joe to be set as POST parameter. Regards. ... View more
Labels

Re: Correct format for specifying network inputs

by SplunkTrust in Getting Data In
‎06-10-2021 10:16 PM
‎06-10-2021 10:16 PM
Could be a backward compatibility they both are same without remote_server port just listens on every host available that's the purpose.   ... View more

Re: btool for currently loaded configuration

by in Installation
‎06-10-2021 10:37 AM
1 Karma
‎06-10-2021 10:37 AM
1 Karma
Hi, No, you can't run btool command to returns what's loaded in memory. To get the current loaded configurations you should execute the "splunk show config" command. Example: To verify the loaded configurations of the inputs.conf file splunk show config inputs ... View more

Re: Search head does not send search to all search...

by SplunkTrust in Deployment Architecture
‎06-09-2021 10:51 AM
‎06-09-2021 10:51 AM
Hi that’s the way how it has planned to work. You could look more details from job inspector. It’s ok to do it that way. If you are needing high availability, then your should jump to indexer clustering. That’s also give more performance when you have more peers in cluster.  https://docs.splunk.com/Documentation/Splunk/8.2.0/Indexer/Aboutindexesandindexers r. Ismo ... View more

Re: License for Deployment Server, Search heads an...

by SplunkTrust in Deployment Architecture
‎06-04-2021 01:04 PM
1 Karma
‎06-04-2021 01:04 PM
1 Karma
All those are used only feature part of license not ingesting part. You should use central license server to share license to all of your splunk enterprise nodes. You could found more here: https://docs.splunk.com/Documentation/Splunk/8.2.0/Admin/TypesofSplunklicenses r. Ismo ... View more

Re: Splunk does not switch to another index group ...

by SplunkTrust in Deployment Architecture
‎05-31-2021 11:15 PM
‎05-31-2021 11:15 PM
Hi if I recall right there is no option to do that as you want to use second group as fallback address. The Splunk way is to use several host on output stanza or even better if you can use indexer discovery for getting current working indexers. https://docs.splunk.com/Documentation/Splunk/8.2.0/Indexer/indexerdiscovery r. Ismo ... View more

Re: How can I add a percentage sign to the radial ...

by in Splunk Search
‎05-25-2021 03:40 AM
‎05-25-2021 03:40 AM
Hi @niketn  This is an amazing solution to the problem and it works perfectly well.  How can I get this solution to work if I have multiple Radial Gauges ? Thanks, Termcap. ... View more

Re: Adding HEC input does not have option for app ...

by SplunkTrust in Getting Data In
‎05-24-2021 09:18 PM
‎05-24-2021 09:18 PM
Hi @termcap  I have tested it, 'App context' available to choose on my 8.1.3 single instance Splunk and HF both. could be a bug in your version and find for errors in installation, try configure it from backend inside one of app. ... View more

Re: Host value not being used as set during ingest...

by SplunkTrust in Getting Data In
‎04-15-2021 11:30 PM
‎04-15-2021 11:30 PM
Hi, Since you are using a default sourcetype syslog which comes with default configuration to extract a host from _raw data. [syslog] pulldown_type = true maxDist = 3 TIME_FORMAT = %b %d %H:%M:%S MAX_TIMESTAMP_LOOKAHEAD = 32 TRANSFORMS = syslog-host REPORT-syslog = syslog-extractions SHOULD_LINEMERGE = False category = Operating System description = Output produced by many syslog daemons, as described in RFC3164 by the IETF Path of default config - /opt/splunk/etc/system/default/props.conf ------------------------------------- An upvote would be appreciated if it helps! ... View more

Re: Why does Splunk documentation not mention Tab ...

by SplunkTrust in Training + Certification Discussions
‎04-11-2021 03:11 AM
1 Karma
‎04-11-2021 03:11 AM
1 Karma
Did you try sending docs feedback on the page? They can clarify if it needs to be corrected. ... View more

Re: _time being treated as a string when run with ...

by SplunkTrust in Splunk Search
‎04-09-2021 09:12 AM
‎04-09-2021 09:12 AM
You could try adding: | fieldformat _time=strftime(_time,"%Y-%m-%d %H:%M:%S") ... View more

Splunk field extractor ignors comma towards the en...

by in Getting Data In
‎03-24-2021 01:39 PM
‎03-24-2021 01:39 PM
I have a CSV with the following data   19,john doe,blue car,NAY,NA,YAY,,NIL,,,,NA,,   There are 14 fields in the above line, but when I try the automatic field extractor via "Extract more fields", It only recognizes 13 fields. Why is the field extractor dropping the last field ? ... View more
Labels

Re: Splunk Core User Certification Study Material

by SplunkTrust in Training + Certification Discussions
‎03-17-2021 05:16 PM
‎03-17-2021 05:16 PM
Don't trust flash card sites.  The information in them is of questionable quality and have been found to be incorrect in the past.  Stick with the Splunk-provided material. I think you'll be better off spending your flash-card time on hands-on activity with Splunk. ... View more

Re: Power user study guide

by Splunk Employee in Training + Certification Discussions
‎03-17-2021 01:15 PM
1 Karma
‎03-17-2021 01:15 PM
1 Karma
Hello @termcap  My name is Yeasuh and I'm a Community Specialist for Splunk. Splunk Partners are those who choose to purchase and use Splunk Products. Since mostly companies do so, that is what is meant by a Company Account. If you have any more questions about Training and Certification, we now have a board located here on the Community page. Thank you for being a part of our Community! Happy Splunking 🙂  ... View more

Re: Splunk Enterprise Security Admin Certification...

by Splunk Employee in Training + Certification Discussions
‎03-16-2021 08:08 AM
‎03-16-2021 08:08 AM
Rich, for the win! Well done 👏 ... View more

Re: How to install Enterprise Security, licensing ...

by SplunkTrust in Installation
‎03-16-2021 06:06 AM
‎03-16-2021 06:06 AM
Hi @termcap, answering to your questions: No, buying 50 GBof Splunk and 50 GB of ES you haven't 100 GB you have 50 GB of Splunk and ES. Yes you have to upgrade both the products: Splunk Enterprise and ES; For my knowledge you cannot buy a different value for Splunk and ES; ES Installation requires a training on ES because it has some attentions to use in the installation process, e.g. differently to how you might think, the ES is not installed immediately after Splunk, but first all the TAs must be installed and then the ES. Ciao. Giuseppe ... View more

Re: Pivot on datasets fails with search job failin...

by in Reporting
‎03-14-2021 09:44 AM
‎03-14-2021 09:44 AM
The issue was that I am working with t2.micro AWS cloud instance with really limited RAM, the search job was causing the RAM requirements to shoot up, which was not a problem because behind the scenes it seems I was using my burstable memory credits. Once I ran out of credit, the OOM killer kicked in and started to kill the Splunkd process that was running the job! Changing the instance type of the Linux machine fixed the issue. ... View more

Re: Multi page dashboard with cards like layout

by in Dashboards & Visualizations
‎02-02-2021 09:07 AM
‎02-02-2021 09:07 AM
@ITWhisperer How can I add an HTML panel to a splunk dashboard, can you point me to some resource that shows how to do this ? ... View more

Re: Configure universal forwarder to forward files...

by in Getting Data In
‎01-26-2021 09:34 AM
‎01-26-2021 09:34 AM
What you have stated is the default behavior of the UF. I was I was able to get the UF to re-process the whole file by adding random junk characters and enabling the crcSalt = <SOURCE> for the file. Then exclude those junk characters using transforms.conf. ... View more

Re: Best way to get the latest data from csv file ...

by SplunkTrust in Dashboards & Visualizations
‎01-24-2021 11:44 PM
‎01-24-2021 11:44 PM
Hi @termcap, in this case, you could have a different approach: schedule a search (e.g. each hour, or every ten minutes) that takes all the values you ned deduping the values and save results in a summary index or in a lookup. In this way you're sure to have the updated values in this lookup or summary index and then you can make your searches (if summary index using my query) here, obviously you always have an update time related to the frequency of your scheduled search. Ciao. Giuseppe ... View more

Re: How to extract Date from Day format

by SplunkTrust in Dashboards & Visualizations
‎01-23-2021 09:46 AM
‎01-23-2021 09:46 AM
Hi @aditsss, sorry! there was a typing error, please try this: | rex field=Rundatetime "^(?<date>[^ ]+)" Ciao. Giuseppe ... View more

Re: Splunk certification requirements

by SplunkTrust in Training + Certification Discussions
‎12-10-2020 05:57 AM
1 Karma
‎12-10-2020 05:57 AM
1 Karma
You can take the exams prior to Architect without the courses. To be pedantic, you must successfully complete the courses, not just buy them. ... View more
This widget could not be displayed.
Contact Me
Online Status
Offline
Date Last Visited
‎08-01-2022 01:37 PM
Karma from
View All
Karma given to
This widget could not be displayed.