Hi Everyone, Please help me regarding this ask - i need the splunk to show the respective events with the current date instead of the date when the file being placed in the host. For instance, like the file been placed in server dated 17th july and the events are showing with date 17th july instead i want with the current date.  If the current date 22nd July, then event's date should mentioned as 22nd July and likewise. I have tried with DATETIME_CONFIG = CURRENT and DATETIME_CONFIG = NONE in props.conf but it doesn't work.   ... View more

Hi Everyone, Can someone please help me with Splunk query to show difference of two values in timechart for the period of time. The sample result which i get from the query with Column A with time range and other columns with the respective host values. Column A Column B Column C Column D 02/22/2025  10         12               14 02/23/2025   11         13               15 02/24/2025   12         15               17  02/25/2025    16         20              21 I need the difference of values of Column B C D from previous time period and show it one time chart. Let me know if any other details are required. ... View more

  Hi all, Can you please help me with the Splunk query to list the Windows Process Names and CPU utilizations for the particular hostname. I have made the query as follows:- index=tuuk_perfmon source="Perfmon:Process" counter="% Processor Time" host=*hostname* (instance!="_Total" AND instance!="Idle" AND instance!="System") | eval 'CPU'=round(process_cpu_used_percent,2) | timechart latest('CPU') by process_name   With the above mentioned query, i can able to get the CPU utilization results for listed Windows Process names, but when analyzing the results, for particular time frame there are multiple 100% CPU utilization for mutiple Windows process names. Could someone please suggest or validate whether i am getting valid results and also the reason for multiple 100% CPU utilization?       ... View more