Hi, splunkers. I have seen that the add-on for Mobile Access will reach its End of Life on August 13, 2018. We use it in our projects, and I need to know how this affects us, but in add-on page there is no really relevant information about it. Please, could anyone answer my questions? Without this add-on, mobile access by Splunk app will be disable? Will we be able to access with SSO? We use it right now to access to Splunk. Thanks and best regards. ... View more

Hi, splunkers. We need to receive an alert by email with an URL that user needs to view. The issue is that we need that report been opened in Splunk mobile app. We have been doing tests and when we receive the email and we click in the URL, the dashboard is opened in mobile browser, not in Splunk mobile app (that is what we are looking for). Any person has tried and get it? Maybe the URL need to be setted in any special format to be opened with Splunk mobile app? Thanks and regards! ... View more

Hi all. We have several apps and indexes in Splunk. Suddenly, this morning, there were not data at any index (except indexes like _internal, _audit). By investigating we have seen that the majority of the indexes are disabled and because of this we have discovered that there was duplicated IDs of buckets (I don't know why). Searching in Splunk answers I have found how to fix the issue with duplicated bucket IDs (link text and I have follow these steps, hoping find data in the indexes after restart Splunk, but indexes does not have any data :(. In the indexes view, there is some indexes that I can not enable (I don't know why), and the indexes that I can enable shows 0 Current Size. We have review the directory where the buckets are and there is data inside, because of this I don't know why searchs don't return any data. We have also tried to upload new data to one index after enable it, and it seems to do it right in the "Add data" view, but when we finish the upload and select "Start search" it does not return any data. We have tried to create a new index and upload data into it, and it does not works. The index is created and it seems to upload data in it but when we search it does not returns any data, because the index is created disabled, how is it possible? We have a big problem because no application is working 😞 I have been all day trying to get a solution, but really I don't know what is happening!!! Thanks, thanks and thanks again. ... View more

Hi, splunkers. I need to generate an alert when the count of errors are greater than 10 in one hour. This is easy, but now, I need to do an evolution time chart with the alerts that have occurred. With the data of last one month, I had thought make a timechart with span=1h, but this really does not give the wanted result (because, for example, if we have 5 errors between 12:00 and 13:00, and 7 errors between 13:00 and 14:00 it does not showing error, but it can be error if the 12 errors would be within period of 60 minutes). We have same trouble with transaction. If I make a transaction establishing a maxspan of 1h, Splunk would detects the first error event and would search error events for next hour, making that if there are 5 errors in the first time period, and 7 in the next period, it does not recognizing it like there was more than 10 errors in a period of 60 mins. We have tried to use maxevents in transaction instead of maxspan and making a eval the duration of the transaction, but in this case Splunk would make bundles of 10 events, because of this neither is valid to our needed. Could you help me? Thanks a lot!!! ... View more

Hello, Splunkers. I have been looking for information about how work internally the splunk searchs. Are they be translated to another programming language like phyton? How is the workflow since you execute a search and splunk returns to you the results? I need to know deeper how Splunk works. Thanks and regards. ... View more