My requirement is to pass the tokens via drill down from parent dashboard to drill down dashboard (which is created with Java scripts) From parent dashboard, I tried to pass the token via drill down URL to the java scripted dashboard, but that did not work out. Can anyone please help me in passing the tokens via drill down to the target dashboard which is created with Java script? ... View more

With some of the events, we are facing the unexpected format of the query results. Actually in the raw event there is no issue at all, and each field is showing their own values. But when it is queried and displayed in the statistics section as results, the values of few fields are displaying incorrectly. Usually the search results show key-values. But with some events, the search results are showing as "fieldname1=fieldname1=value" and in some cases "fieldname1=fieldname3=value".  Example1: Request_id=Request_id=12345 (Expected to be -> "Request_id=12345") Example2: Parent_id=message_id=456 (Expected to be -> "Parent_id=321") Example3: Parent_id=category=unknown (Expected to be -> "Parent_id=321") Is this related with parser or something else? We are unable to find what could be the issue lying over here. Could anyone please help us on fixing this issue at the earliest? ... View more

I have an input created in DB Connect app to few the necessary rows from a DB2 table. The job is scheduled to run on daily basis and to fetch only the previous day's data. I have left the "Max rows to retrieve" and "Fetch size" to default settings. Whenever my job runs, by default it is logging the same records twice. I am not sure what is causing this issue. I have attached screenshot of the entries belong to a primary key field where two events are indexed for each record. Could anyone help me in troubleshooting the issue? ... View more

I have a field which have values only with numbers and also with combination of number and special characters as values. I would like to filter the field values where both number and special characters are in it. Example: Log 1 -> field1="238_345$345" Log 2 -> field1="+739-8883 Log 3 -> field1="542.789#298" Already I have tried in writing regex query but there is no expression to filter out the combination of digits & special characters. (No expression to filter all the special character). How can I filter and display the field value which have the combination of number and special characters? Could anyone help me on this? ... View more

I have gone through a few questions which are related to lookup file changes. I tried to use the same query to get the internal logs regarding my lookup file changes but I am unable to fetch any logs. I would like to know where can I find the information about the changes made to my lookup file. The information is more related to the user who modified and the respective time. I tried to search in _audit index, but I am unable to find the exact logs (may be the way of my searching is wrong) Could anyone please help me in finding the history of modification/changes made to any lookup file? ... View more

I have installed a free version of Splunk Enterprise 9.1 in my local system. I would need few logs files from my S3 bucket to be sent to Splunk. I have setup up the Splunk Add-on for AWS. In the app, under configuration, created an account with access ID and secret access key. Then created an input by specifying the account name, bucket name and indexing details. After creating the input, when I search my index and sourcetype, I could not find the logs from S3. I have waited for more than half an hour, then tried again but no luck. As this is the first time I am trying the setup with AWS add-on, I am not sure whether the issue is happening. Could anyone please help me on this? ... View more

We have recently upgraded our Splunk Enterprise to the version 9.0.4. We observed that some of the behaviour in the system are different. For example, when we run a search with timechart/stats command and without mentioning the index field, the results are same but under the Events part, it shows empty events for the respective timestamp. Below is the sample query and respective results. host=abc sourcetype=xyz |timechart count This was not occurring earlier. Though we don't mention the index field, the results use to populate with the respective event logs. Not sure whether this is the expected behavior or it's a bug. Is this something which we can fix from the end user side? Please anyone help me on this. I would also like to know the limitations or restrictions which are introduced with this Splunk version. ... View more