Subsearch didn't work with starttimeu passed by variable of main search
Hi, I'm trying to calculate daily time shift baseline by this querysource="MySource" | eval ReportKey="Today" | eval d1AgoEarliest=relative_time(_time,"-1d@d")| eval...
View ArticleException in thread "main" java.lang.RuntimeException:...
Hi,everyone. I'm new to Splunk.But now I meet a problem can't solve by myself. When I am going to store the data from splunk to a ArrayList,it occurs the following problem.Exception in thread "main"...
View ArticleJoining searches with multivaluate fields turn them into single valuate field
Hello!I am having a problem with this query:index=myIndex | join FIELD1 max=0 [search index=myOtherIndex | stats values(FIELD2) as FIELD2 by FIELD1] When I look a the result of the query, the FIELD2 is...
View Articletranspose and dynamic drill down
I have a simple table (5 or 6 columns) and another one full of details (86 columns). I want to display a specific row from the detailed table when I click on a row in the simple one, but I want the row...
View ArticleHorizontal scaling using the load balancing with universal forwarder
Hi!I would like to ask question with the search head and load balancing.In the following environemnt, 1 search head 2 peer node (indexer) 1 forwader search head peer node1 peer node2 forwarder We are...
View Articlespammed by alerts
our Splunk Enterprise indexer has some alerts configured. One alert is configured as follows:Time range: rt-1h / rt-0h "Schedule this search": true Condition: always Alert mode: Once per result...
View ArticleForward a subset of events from one splunk server to another, changing the index
On the server MyServer I have events coming into the index MyIndex from various sources. I want to tag a subset of these events and send them to OtherServer into the index OtherIndex.So on MyServer in...
View ArticleMcAfee epo integration with Splunk
HiWe have to integrate McAfee epo(full fledged) instance with splunk i.e we want logs of EPO in splunk. What is the best way to do it. Should i install Universal forwarder on the epo machine or should...
View Articlee-mail body indexing
Hello, I'd like to ask the community, if there is possible to index somehow the body of e-mails sent through MS Exchange 2010. I like to consider Splunk as possible DLP for e-mails. Thank you, Kamil
View ArticleNO_BINARY_CHECK for archives
Hello, I want to index files from a zip archive. In the log file (splunkd.log) I see: WARN FileClassifierManager - The file '/root/test/test26.zip:./test26.txt' is invalid. Reason: binary But in the...
View ArticleHow to extract fields with values always on the same line and same row?
Hi Splunkers,I tried a lot, but now I have no more idea. I would like to extract a log file like the following. It looks like a table, but any Number is a different information and has to be extracted...
View ArticleLocalization of numbers in search.
Hello.In the search app, I would like to use the european format for numbers ie. 1.234,56 for the number one thousand two hundres and thirty four point fifty six. I do use the locale en-GB but still...
View Articleuse a result value, as fieldname in subsearch
I have a first search, that return "system1"Then I want to use that value, to get the appropriate value out of a subsearch timechart : first restult : system system1second result : system1 system2...
View ArticleSplunk Exchange app (server performance)
Hello! How app will affect on the overall server performance? CPU/Memory/Network? And how I can calculate space for incoming data/logs (if possible). Thanks!
View ArticleRouting Syslog to 3rd party system: Dynamically assign priority
Hi guys,I was just looking at the outputs.confspec. I can see that the priority value can be set from 0 to 7.We require this field to be dynamically set based on a value in the raw data, is this...
View ArticleTimeRangePicker goes back to the default value when upstream values change
I've noticed that when I change values upstream of TimeRangePicker, the TimeRangePicker's selected time range goes back to the default.Is there a way to prevent TimeRangePicker from going back to the...
View ArticleCan i assign a role with Idle session time out value ??
Hi..I have a specfic set of users with role name "myapp-testers" , now the users associated with this role when they are leaving the browser idle for few min there session is getting timeouted..So is...
View ArticleDrilldown changing visualisation to time range of data clicked?
Hey, Pretty new to Splunk here, and I can't seem to find what I'm looking for in the answers page (maybe I'm missing the relevant searches).I've got data that I'm creating a time chart for. It...
View Articlecan i hide and show the modules ??
Hi..I have created a advanced xml with certain no of modules in it.can i hide the modules and display when ever i need .. is this possible in splunk ??please help
View ArticleChinese Can't Be Displayed Correctly In DB Connect
Hello, Now,I just use DB connect to load my Mysql.But I have some difficulties with the charset.There are some Chinese in my DB and they can't be displayed correctly.I already write 'charset = gb2312'...
View Article