Count the number of events but avoid counting weekend days
How would one filter out weekends in a count of events based on a search? Filter so that those days are not included in anyway... i.e. avoiding 0s in your final output due to the weekends.
View ArticleIT Block signing reports tampered data
Hi, I have just enabled Data Block Signing on two of my indexes, but when I now try to verify them with "view" source the data shows up as "Detected possible tampering with this source.".When enabling...
View ArticleSCCM 2012 Reporting and Splunk
Anyone using Splunk for SCCM reporting, if so, any advice or must-have applications? Does DB Connect support T-SQL? WQL to SQL is a Microsoft translation through SCCM and we'd like to use Splunk...
View ArticleLinux Splunk upgrade script
The goal: A single script that can be run to:List itemdownload splunk using the wget links (or from a directory if that would be an issue)run the upgrade (the .deb file in my case)answer the termsand...
View ArticleHow do I alter the footer in PDF reports in Splunk 5.0.5
I'm able to remove the Splunk logo from PDF reports, but I would also like to remove the date/timestamp from the footer as well. Any ideas?
View ArticleTimestamp Extraction Issue
My data looks like this:{ EC_reference="C0000001", Entity_name="Charter 88", Entity_type="Third Party", Regulated_donee_type="", Recd_by="", Reported_under_62:12="", Is_sponsorship="",...
View ArticleIs it possible to increment values time after time ?
Hi there,Because of some product limitations on a SMTP server, I need to desactivate snmp polling but I have to keep an eye on the mail queue growth.The server is sending real time logs to splunk via...
View ArticleMulti-value Field extraction
Hello,I would like to create a multi-value field for my data, how can i do that?here's a sample of my data (Starts at QAM)event1 = QAM 32209 Prog 238 Path PATH_MW event2 = QAM 23001 Prog 25 Path...
View ArticleOn RH 6 and Splunk 6 my searches are consuming lots of CPU
Using redhat 6, I've noticed that my Splunk instance has searches that are consuming large amounts of CPU and I am experiencing quite a bit of latency. Has anyone else seen this? Is there something I...
View ArticleHow to combine results from 2 servers into 1 combined field?
Hello,Is there a way to combine the results for 2 different servers (DNS names) into a third field that becomes the 'combined' field? For example, a search returns the following:Dest Action Total...
View ArticleChart X -AXIS Splunk 6
Hi Everyone!Is it possible in Splunk 6 to rotate the X-axis label of chart to vertical?Thanks in Advanced! Xisura
View ArticleConfiguration for Splunk for Excel Export ap
After installed the Splunk for Excel Export add-on and restarted Splunk I can't see any integration on my apps.To see the "Excel Export" button on my apps have I to configure anything on the...
View ArticleCan we call different saved searches based on systemtime automatically in a...
Hi I want to display different graphs within a single panel in adashboard based on system time or elase I want to display different graphs for every 5 minutes within a single panel please help me how...
View ArticleA solution for tracking hosts that stop logging
Hopefully others might find this helpful and I'm certainly open to feedback. Some of the guts of the solution can be traced back to the "outputlookup and State tables" preso Drew Oetzel gave at...
View ArticleIronport set by SCP
Hello everyone. I wanted to see if someone has previously configured to send logs by SCP Ironport, tried to do but did not get it, so you see what I did wrong, I did not find much information about it...
View ArticleHow to Configure JMX for splunk
Hi I need help to configure JMX app on Windows server 2k8R2 to gather thread dumps, heap size, memory pools Can I get a document which canhelpLucky
View Articleproblem in connecting
please tell me which symbol we should use for seperation and there is another box for confirm password which password we should use for confirmation..please reply me as soon as possible.
View ArticleI have created a dashboard with XML/HTML tags,I need to shedule this dash...
Hi, I have created a dashboard with HTML tags,I need to shedule this dash board but I could not shedule/generate pdf, Please help on this, Please find sample attached code<view...
View Articlestarting splunkd hangs after checking Indexes
HiI'm starting with settingup splunk in my local vagrant box. I dounloaded tar ball and uzipped. From inside the directory on running./splunk start splunkd givesChecking prerequisites... Checking mgmt...
View ArticleExtracting a network address from a trap message
Hi AllI am trying to create an alert that triggers whenever i receive a high risk notification from my IPS. I have my splunk search term below that returns the correct trap message, but i need to know...
View Article