Calculate the predicted value from any two points
Can you calculate the predicted value from any two points (e.g. the data of 1 month ago and the data of 2 months ago) using "predict" command? In addition, is there any other way?
View Articleolder versions of the *NIX App
Is it possible to download older versions of the *NIX app, for example 4.6 or 4.7? We lost the install package on our test server and have no way to recover the old install package. Thank you
View ArticleJoining the community
Hi , One of my friends has some issue in joining the splunk community.She filled the sign up form and submitted but she didn get the validation mail and so she couldn't join the Splunk...
View ArticleUnix/Linux login account aduiting
I working on creating reports for Top successful login and Top failed login in Unix/Linux or related OS.Would need help on that.Thanks Kishore
View ArticleHas anyone successfully front ended deployment servers, receivers, or search...
any gotchas, tips, tricks or advice with start of such projects?
View Article500 error after 4.1.6 upgrade
After an upgrade to 4.1.6 on Linux amd64 I get this error on the free server after the login pages:500 Internal Server ErrorInternalServerError: [HTTP 500] Splunkd internal error; [{'text': "In handler...
View ArticleSet a field with a constant value
In props.conf, I would like to create a field abc by saying:abc = "xyz".Is there any way to say this so that Splunk understands?
View Articletransformation of the logs
Hi, I need to transform the input logs into different format.I used props.conf and transforms .conf to change the format of the log,still i need some more clarifications.The input log is of the format...
View ArticleHow to filter the events
When input a value in a search box it shows all the events and all the values are displayed which are not in the file anymore. How to restrict events to show the latest results in a txt file? Or should...
View ArticleSQL Truncate Query
Hi Guys, I'm using Splunk with DB Connector and all seem to work fine. The only problem is that when I go to "Run SQL queries" and click on the DB Query button to execute Truncate statement (I'm...
View Articlexml static input data and defining variables
UI (dropdown/button etc) 2. Is it possible to define variable that get evaluated based on a query output.
View Articlehow to calculate the Success events percentage based on the time intervals.
Hi All,how to calculate percentage value based on time intervals.here i am writting a queryindex=operartions sourcetype="SView" OR sourcetype="YView" DashboardStatus="Success" | timechart span=1d...
View Article[Simple XML] Token not substituted within href attribute
I defined the following HTML element within one row of my dashboard (which is called with the GET parameter '?tsmserver=TSM512'):<html> <h2>Other Server Information</h2> <ul>...
View ArticleHow to list more than 500 lines in an event on a dashboard
Hi I want to list all the lines for a particular column of my dashboard, But splunk is only allowing few lines to display on the dashboard and rest are hiddenMy dashboard:column1 column2 10:30 PM 1 2 3...
View ArticleUnable to break column values in a dashboard
HiI want to show my logs in the dashboard in a tabular form but the problem is my logs are very large hence while displaying the dashboards the _raw events column are going too far from the page, Means...
View ArticleSplunk Forwarder Crashes
I am having an issue with Splunk Forwarder on my Linux machine crashing shortly after startup. I have been unable to run splunk fsck because I can't seem to fulfill all the requirements. E.g.:cleteNAS...
View ArticleUniversal forwarder on Windows to monitor a single folder, nothing else
Hello All,I want to set up the universal forwarder on a Windows machine to monitor a single folder without it sending event logs and any other data.I have just set it up, only entered the folder I want...
View ArticleIndex from Oracle Database
I have splunk 6. I created an Index, and I have a conection to the database which is working as fine as I'm able to use dbquery and so. Still when I try to index files from the database, it does not...
View ArticleHeavy Forwarder, caching Win Events?
Hey Guys,im trying to configure an Splunk Heavy Forwarder, to cache his Windows Event Logs on the local Disk, in case the Indexer(in this scenario a thrid-party-system on a other server) is...
View ArticleError in 'PivotProcessor': Unable to fetch datamodelreport REST endpoint
Whenever I try to save a report/dashboard (Data Model and Pivot Tutorial) the view screen gives me tthe following error:Error in 'PivotProcessor': Unable to fetch datamodelreport REST endpoint...
View Article