Dashboard Panel with custom static HTML?
Is it possible to have a dashboard panel show static HTML? I'd like to put some contact and support info in 1 dashboard, that is all static. Nothing to fancy or dynamic.Thanks!
View ArticleHow to set up a limit to max no of events to be searched
Is there anyway to restrict the max no of events to be searched in an index irrespective of the time chosen the time picker ?Example : i have 100000 events in a index. But i want the queries executed...
View ArticleIssue with configuring forwarder
Hi,I had configured my universal forwarder on production by adding conf files ie. inputs.conf,outputs.conf and deploymentclient.conf in etc/system/local folder.Now I want to make changes( like...
View ArticleHow to avoid subsearch auto-finalize in query performing outer join against...
I've got an inventory list, which greatly simplified looks like below and made it available to splunk as a lookup table.host,os_type m00001,linux m00002,linux m00003,linux What I want to do is list the...
View ArticleUsing Search Commands in Data Objects
Is there a way to use search commands like FillNull and/or Eval to clean up the data in a Data Object?I have these commands working when i run searches but can not figure out how to applie them to my...
View Articlewhat is this package for?
Hi! what exactly is this package? how is it used? what is it for? there is no description other than "see the readme" and there is none... thanks!
View ArticleProblem in posting question
There's a problem in creating a Splunk Forum id for one of my teammates. After registering the validation mail from splunk.com was not received and hence the email was not received as well. Hence she...
View ArticleHeavy forwarder cisco ironport web proxy log
I have 2 servers one as the indexer and the other as a heavy forwarder. I have setup syslog forwarding successfully from heavy forwarder to the indexer.I now want ironport proxy appliance log to be...
View ArticleHow Get Bluecoat CacheFlow log in splunkstorm
HiI'm trying to send a log from Bluecoat Cacheflow 5000 to splunkstorm with the format listed belowtype elff "date time c-ip sc-bytes cs-bytes rs-bytes sr-bytes cs-host"I am interested to get only the...
View ArticleHow do I remove \x00 characters from my log message?
I have a log message which (thanks, M$) has been littered with \x00 text - originally null bytes. They appear every other character, making it almost impossible to read. Can Splunk automatically remove...
View ArticleDeployment server to forwarder communication
Hi,I already create inputs.conf file in splunk_home/system/local/ folder and now i want to override this changes from deployment server. Is this possible ?
View ArticleDefault decimal digit?
Hi!What is the default decimal digit splunk has when numeric data comes into field? It seems that it is 6 but would like to confirm to be sure.Thanks, Yu
View ArticleSet Expiry Time for a saved Search with an action script
Hi All,I have a set of saved searches which i have scheduled for run for every 15 min interval. Each of the saved search triggers a script. By Default , the expiry time of the saved search which...
View ArticleSplunk Forwarder Crashes
I am having an issue with Splunk Forwarder on my Linux machine crashing shortly after startup. I have been unable to run splunk fsck because I can't seem to fulfill all the requirements. E.g.:cleteNAS...
View ArticleWhat does "Size" stands for in Job Manager?
Hi!I would like to know what does "Size" stands for Job Manager in ver 5.0.5.Any help is appreciated!Thanks, Yu
View Articlehow to tell forwarder to wait for a cr/nl
Hi,I have a logfile which is single-line and well structured, but the feed doesn't always write out entire lines. I might get 10 lines (with cr/lf) and then half a line, until the next "batch" of data...
View ArticleWhy Splunk interpret a false timestamp?
I configured my data import with a timeformat of %6N and all works fine. Sometimes the event comes with a %3N timestamp and I expect Splunk ignore it, because interpreted as a %6N Timestamp it is to...
View ArticleIs there a document about making a Syslog message stream "Splunk-friendly"?
I am responsible for an "agent" that sends Syslog messages to a variety of SIEMs and similar software. I have based on trial-and-error introduced some options that seem to make it more...
View Articlewhat could account for changes in case for input sources?
When constructing a search to render a table of count of events by source I noticed that splunk was treating the identical input sources as different based upon differences in their source name...
View ArticleAdd "Price" field with different values for specific timeranges
Hi,I'm adding a "Price" field to each product in the events. Therefore I'm using a lookup which includes the productname and the price.| lookup Pricelist.csv productname OUTPUT priceIs there a way to...
View Article