Splunk Simple XML Form Cheat Sheet
Team,This isn't so much a question as a question AND answer:Q: I love to make forms in Splunk but if I had a cheat sheet, it would be so much easier!A: You're in luck! There's one available...
View Articletransforms filter
Hi,I have a large logfile, but only want certain data. The data is very well...
View ArticleDeleted events still showing in search summary
Hi allI deleted a large number of events taken through a UniversalForwarder (v5.0.3) using the | delete command.However these events are still showing up in the event counts on the Search summary page,...
View ArticleTimechart with data 1 week earlier and average of data 1,2,3,4 weeks earlier
I've created the following query for a range of -12h...+12h with data 1,2,3,4 weeks ago and the data of the last 12h creating a timechart with 10m span and snapping to 10min. The query works ok with...
View ArticleSplunk 6 - Is there any way to get the dropdown menus back?
Hi,So I've been playing around with Splunk 6 and I'm wondering if there's any way to configure it so that we get the drop down menus back? That made it much easier to navigate beteween dashboards/apps...
View Articlemaybe a bug in splunkd management port
hi,there: I developed an app using splunk5.0.3 and splunk-appframework,it works fine always,but yesterday,I can't login in to my app anymore, it give this error in the...
View Articletimechart x-axis tick marks every month
I want my timechart to show system logins for the last 12 monthsmy search is sourcetype="logins" | timechart dc(Username)The graph shows data by month for each month, but the X-axis tick marks and...
View ArticleUnable to modify props.conf
Hi, When I am trying to modify props.conf in the local directory of my app, "Please check whether the file i opened in another program" dialog box is displaying. I tried restarting the splunk services...
View ArticleSplunk dont show fields after parsed. why?
Sample Log File2013-10-31|2013-10-31 00:00:00|serv1|ws1|Mozilla|p1=1,p2=2,p3=3|hash1||method1|id||2.012013-11-01|2013-10-31...
View Articlefields via transforms...
Hi,I've created some fields via transforms, and they work fine in the search app. However, they do not appear in any other app. I put the transforms in the ../etc/system/local transforms, and assumed...
View ArticleCan splunk be used as a proactive tool to generate alers
Hi, I am new to splunk and I am still learning how to use splunk. My question is: Can splunk be used as a proactive tool to generate alers? What intelligence does splunk have?t Is splunk's efficiency...
View ArticleUnable to add search peer.
Hello, Im getting an error when trying to add an indexer: [user@server bin]$ /opt/splunk/bin/splunk cmd python configure_indexers.py add indexer1 Did not find at least 1 JobScheduler and 1 Search Head...
View ArticleJoin DBConnect SQL query with other datasets
Hello DB pros,I'm using DBConnect to query a specific table in an Oracle DB (let's call it "oracle"), which has the column "FLOW_ID". In another dataset (let's call it simply "dataset"), which is NOT...
View Articlehow to enable logout button in splunk
Hi, I have installed splunk 5.0.1 and after installing I went to search page, everything is fine enough but when I want to "logout" splunk, I could see that my cursor is not getting converted into...
View ArticleFortigate 5.0 configuration
Hello,The new version of Fortigate are avaibility . But the splunk for fortigate is only compatible with 4.0 MR3 .Someone have a version compatible with the last version of Fortigate ?Regards,
View ArticleScheduled search not saving results: trendline is the only suspicious!
Hey guys,I've been scheduling graphs and some tables fairly easy with Splunk (5.x) with no issuer so far.After discovering the trendline command (moving averages), I've scheduled one graph for showing...
View ArticleLooking for a simple (emphasis on "simple") way to revert to v5 UI...
I REALLY do not like the new v6 UI. It is too kludgy. Too much time-wasting back and forth.I don't like the fact that the general navigation bar is always off the top of the window and that I have to...
View ArticleDeployment Server and Load Balancer?
Can you put a deployment server behind a load balancer if the deployment-apps directory is on an NFS share and serverclass.conf is synchronised by another deployment server? Sounds like a good way to...
View ArticleSet order of indexed data inputs
Does anyone know if there is a way to set what order splunk indexes things in?The index I care about the most was added last, so seems to have the lowest priority. Or maybe not and I'm just...
View ArticleAdding a Workflow Action to a Dashboard
I have been searching all afternoon for the answer to this question and cannot seem to find anything. I have a table within a dashboard that shows the source IP, virus name and sha hash. I want a...
View Article