Dashboard List Organization
After we upgraded to Splunk 6, our folder structure went away in the Dashboards tab. Is there a way to group the dashboards in a way so they aren't all listed? Our users generally know what squad...
View ArticleHow do you reference the value of a transaction
Does anyone know if it is possible to reference the value of a transaction?For instancetransaction account startswith="event_type=login" endswith="event_type=logout" At this point I should have events...
View ArticleSplunk For AWS Problem
When I try running the Splunk For AWS app I get the following error:Splunk cannot find the "AWSCloudTrail-overview" view.As far as I know the aws.conf is configured correctly and my Cloudtrail bucket...
View ArticleCloudTrail Setup
Hello,I've been trying to configure Cloud Trail using SplunkforAWS App. Even after completing all steps listed in the USAGE guide, data is not getting populated. Also I do not see any errors anywhere?...
View ArticleSecurity Center Modular Input errors
I recently started seeing the following error message tenablesc index:Error Querying Security Center: Error performing vuln::query::vulndetails : string indices must be integersOur Tenable license...
View ArticleDisplaying results table in tab switcher tab, BEFORE clicking on drilldown...
I have a dashboard with two panels. The first panel contains a table which is a drilldown table. When the value is clicked, the second panel has three tabs with different searches, for the filtered by...
View ArticleHow to get total for line count then subtotal for another field in the same...
Hi - Very new to splunk.I have the following query that gives me total count for a specific log:LOGGING string: "log msg: stuff=<either blank="" or="" has="" a="" string="" literal=""...
View ArticleField Extractor App V 1.6 with Splunk 6.0
We downloaded and installed the Field Extractor App Version 1.6 with Splunk Enterprise 6.0. We have two issues with using the app.Issue 1: We used the app to extract 10 fields from a single log file....
View ArticleREST API Modular Input - How to setup new data input?
Hi All,I'm looking to use REST API Modular Input to query a REST data source and populate returned data into Splunk.From command line using curl, I would use the following two commands to login and...
View ArticleDB Connect and Lookup Caching
Hi, Im looking into using the DB Connect app to provide a db lookup source. I noticed that there are settings in the java.conf file that sound like they may cache the values into memory that are being...
View ArticleChart Android over Iphone apache logs
so I have index=apache useragent=android | timechart etc etc index=apache useragent=iphone | timechart etc etcbut what I want to do is group by platform. Basically I want a line for iphone, android,...
View ArticleHow do I notify all logged on splunk users about restarts?
I would like to restart the web and indexer services. I want to contact all Splunk users and post something on the splunk web logon screen that there will be degraded services during this time.I edited...
View ArticleDrilldowns and Internet Explorer 8
There seems to be some kind of issue with dynamic drilldowns with Splunk and Internet Explorer. I've been building dashboards and UIs with drilldown and it all worked fine until I tried to get other...
View ArticleShow User's Full name in Last Month Activity
I'd like to show the user's Full name field in the results instead of the login. Is this possible with a simple search?
View ArticleHow to use shuttl to archive frozen data in local FS
I'm trying to implement shuttl in our day to day Splunk workflow and in setting it up, it looks like it would shuttl my cold data to the new frozen location, say S3. However I already have many...
View ArticlePretrained source type for PI log files
Hi, Is there a pretrained source type for .dat OSIsoft PI log files ? I know I can create a .csv file manually from the .dat file, then use the .csv file in Splunk but I would like to read the logfiles...
View ArticleTime of Day on Y Axis
I'm trying to create a chart that has the time of day on the y axis. I have a results table that looks like this:Database Time_of_Day db_1 10:00 db_2 10:05 db_3 13:30 If I do a "chart max(Time_of_Day)...
View Articlehow to handle thousands of events with the same timestamp...
Hi,I have a feed that collects snmp performance stats every 5 minutes. I am parsing this logfile with a heavy forwarder and selectively picking which events that I'm interested in. I keep seeing the...
View ArticleHow to create multiple radial gauges from a singel query?
I have a query that produces 4 field values. I am looking for a way to use thae gauge command to create multiple gauges, one for each result field of the query?
View ArticlePulling data from table
hello,I'm looking to make a panel that has 9 timechart lines on it.I would like to graph the depth vs. time for each queue. Each log will create 1 data point for each queue. I'm thinking I need to use...
View Article