How to filter Windows event logs from a Universal Forwarder
Using 5.0.2. I am receiving Windows Event Logs at the Indexer from Universal Forwarders on Windows servers. I want to filter out or send to a null queue uninteresting Windows events, so I only see...
View ArticleReal time dashboard data not refreshing.
I've created a the following search that returns results when first run using 5 minute real time from the time picker. However, as the time axis refreshes the lines in the graph do not, eventually...
View ArticleSplunk High Availability
HelloI am new to Splunk and have a couple demo versions set up for testing. We want to use splunk primarily to log for troubleshooting purposes in our VMware VSphere infrastructure environment Today we...
View ArticleAdding time selector to dashboard panel on dbx query
Hello,We have a dashboard panel that does a query for a set of data for the last 7 days. Is there a way to place a dropdown time selector next to the dashboard panel and pass a variable to the dbx...
View ArticleTemporary relocating the dispatch folder.
I am trying to move a massive amount of events from the main index to a dedicated index for the sourcetype. I am trying to do this by running a search and ...|collect index=dedicated index...
View ArticleHow to use switcher with checkbox splunk sideview
Hi, I am creating custom form in splunk view using checkbox,textfields and button. Fields are like: Name --textfield Inputs1,input2,input3--checkbox output1,output2,output3--checkboxnext checkbox is...
View Articlelaunching to dashboard at login
is there a way to set a role that launches to a specific dashboard once a user within that role logs in?
View ArticleForward to splunk storm using universal forwarder through proxy
I have been having trouble getting my forwarders working from within an Amazon VPC environment. All the severs I want to forward logs from have to go through the proxy to access the outside world. I...
View ArticleForce namespace for modular input
can some one please explain how to force the namepsace in a modular input setup screen? ie. when saving a modular input intended to be ran from app 'foo', the inputs.conf is actually saved in...
View ArticleHow do I remove Print/Generate PDF buttons?
I have a dashboard that I've created that's tied to a specific user, so when they log in, there is the data that they can view. I don't want the end user to have any further interaction than that. I...
View ArticleSearch based on field value occurances
I'm trying to define a search that would output only the events that are related to a value of a field that occur at least X number of times.So for instance, If I have a field named "Username" and a...
View ArticleSpikes correlations!
Imagine you are collecting data from cpu, memory and disk, using a NIX TA (sourcetype=cpu, for example) and logs from Oracle Database (alert.log). All Oracle Database's processes, at the database...
View ArticleFilter Search - Only Results with One Field Value per Entry
Hi all,Is there any quick/straightforward way to filter results of a search so that only search results that have one occurrence of a field in them are displayed.For example, I have a search that...
View ArticleIs there a Splunk OPSEC LEA for Check Point Technology Add-on that runs on...
We currently are 100% windows shop, would like to know if there is a Splunk OPSEC LEA for Check Point Technology Add-on that we can run on windows.
View ArticlePrevent log events with specific text string from indexing
I've got a seemingly simple problem that I'm having a bit of difficulty on. I've been tasked with excluding log events containing a specific text string (in this case, an IP address) from being indexed...
View ArticleSubsearch Assistance
Ok I am trying to create a correlation between two different events and I am running into an issue.This search returns results just finesourcetype=snort src_ip="10.1.1.*" OR dest_ip="10.1.1.*" | eval...
View ArticleHow to reload SideView TextField
I've created a view using sideview 2 dynamic sideview pulldowns and a textfield. The user chooses values from the pulldowns, then enters a value of his choosing in the textfield, then chooses a...
View ArticleScatter Plot with non-numeric y values
My data table looks like this:Product TimeOfSale Shirt 5/2/13 5:00:00.000 PM Shirt 5/2/13 6:00:00.000 PM Slacks 5/2/13 6:00:00.000 PM Jacket 5/2/13 7:00:00.000 PM Slacks 5/2/13 8:00:00.000 PM How would...
View ArticleTrying to work with data CDR's
Hello, I am new to Splunk and strugging with a report I am trying to generate for data CDR's. what I am trying to accomplish is,Search for CD's on specific domains (bob.com) The CDR's contain the...
View ArticleSplunkWeb Service occasionally hangs...
Hey guys, Doesn't seem like many people have had problems with the Splunk Web Service hanging on them, but this is somewhat similar to:...
View Article