Trying to change X axis description in a chart
Hi ,i am using this query to get the daily transaction for every hour for a day. sourcetype="*Leg324.log" tid|rex field=_raw "stid((?<tid>d+)"|dedup tid |eval status = if(transaction == 200,...
View ArticleModify e-mail alert output
Hello splunk users,I am trying to modify the structure format of the e-mail alerts that I am receiving to XML or other other format. This would help me to be able to grab easier the required fields in...
View ArticleWeb Framework SearchManager to Token
My question is about how to set a token value in a django template taken from the results of a searchmanager job.For example: Searchmanager runs a search across an index that provides a username field...
View ArticleAny way to add a missing forwarder to the Forwarder Management screen?
Using 6.0, most of my forwarders show up on the Forwarder Management screen. However, my test machine does not. Is there any way to force it to appear as the others do?
View ArticleWinEventLog:Security recognizer by HeavyForwarder (filter and send to indexer)
Hello,I trying to retrieve all login/off/fail on my inderxer from UniversalForwarder filtered by Heavy forwarder :UF v5.0.5 (All Security logs) > HF v5.0.5 (Filtering only 4642/4625/4634 events)...
View ArticleHow to getrid of the header info in a report
Hi, we have scheduled a report and getting an email using Splunk. But we don't want to display the header info but we want just the actual data. For example below info we don't want to display. Is...
View ArticleDetermine number of searches per day (non-scheduled).
How do I determine the number of non-scheduled searches that are run per day. We are running pooled searchheads. Running Splunk 5.0.5.
View Articledbquery and variables
Can I pass any kind of variable to dbquery through splunk? It demands being the first search command: "Error in 'dbquery' command: This command must be the first command of a search."I would like to...
View ArticleLookup error: Could not find all of the specified lookup fields
Hi! I'm trying to use lookup table but I get the error I wrote in the title. My .conf files areprops.conf:[mobile] NO_BINARY_CHECK = 1 pulldown_type = 1 REPORT -mobileextract = estrae_mobile...
View ArticleSend PDF of a View after triggered alert
I've got a scheduled search that checks for timeouts for the last 15 minutes and if count > 250 it sends out an email alert. Then typically someone would login to Splunk pull up a view and see what...
View ArticleHow do I create drilldown in the XML?
Hello Splunkers, I am developing a XML code, and I want create a drilldown link in the my map. Follows the xml part:<row> <map> <title>Google Maps - External</title>...
View ArticleSymantec Endpoint Protection 12 App
Hi Splunkers,We used to have SEP 11 and using the app below works fine with Splunk. http://splunk-base.splunk.com/answers/43518/symantec-endpoint-protectionAfter upgrading to SEP 12, the syslog format...
View ArticleThe Splunk For Bluecoat view "bcoat_overview" does not display results for my...
I deployed the Splunk for Bluecoat app, modified the macro.conf to point to my custom index (per the instructions) and all of the dashboards populate except the splash page which is...
View ArticleGet reults from SearchManager / SplunkJS
Hello,iam trying to start a search with Javascript and the SearchManager inside my own js-libary on a Dashboard . My Dashboard-header is binding: splunk.js, myownlibary.js and myOwncss.css. After...
View ArticlePerl script output instead of shell
Hello There,I wanted to use Perl script instead of shell script for the scripted output.I put my shell perl script @ same place where other shell scripts are available.but I am not able to get input...
View Articletable sort columns numerically
I would like to be able to sort table columns numerically. Right now it sorts based on 1 11 111 2, but I want 1 2 11 111. I do not believe there is a feature in Splunk right not to handle this, and am...
View ArticleLog not index entirely
Howdy!I have been wracking my head around this for the past few days and cannot seem to figure it out. For testing purposes I/we have a "Test" splunk indexer and a "production" splunk indexer that has...
View ArticleTcp output pipeline blocked. Attempt '400' to insert data failed.
We have recently upgraded the Splunk SearchHead and Indexer to Splunk V6. Since afternoon we are facing below error and no logs are coming on Indexer or Search head. 1. Search peer lonrs10215 has the...
View ArticleCan't See Newly Creating Fields
I just created a new search field name going through the following process;1. Run a simple search 2. Select “Extract Fields” 3. Edit the regex & run a “test” to verify that it works, save it and...
View Articleregex help for props.conf BREAK_ONLY_BEFORE option
So we have a script that runs tests to monitor if a system has changed and the output examples below are the lines I need to break before. This will allow us to easily display the results of the tests....
View Article