stats first behaving differently in a dashboard to a search - is this a bug.
Since upgrading from 5 to 6, one of my dashboards started behaving "strangely", and I have distilled it down to this.If I have a dashboard that uses "stats" and "first"<dashboard>...
View ArticleMulti-Source Full Outer Join using Append
All,As I understand it; The Splunk JOIN command does not have a 'full outer join' option. I was able to look-up an example of using the APPEND command, but the results are not what I expected.I have 3...
View ArticleIndex input script json results -> Issue The json is not broken correctly...
I have a set of input scripts that are working as expected. The problem I am facing is that I need to index the results but the event is not broken correctly. This is an example of the result: [ { "a":...
View ArticleSplunk 6 REST API: Much slower than 5
I upgraded our indexers to Splunk 6 about 3 weeks ago. Our monitoring scripts use the REST interface to hit Splunk. Since the upgrade, calls to the REST API have slowed considerably. (Showing 95th %...
View ArticleWhat's a good way to basically end up with more than 1 group-by field in the...
So quite often I end up in a situation where I have four fields. Let's say they're _time, clientip, method and count. I want to end up with a report that gives me, for each unique combination of _time...
View ArticleWeird behavior with timechart - any way to workaround?
1) If I run a regular timechart command against normal rows. * | timechart span=1h count by sourcetype limit=500 then for timebuckets and sourcetypes where no data existed, the timechart command fills...
View Articleproblem with streamstats command, using both window=N and a by clause.
This is in regards to using the streamstats command with a "by" clause, and at the same time specifying window=N to tell it to only compute the statistics using the N most recent rows. The Splunk docs...
View Articlehow can I do just the "filling in blank timebuckets" stuff that timechart does.
Sometimes I want to run reports calculating things about timebuckets that have no data in them. the timechart command is awesome because it knows that even if no data occurred in a given timebucket, it...
View ArticleUsing DELIMS to extract FIX data
I have the following types of events in FIX format. This is what they look like in vi or emacs:M|219620|0|i|I|20100506-16:15:53.443|463|8=FIX.4.4^A9=440^A35=i^A50=FXSpot...
View ArticleCisco UCS not collecting data
I have recently installed the Splunk app for Cisco UCS and am having trouble getting data. The installation seemed simple enough, I edited the credentials.csv and managers.csv files for the...
View ArticleImage src location using splunk6 django dashboard
Hi everyone,I am currently developing a dashboard using the new Splunk's Web Framework. Can I ask how to put images from the dashboard?I have this code to get my image: < img src="image-name.png"...
View ArticleWindows App Perfmon Data Input doesn't work
Hi,I'm currently testing Splunk 6.0.1 on a Windows Server 2008 R2 (fresh install). I want to monitor that particular Windows-Server, so I downloaded the Windows App 5.0.2 and installed it via the GUI....
View ArticleUsing RegEx in Props.conf
Hi All,I'm new to using regex, and I've recently made some changes that were pushed to our Splunk production which I'm (unfortunately) unable to see.I'm hoping one will be able to give me feedback on a...
View Articleuse an input csv file to pick up the values within while searching on splunk
Hello All,This is what i want to achieve. I have dhcp logs getting indexed to splunk. Our virus scanners periodically alert us of workstation ip addresses which have virus infections. I want to find...
View Articlesplunk for sourcefire vs splunk for estreamer
I am setting up Splunk for Sourcefire and I came across Splunk for Estreamer. Do they work in conjunction? Or are these separate apps? I can configure the eStreamer but the configuration documentation...
View Articlephyton script
Hi, Before I go deeper with this, pls allow me to ask a general question first and hope we/I can sort it out step-by-step. Is it possible to call a python function with an input parameter that returns...
View Articleshuttl supported on splunk 6
Hi,Just found Shuttl and I'm very intrigued. Is it supported on Splunk 6? Will development continue on it?
View Articlemanaging log.cfg through deployment server
I am trying to minimize noise level (across WAN) by splunk to greatest degree possible.. With review of index=_internal source=splunkd, I see that each of my universal forwarders is forwarding lines...
View ArticleHow to calculate percentages for multi valued search
Hi, I am getting requests by host (if we have 20 hosts) then i have 20 values. Now i want to calculate the percentage delta for each host with the average number of requests for all the host. So i got...
View Articlechange default function of UI
On chart, If I drag to stick point I can see the detail value.but I want to see all value if I drag a element name. ex) in case of "index=_internal | stats count by sourcetype " If I drag on 'count' on...
View Article