SplunkJS/HTML Dashboards + map command + $foo$ substitution
I'm trying to make a search involving the map command work from inside a SplunkJS/HTML Dashboard, ie launched by a SearchManager. Say this were my search in a regular search bar:index=_internal error |...
View ArticleHashtable Functionality OR lookup Tables
Hi All, I have a lookup table that looks like:Key,value cat1,val1 cat2,val2 cat3,val3this is in a lookup file called keyvalpairs.csv i want to query the look up table to return value when a key is...
View ArticleError when configuring LDAP authentication over SSL to Active Directory
I have installed Splunk on a Windows 2012 server. I am able to configure unsecured LDAP to a Windows domain controller, but as soon as I enable LDAP over SSL and change the port, I receive the error in...
View ArticleHosting Dashboard on a website
Is there a way to host a dashboard on a website so that users can see it without logging in?
View ArticleIronport email - list out the email errors
Can anyone provide some sample search query to list out the errors?I have the error log shown as below and I want to do a statistic hourly/daily for different type of errors(450 - Client host rejected,...
View ArticleSummary indexing impact on license volume
Will using summary indexes impact my total indexing volume and my license?
View ArticleOld searches still in jobs list - causing "maximum number of historical...
I'm getting the message "maximum number of historical concurrent system-wide searches has been reached current=10 maximum=8", and searches go to paused without running.When I navigate to...
View ArticleForce HTML into results?
Is there a way to force HTML into the results sets? In my case I'd like to insert a line return a results in order to use a single value visualization. blah blah blah | eval message=Date +...
View ArticleTitles for Grouped Gauges?
I have figured out how to put 4 and 5 gauges in one panel on my dashboard. However, without any type of title or label near each gauge, it is impossible to know which gauge does what.How would I put a...
View ArticleCombine events where durations do not overlap within a single date_mday
Hi guys,I've got a bit of a poser here. I'm trying to calculate the average capacity required for a grouping of virtual machines over a period of time. I can get a basic picture of it through the...
View ArticleCreating field value pair
According to the documentation here I need to have ids_type in my events as follows ids_type="network" or ids_type="application" or ids_type="host". How can I add a field value pair to my events...
View ArticleManage Splunk app for Enterprise Security default account recognition
Hi All, we're tuning the Splunk App for Enterprise Security setup for one Customer and we're experiences a LOT of Notable Events for Correlational Search "Default account activity detected"generated...
View ArticleCan a searchTemplate in a form use report acceleration?
I have a form dashboard in SimpleXML that has a searchTemplate that references a saved search, but does some extra processing on top of it using a text input:<searchTemplate> | savedsearch "Fancy...
View ArticleRestarting Splunk Agent when Home Directory is changed
I have some servers that don't comply to our newer Splunk Standards, and I'm doing a "Remediation" on the servers that need home directories changed, increased disk space, etc.Will Splunkd need to be...
View ArticleJoin Same Saved Search
Hi,I created generic saved search and it is running fine individually as below|savedsearch PausedTime_SS index_name=one_index However, when I called them twice and joined them with common field...
View ArticleIs the default 500 MB usage valid for log of sourcetype other than fixed...
I have a single Splunk instance ( No master slave configuration ). Our Splunk license is for a fixed sourcetype. If I try to add a log file ( less than 500 MB ) of a different sourcetype ( other than...
View ArticleSplunk 6.01 takes a long time to shut down.. External handler fail?
Hi,Just wondering if anyone has had any issues with their shutdown times for Splunk 6? I noticed that after I added a universal forwarder to the mix after installing SplunkForNagios, it takes a really...
View ArticleHost list on default search shows error message of: [SimpleResultsTable...
So my main search page in the bottom right hosts summary has the following error message listed:[SimpleResultsTable module] Input is not proper UTF-8, indicate encoding ! Bytes: 0xD8 0xCE 0x89 0xB9,...
View ArticleHow to determine if any benefit is obtained by enabling multi_threaded_setup...
We're still in the testing phase but it looks like we're not seeing any performance benefit to disabling splunkdSSL and enabling multi_threaded_setup. I understand that multi_threaded_setup requires "a...
View ArticleHalp! My data is being rolled to frozen and I don't know why!
I need to know why my data is being rolled to frozen - is it because of time or disk space?
View Article