Deployment monitor accelerated searches not working at all?
Hi,I have a couple of servers that were 4.x and I updated them to 5.0.2. I also installed the latest Deployment Monitor application.However, now accelerated searches are not working at all. In Manager...
View ArticleHow to pass search results to custom JavaScript module
In my view I am creating a table with search results <module name="Search"> <param name="search"> | eval abc = ..... | eval def = ..... | eval ghi = ..... | table abc, def, ghi...
View ArticleDiscrepancy between spike shown in metrics data in internal index and what is...
I have a search/alert that alerts me when certain indexes have more than the usual amount of event data using _internal metrics, and which runs once an hour. And then I have this search which I run for...
View ArticleInternet facing REST API
We're looking to automate the process of uploading and approving files for an application whitelisting solution.For machines that are outside the network, I would like them to periodically query a...
View ArticleActive Directory App issue with dashboards
I am seeing the following message on some of my AD App dashboards in different areas. The job appears to have expired or has been canceled. Splunk could not retrieve data for this search.One such place...
View ArticleI have Sideview installed, why does SoS ask for it anyway?
i have sideview utils 1.3.5 installed on my search head. I have tried to install 3.0 version of SOS and it constantly prompts for sideview utils installation. am i missing something? also the SOS TA...
View ArticleCan't find.install DB Connect app from Splunk Web
The 1.0.9 version no longer appears when you perform a search using Splunk > Manager > Apps > Find more apps online. Version 1.0.8 was showing up in the search. Consequently, it cannot be...
View ArticleSplunk is not showing entire log entries
We are experiencing an issue with Splunk not showing entire log entries. For example if we look at a log in splunk for 1pm and that log has 50 lines with an option to expand to 66 line and then we look...
View ArticleGroup policy changes error code 1 in Splunk App for AD?
I'm getting the following error on the Group Policy Changes: I think the issue is related to the search "search eventtype=msad-ad-access Object_Type=groupPolicyContainer | eval...
View ArticleHow to control dataflow in Sideview modules.
Hello, I'm building a dashboard with a number of pulldowns, buttons and textboxes to allow users to precisely identify the data their searching for. Here's what I'm shooting for...User enters data in a...
View ArticleTags defined in tags.conf not showing up in GUI
So let's say I have this tag in /opt/splunk/etc/apps/search/local/tags.conf:[host=x.y.uci.edu] nac_wsg = disabled nac_dba = enabled So now I go into the GUI and under Splunk > Manager >> Tags...
View ArticleDisplay Time Range in a Dashboard's TimePicker
I have a advance XML dashboard with a TimePicker that is applied to several searches. I want to add text on top to display the start/end time of the time range selected. How do I do that? I looked at...
View Articledeployment monitor MB received SLOOOOOOWWWW
If I run the All Sourcetypes dashboard, the MB received panel for the past 24 hours, the panel takes just over nine minutes to complete. I studied the search and it is made up of three macros that form...
View Articlewhere to put extract statement
Hi,I am processing some logs on a universal forwarder, which then sends the data to some indexers, which are searched from a search-head on a different server. I need to do an extract on the logfiles....
View ArticleSplunk DB Connect not indexing
Greetings Splunk Answers,I am having an issue with the Splunk DB Connect app where database inputs are not indexing. I'm using dbmon-dump and dbmon-tail to query my DB as data sources. I can see a...
View ArticleDB Connect encryption
Does the splunk DB connect app encrypt communication between splunk and the Database(s) it's connected to?
View ArticleI have summary data in the logs from a custom application, I would like to...
I need to take already summarized data in the logs, aggregate it from a large group of servers, and build an si-type index. Looking at si-generated data from sistas fields, I have deduced the following...
View ArticleCSV file header field extraction in the cluster
Hello,I have created 1 cluster using 3 indexer, 1 search head, 1 master node. I have uploaded 3 csv file in 3 indexer respectively. Files has same column but different data. When I am doing query in...
View ArticleI would like group result
I have this request :sourcetype="accouting" fichier="*.log" | stats count by fichier Here is the result :fichier count DIAEAEF*.log 7 DIAEAU97*.log 1 DIAEHAB*.log 5 DIAEHF*.log 9 DIAEPJ*.log 5...
View ArticleGoogle Maps GeoIP max 1000 events
I have about 20,000 matching events when I do a search for a specific term. Piping to geoip limit my results to 2,724 events, and 998 events with location information. What is going on here? Any limits...
View Article