How do i create a search such that i'll be able to know how many bytes have...
Hi, i would like to ask if im able to create a search such that i'll be able to show it in my dashboard on how many bytes have passed through each day. the data i'm using is the one that they gave from...
View ArticleSearch Command to identify a Port Scan attack
Hi, currently I am using t-shark to capture my log on my host and I would like to capture a port scan attack while I am doing my normal stuff on my host like surfing the net.I plan to identify the...
View ArticleSplunk randomly extracts 2 types of timestamp formats!
I have no idea what I missing here, just no idea and I have to admit, its killing me inside, I have been stuck on this for 2 weeks! for some random reason, Splunk decides to index all my timestamps in...
View ArticleSearch id update problem
I find that the search id is changes as time. I am not sure why it happen and how long dose it change once.
View ArticleCannot search customized field ...
I can search by the following field key,test_field=* and Splunk Web displayed the lists. Then I select the "test_field=testA"(so following keywords), but displayed no lists.test_field=*...
View Articlehow to add a global variable to a dashboard
I have a standard dashboard that I want to reuse 20 - 50 times for different applications (there will be some added customization per application). The search's/macros are standardized and I pass in...
View ArticleHow to reload HDFS file to Splunk index
When i use Hadoop Connect App to import hdfs file, and then i type $SPLUNK_HOME/bin/splunk clean eventdata -index chd_wb_001.I can not import the same hdfs file to splunk index again, below action is...
View ArticleDB Connect App Error Code 47
I have setup a MSSQL database connection using the DB Connect App, this database does have a specific port. When setting up the database, I can query the table list inside of the database from the...
View Articlesimple correlation
Hi, Basically, I'm trying to correlate 2 datasources with 2 fields. For example, I have datasource1 and datasource2 then I need to be able to return all field1 with corresponding field2. But I also...
View Articlecan I show less characters in my result table
I have a search using the splunk table commands, but the text in one fields is too long so that I can't see the whole result in one screen, is there a way to show only the first 30 characters in that...
View ArticleAdd custom timestamp issue
Hello ~I have a timestamp like175|20130513|03|1567||KR7010690006|10071943|11800|10|01|5673009 datetime 2013/05/13 10:07:19could you give me some help ? Thanks.What should I do date+time timestamp catch?
View Articlesearch on macro results
i'm using the active directory app and i'm trying to search on the fixed dns values. it requires the dns request to run thru the fix-dnsname() macro.eventtype=msad-dns-debuglog...
View ArticleSubsearch needed or can't use top :)
Hello,Given the following access logs generated by the same page:Input:http://mydomain1.com/q?L=5000 [ Referer header: http://mydomain2.com/some-page2.html ]http://mydomain1.com/q?L=6000 [ Referer...
View Articlecount by amount of listed events of one field inside a filed
Hi, I want to count how often a Specific field let's call it x is inside a file. The reason is to follow the flow. Therefore i use the transaction function to have one file per flow. Afterwards the...
View ArticleNewer Version of Application
Let's say I create a splunk application and I give it (the zipped up archive) to my splunk admin to install. A few weeks later I have a new build with some updated view(s) etc..What are my options for...
View Articlesaved search result not available for other user
Hello! I create a dashboard with saved search results as admin. I would like that the other user can see this dashboard with saved search results. I set permissions "read" for user for: dashboard,...
View ArticleSplunk Visualization
Hi Team,I need some information on data visualization part of Splunk ,how is it better than data visualization of other tools.For ex: Lets say i want to show data on a pie chart,so how is splunk's pie...
View ArticleIs it possible to have vertical text labels on chart x-axis?
...or do I need to raise an enhancement request?Allowing only horizontal text labels only on x-axis point labels means that more often than not for the kinds of things I am charting, labels are...
View ArticleHow to modify the time stamp format when i run a scheduled pdf?
I have a dashboard which has some 6 items as part of it.I have a scheduled to email the dashboard every 24 hours.The Dashboard name is "cpy001_daily_reports_"When i receive the email in pdf I see that...
View Article[SimpleResultsTable module] Input is not proper UTF-8, indicate encoding
Is this a bug in a SimpleResultsTable module?For example a dashboard:/app/Splunk_for_ActiveDirectory/secrpt_account_all [SimpleResultsTable module] Input is not proper UTF-8, indicate encoding ! Bytes:...
View Article