Join 2 tables and showing only the different fields
Hi,I have a situation with 2 tables each with 10 fields. There are a 3 common field in both table. What i am trying to get is a search that return the result of the 7 different fields in each table...
View ArticleCan we masking sensitive fields in Search time ?
Can we mask sensitive information in search time ?
View Articlefields that begin with a number
I have a bunch of fields that begin with a number, which Splunk doesn't allow, is there a way to put an alpha character in front in props.conf so they get indexed?
View ArticleSplunk for SQL stored procedures
Hi,I have a bunch of stored procedures in SQL which need to run at a particular interval and return results (They basically look for issues in different SQL tables). I need to create and alert based on...
View Articlecan splunk have different rows display diffrent color's
hi,there. Can splunk have different rows display diffrent color's under certain condition when using the table commands?
View ArticleNavigation Menu xml Match Help
In the Default Search Nav Menu I am trying to match all of my Active Directory reports so they are Nested in "AD Reports". All of the reports start with "AD ". The issue i'm running into is that other...
View ArticleUnable to use lookup
I have a problem, I configured a lookup table, defined it and set automatic lookup. When i tried to run a simple command sourcetype=csv-20 The error shows "Error 'Could not find all of the specified...
View Articlewhy splunk builds "endless" fields from json-events?
I have events in json-format as input and the events are recognized fine, but in smart-mode the automatic field extraction builds very long recursive fields. As an example I get the correct field...
View ArticleLookup table is invalid: Extra Commas?
I have a lookup table that I am getting an invalid error on. I believe its because there are extra commas in the data. The lookup table is two fields: codes and descriptions. The descriptions naturally...
View Articleerror in splunk list forward-server command
We ar trying to connect our forwarder installed on one of the windows server to splunk installed on another windows server. However spluink is n0t showing active forwarders connected. Even the splunk...
View ArticleCombining 2 different search results based on fields
Hello,I have 2 different searches for 2 different sourcetypes with field extractions. I'm doing the field extractions for search1 for xml data.search1:sourcetype=xmlapp | xmlkv search2:sourcetype=app2...
View ArticleNo login form after install
After install I cant get a login form, all I get is the logo (see screen shot) Tried in both Chrome and Firefox. A colleague got the same so its not a local problem. I then installed it on a VM without...
View ArticleDuplicate data because of file parts
Hi,I took 6 log files. The sum of events from all the log files is 10666.I added the log files into my forwarder node. When i checked the index: index=my_raw_index The data showed was 21332. Double of...
View ArticleTrigger shell script from dashboard button
I have a bit of a non-standard splunk question. I've been asked by a customer to have a button next to each result in a "dashboard" that would allow a use to click on it.This button would run a shell...
View Articlewriting to csv using java sdk affect performance?
Hi,I am exporting search results to csv using java sdk ,from then to mysql database.sometimes it is writing to csv and sometimes not.Searches are monitoring in real-time and triggeraing alerts and...
View ArticleSplunk for Cisco Network Devices
Hi AllWe currently have splunk installed, and have a fleet of cisco devices feeding syslog to it. This includes: Datacentre Switches, Switches, routers, firewalls, waas optimisers etc.Now splunk has...
View ArticleLog file not being forwarded / indexed anymore?
As someone new to Splunk would appreciate some guidance - whilst I had some success in that an inputs and outputs have been configured and I can now search data in the GUI - it appears data has stopped...
View ArticleDateParserVerbose - Failed to parse timestamp. Defaulting to timestamp of...
In my Splunkd log for one of our webspheres I'm finding multiple entries with;DateParserVerbose - Failed to parse timestamp. Defaulting to timestamp of previous event ...Please can anyone advise what...
View Articlehow to write in different outputcsv based on if else condition.
My search is : sourcetype="myagent" | spath path="EID" output=eid | spath path="AID" output="aid" |search eid=15 aid=450 |spath path="V{0}" output=op | spath path="V{1}" output=bit | spath path="V{2}"...
View Article