Field Extraction
Hi I extracted a couple of fields from my input data. However, those fields are not showing on the Fields Sidebar. Though I can view them in the Manager>>Fields>>Field Extractions. What do...
View ArticleCount id per day
I have to count no of id but not per day but not repeated same id. I am trying this.index=*|stats count(id)
View ArticleHow to change the selected value in Pulldown menu?
I'm using LinkSwitcher to create Page1 and Page2. Inside these two pages, there is a pulldown menu called version and it contains value{"1.0","2.0","3.0","4.0"}. I would like to set the default version...
View Article[Sideview Utils] UI elements placement inside sideview multiplexer
I have two charts within a multiplexer module. When rendered, charts are placed one after another vertically for each element. I want to place the charts side by side (not vertically one after another)...
View ArticlePassing $foo$ value from a hidden search to HiddenChartFormatter
I have a hidden search that outputs a table with username information in the field UserName. Using $results[0].UserName$ I can display this information using Sideview Utils HTML module. How can I pass...
View ArticleCreating threshold alerts.
I had a request to provide the alert below and I am trying to figure out the best way to tackle it.run this query every 5 minutes and response time >2000 for more than 10 occurrences then raise...
View ArticleMonitor size and last modification only for a single file on Unix filesystem
We have some log files that we monitor as heartbeat for some daemon processes.These files contain a large level of verbosity and tend to be quite large.It turns out that we do not need to index the...
View ArticleDoes Splunk free license allow usage Splunk java SDK?
Based on my research free license doesn't have authentication process. I want to get connected to Splunk through java SDK but I am getting the following error. And this is my code:Note: I am running...
View ArticleUser Query count based on conditions
I've below line in my logs:[2013-01-15 20:06:51:641 GMT+00:00] INFO #new# userid=1234 chair_count=1 table_count=1 sofaAvailable=true [2013-02-15 21:06:51:642 GMT+00:00] INFO userid=1234 chair_count=1...
View ArticleAssign environment and role data to a monitor stanza
Hello, I am test driving splunkstorm and I am very new to the ecosystem. Here is what I am trying to do:I have web_host, magnet_host, db_host as kinds of machines. I have prod_tiny, prod_small,...
View ArticleSplunk could not get the description for this event - Splunk 5..0.2
Hi! Splunk is installed on the server Windows 2008 R2. It indexes the events that collecting the Windows Event Log Collector. Some events Splunk can not display: Message=Splunk could not get the...
View ArticleRestarting Splunk when Splunk is running as regular user
Is there a trick to be able to restart Splunk from the web interface when it is not running as root. Are there extra permissions that need to be set that are not covered here.
View ArticleHow to search events happened before a particular statement in the log file.
Hi,We are using SPLUNK in our organization (I work for AT&T) and I need to know how do I search any events before a statement in the log file. E.g. we have a statement in the log file - "Agent...
View ArticleRegex not working for event splitting
HiSorry I am a newbie to Splunk and the question may sound silly but the splunk regex that I used to split events in the file doesn't workprops.conf [3GPP] BREAK_ONLY_BEFORE = ^Session-ID:s...
View ArticleSearch Command to identify a Port Scan attack
Hi, currently I am using t-shark to capture my log on my host and I would like to capture a port scan attack while I am doing my normal stuff on my host like surfing the net.I plan to identify the...
View ArticleWMIでWindowsイベントログが取得できない
WMIでのWindowsイベントログ取得について教えてください。[データ入力] - [リモートイベントログの収集]から設定をしていますが、 対象マシンのIPアドレスを入力し、[ログのサーチ]ボタンをクリックすると、以下のエラーが発生します。データ取得に失敗しました: In handler 'win-wmi-enum-eventlogs': Unable to get wmi classes from...
View ArticleExtract IP address and user name for log
Im trying to extract the IP address in the [] and the user name which follows it. I tried a few different regex with no success., Any recommendations ?May 16 15:39:57 192.x.x.x Juniper: 2013-05-16...
View ArticleHow to differentiate between two side view utils table modules
I have two table modules defined in my view.<module name="Table"/> ..... ..... .... <module name="Table"/>I would like to add some styling to one of the table using JavaScript code. How can...
View ArticleLimit "Export" action to export only the fields that were presented to the...
How to limit "Export" action to export only the fields that were presented to the client using FieldPicker module with StrictMode param set to "True" When i export, all the fields from the search...
View ArticleExport Link
I am displaying the results of my search using simpleresultstable module, I would like to add a "Export" link in the panel to export the results to csv file. (Similar to the one in search /...
View Article