how to set multiple field depencies with nullUnlessFieldSet
in creating a custom setup page using an xml file, how does one go about setting multiple dependencies when using the nullUnlessFieldSet key?I see in the _helpers.js file the following widget =...
View ArticleCan anyone help me determine if this is a threat to my system?
Trying to determine and get spun up on a lot of the terminology in splunk. So I have some events that I was lucky to find in the logs, potentially their source is threatening as an exploit. Can anyone...
View ArticleUniversal Forwarder has to be on every machine?
The installer makes it seem like it is possible to pull data from another machine with the universal forwarder. Is this possible? I can't seem to find any documentation on how to configure this if it...
View Articleerrors when attempting to unzip/install pinger
first, I'm new to splunk (and to UNIX actually). building a POC for mangement. Downloaded pinger couple of weeks ago but never installed. now I'm ready. see that there is an update. I attempted to...
View ArticleSideView-Utils App IDownload
Hi,I'm trying to download the SideView_Utils pre-req for SoS. Unfortunately it appears that the SideViews tar file is "corrupt" - I can't install it through app manager an am not able to un-compress it...
View ArticleCalculate Packets per second (PPS) over 1st Quarter
Trying to calculate the Packets per second (PPS) for sourcetype=traffic during the 1st quarter of 2013. Understand the mathematical formula just having problem formulating the right syntax. Can anyone...
View ArticleSplunk stopped indexing when it came across a bigint number
I am using Splunk to import data from a mysql database using DB Connect App. I created data inputs for the same. Splunk is not properly importing and indexing certain tables. Both the tables...
View ArticleHow to assign a bug number to a source file with stack trace
New to Splunk. We want to see if we can search and analyze log files (from source) with stack traces and assign bug number to it (or tag it with bug number created with external bug DB). Not sure if...
View ArticleSplunk DB Connect - Tail input not updating
I'm connecting to an Oracle database using a tail input. I've gotten it all working, however, splunk shows that the last update is yesterday afternoon when I initially set it up. I know there are new...
View ArticleGoogle maps query not working
I've tried everything to get the google maps app to work, but I always get the message "No geo information found in results"I have tried the following:sourcetype="dbmon:kv" | eval...
View ArticleMultivalue delimited field extraction
I am extracting fields from tabular data containing headers with entries in props.conf like the following:EXTRACT-categories = (?i)^(?:[^\t]*\t){24}(?P<%FieldName%>[^\t]+) It is working as...
View Articlereplacing host values in a chart
Hi,I have a chart that works, but mgmt wants the host values to map to something more meaningful. Is there a way to do this? My search is this:index=coreops sourcetype=snmpinfo...
View ArticleClik here to view.
limit results in a cell
Greetings,I want to limit the results in a cell. More succinctly, I want to show maybe 10 values and then put the rest in "and xxx more values"
View ArticleHow to populate form input field with result from query?
I have a form with a bunch of graphs, and the form text input is populated with the text "cross.promo.getlist" by default:<fieldset> <input type="text" token="method">...
View ArticleWill | extract reload=true command refresh everything in props.conf?
Hi,I've got four indexers and two search heads in a distributed environment. I've got a new sourcetype coming into my indexers from a forwarder which hasn't been configured yet.When I define it in...
View ArticleHow do you specify which version of the REST API to use?
We've recently upgraded one of our Splunk Indexers to version 5.0.2The problem is that this specific indexer was servicing a legacy Ruby on Rails dashboard that created extremely pretty graphs using (I...
View ArticleAverage Field Value per Second
Hi there, I have a problem and think I know the cause. Looking for the work around. I am sending periodic logs to Splunk which contains count information and want to timechart the Fixtures per second....
View ArticleWhy is lsof_sos.sh not returning any data?
We have just deployed TA-sos to all search heads and indexers. Both inputs (ps_sos.sh and lsof_sos.sh) are enabled, but no lsof_sos source data is being received. Running the script manually, it...
View ArticleWhy isn't lsof / open files working in *NIX?
I activated *NIX, and it's collecting all other types of data about the system, but I get no data entries for lsof. The script runs correctly when I invoke it myself...
View ArticleTimechart into stats?
So... I have a weird one I can't seem to find much info on.I want to use the per_second() command, but i want a sum of it's results. The real scenario is complicated but for simplification lets say we...
View Article