user defined search time in a dashboard
I'm busy designing dashboards. I really like the ability to specify the time window which appears in the search app. Is there any way to add similar functionality to a dashboard? I imagine there would...
View ArticleMonitoring an entire folder with yesterday flagged files
Hello Splunk Experts,I have a folder that i need to monitored entirely: the folder contains a list that is represented by the following:namefile1_yyyymmdd.csv namefile2_yyyymmdd.csv...
View ArticleUnable to extract timestamp from a CSV file
Hi All, I'm trying to extract some reports form a sample csv file. the first two lines...
View ArticleExtracting XML data attributes from message field
I have XML data stored for an field in my Splunk events and am looking to extract an attribute contained within one of the elements For example, an event will look like LogName=Application...
View ArticleAppendcols Invalid Timestamp of Subsearch
Hello,i have two searches:Search 1: something | timechart max(xyz) Search 2: something | timechart count by host now i want to show both in one time chart. something | timechart max(xyz) | appendcols...
View ArticleSplunk forwarder not starting in HP-UX System
Hi I have installed splunk forwarder in HP-UX System. OS : HP-UX 11.23 ia64 Installed file : splunkforwarder-5.0.2-149561-HPUX-ia64.tgz But when i am trying to start i getChecking prerequisites......
View ArticleIntegrate Splunk with RSA
Customer already deploy RSA by sending syslog, snmp trap, WMI, and proprietary RSA agent to sent logs to RSA logger. How can we get those logs from RSA or can we tap before log inject to RSA.
View ArticleOPSEC LEA with CheckPoint: SIC ERROR 119 - SIC Error for ssl_opsec: Client...
We Installed OPSEC LEA on RedHat to connect to CheckPoint 75.40. The app is enabled and connected. CheckPoint shows that trust is established, but Splunk shows "waiting for data" instead of showing it...
View ArticleCorrelate between two source and displaying them on timechart (line)
I am tasked to correlate between two source (below) and displaying them on a timechart (line). Anyone has any idea how to do that ? I have got sourcetype="CurrentWeatherSGMap" and...
View ArticleCorrelation of weather and traffic accidents (timechart)
I have these data has anyone has any idea how to correlate the accidents with the weather (rain) ? I used these search source="ltaTraffic" Type="Accident" OR source="CurrentWeatherSG"...
View ArticleSampledata.zip is loaded but cannot be seen in dashboard
HiUsing the tutorial and adding the Sampledata.zip file, Splunk states that it saved/indexed the data successfully. However, on searching on the dashboard page the data is not shown. I have...
View ArticleHow I can use IP-reputation with snort alert logs?
hello:How I can use IP-reputation with snort alert logs?thanks
View ArticleSplunk is not running, and it must be for this operation. To start splunk,...
I'm trying to install the splunk forwarder on HP-UX 11.31. It seems to go fine, but every time I try to use the cli to troubleshoot it i get:$ splunk statussplunkd is running (PID: 27310). splunk...
View ArticleEach line of the text file needs to be appeared as an event
Hi All, I am new to line breaking concepts. I have made a text file as input to the splunk. I want each line as an event , but all the lines are displayed as an event. I had made following...
View Articletimechart problem..
When I put "sourcetype="splunk_member_info2" | timechart count" on SEARCH,the result shows monthly result. (Log is collected for about 5 years.)I want to see the daily result.is it possible?
View ArticleError in 'SearchParser': Hadoop Ops App
Hi,We are getting this error after installing "Hadoop ops" app.Error in 'SearchParser': Could not find macro 'hadoop_mr_summary_table' that takes 0 arguments. Expecting stanza name...
View Articleldapfilter: unable use fields returned by ldapfilter in subsequent operations
I am doing the following search on Splunk 4.3.6 search head: sourcetype="WinEventLog:Security" EventCode=5136 Class=groupPolicyContainer | eval DN=replace(DN,"}","},") | ldapfilter...
View ArticleUncheck Radio Button
Hello,How can I uncheck a radio button?I have this piece of code: -input- type="radio" token="operator"- -label-(un)Check-/label- -choice value="NOT">NOT-/choice- -/input-Once I made a search I'm...
View ArticleHow do I hash or tokenize a number when being indexed
Does anyone know how to hash or tokenize a number when collecting the data. My number simply is a 12 digit number like (123456789012). Thanks in advance! -Ben
View Article