Top X and rare events X in one Report without join
Hello,i have a search like: orders=* | transaction order_id now i want to see the orders who took the longest time (stats max(duration) by order_id) and the one with the fastest (same with...
View ArticleTabs in Tabswitcher show modules from other tabs
Hi splunkers! I have a structure like this:... <module name="TabSwitcher" layoutPanel="panel_row1_col1"> <param name="mode">independent</param> <module name="TimeRangePicker"...
View ArticleSetting time frame in dashboard search
I have saved a search in a dashboard and have it set to a specific data and time range. However, because I want the search to update the data pulled in every time I go onto the dashboard the way the...
View Articleprops.conf forcing a line break after a variable word
Please help Im new to regex and Im having trouble getting splunk to recognise the end of an event. Below is an example of how splunk is seeing the log files. The domain reference is part of the event...
View ArticleHow to remove duplicate column values in table?
I have a table that contains several columns. The table looks something like this:timestamp,region,product_number,status,count time1,americas,12345,done,5 time2,americas,23456,fail,4...
View ArticleBucket Mover
Hi,I upgraded splunk version from 4.3.1 to 5.0.3 and I noticed indexes are moved to frozen state.And after Upgrade, the log shows this: frozenTimePeriodInSecs not specified in config for index main....
View ArticleBest way to highlight a table row that has been updated in the last N minutes
Im trying to figure out the best approach to using css(?) to highlight a row that has been updated in the last number of minutes. Specifically this is around order processing. These orders have a...
View ArticleDynamically getting the column headers of a table for a Pulldown
What is the best way to obtain a list of column headers for a Pulldown module in Sideview Utils?I have a requirement to add a filter by the selected column for the dashboard users. They want to be able...
View ArticleExtracting multiple IP addresses into separate fields
I have an access log that always begins with at least one IP like:255.255.255.255 - - ...Using the interactive extraction tool made extracting it a breeze and created this:(?i)^(?P<ip_address>[^...
View ArticleMultiple Email Addresses
Is it possible to add another email account to my splunk account and if so, how?
View ArticleCreate new index without restarting Splunk indexer?
I understand that in the year 2013 it may be possible to create a new index without having to restart the indexer? If so which version and how?
View Articlehow do I pull in Tomcat logs, ie catalina.log' periodically
I've read many a post and either I'm just not getting it or it's just not the answer. I want to index the daily catalina log file (per each JVM)say every 5 minutes and of course only want those lines...
View ArticleShow averages for three different types of results
I need to show the difference between three different types of servers for example.CitrixServer TotalStartupTime OAIMFEP06 15.609 OAIMFEPV94 27.876 OAIMFEPT07 17446.984Virtual servers have 'v' in the...
View Articledbconnect and mysql
I have installed 1.0.11 recently and have the Oracle part working correctly. I am attempting to connect to a MySQL db. For some reason I am getting the error: command="dbquery", Error getting database...
View ArticleHorizontal bar chart w/ JSChart
Is it possible to have JSChart render its bars horizontally? I've looked over the properties here:http://docs.splunk.com/Documentation/Splunk/4.3/Developer/CustomChartingConfig-chartlegendand it looks...
View Articleestreamer process hangs on splunk restart
I am running an instance of Splunk as a heavy weight forwarder on a RHES fail-over cluster. When the cluster detects that splunk is not running it tries to detach the storage and reconnect to another...
View ArticleMonitor empty files?
I have a business need to monitor 0 kb files. I can get this to work using fschange, however with fschange being deprecated in 5.x this is not a viable option. I would prefer using monitor rather than...
View ArticleWhere do I start
Hi Friends, I am 1 day old with Splunk. So probably this is the most stupidest post ever made. Still, can somebody guide me where can I some free/dummy log files for practice and some guidance to keep...
View ArticleJoin two search results
I am trying to join two search results with the common field project. Here is an example:First result would return for Phase-I project sub-project processed_timestamp p1 sp11 5/12/13 2:10:45.344 PM p1...
View Articleput image from a website into dashboard help me !
Can splunk put image from a website that is updating every 5mins into a dashboard? How can I do that ? The image name will change every 5mins.
View Article