DB Connect TimeStamp Format
Has anyone successfully provided TimeStamp.Format in DB Connect for DateTimeOffset type (SqlSever)? The time is in UTC and looks like this (2013-05-15 04:26:24.249 -05:00).I know I can convert it into...
View ArticleAdvanced XML: Drilldown to flashtimeline without passing all values
I'm sure this is a simple question that's answered... somewhere, but I can't find it. What I want to do is drilldown from a chart and only pass the values before the first "|" to the flashtimeline. Is...
View ArticleSourcetype started indexing to wrong date - MDY to YMD
Hi All,I recently started having an issue with a few of my sourcetypes where they are logging to the wrong date. These sourcetypes were working fine for the last year and I have not found any changes...
View ArticleHow do index TAB delimited files?
I am looking to read into SPLUNK a tab delimited file. But most of what I see is key based Field Extractions (, space, etc.)Is there an example of how this might be done with TAB?
View ArticleEval does not work in a search query
The eval statement works if I run a simple query such as:*|eval n2=1+somefield|fields n2 But when I have it in the following query, which is what we are trying to achieve here, it does not give what we...
View ArticleHow to create a real-time search with rolling window for errors in log files,...
I have a lookup csv file which contains for each error code:intervalthresholdsome additional informational fieldsI would like to have a real-time search with a rolling window of the past day e.g.Start...
View ArticleEmpty scheduled PDF reports
I have a report that runs once a day that generates a PDF chart based on a view. When I load the view in my browser and click "Generate PDF" it takes approximately 3 seconds and the PDF is successfully...
View Articleeval and "|search" question
So I have a search that runs over a 4h time span that Only gives results when the number of event of one kind are as manhy as or more than the number of hours. I want to be able to run over any...
View ArticleHow to execute a saved and on demand search using REST API ?
How to execute a saved and on demand search using REST API ?
View ArticleProblem: Importing file of JSON data from Twitter results in one single event?
Hi, I'm having a problem importing JSON formatted data into Splunk. It's retrieved via the Twitter API, stored in a file, and imported into Splunk via the universal forwarder. The result is that I get...
View ArticleRe-index directory data after indexing into temp
I'm having problems getting splunk to re-index data. Here are the steps I've taken:Created a data input file from a shared folder on another computer indexed into test index checked the data, made sure...
View ArticleClik here to view.
Splunk PDF reports not loading properly - missing fonts
Hello,We have a scheduled pdf report that is delivered every morning but when trying to open it it throws an error about a font package that needs to be installed. The package is Adobe Reader X Font...
View Articlesetting hostname via syslog
Hi,I have a feed that is collecting data and resending it to Splunk via syslog. I'd like to extract the hostname from the message, not the device sending the message. If my feed was like this, and I...
View ArticleReturn value from separate fields
Hello,I'm looking for a solution to get data from two CSV files that will be used for a one-off search.I have the following data:CSV 1displayName=Full User's Name (e.g. "John Doe")ManagerRACF= The...
View ArticleDB Connect & Refreshing
Hi! I am using the DB Connect app to successfully bring in a SQLite3 database. This database gets updated every 15 mins. How do I refresh the database and the searches every 15 mins too. Currently I am...
View ArticleCharting results from top, and doing drilldowns?
I have a few searches / dashboards which give me basically what I want, mostly things like "top 5 alerts" reports from a network activity log. They work great in the Search view, showing the alert...
View ArticleExecuting a saved search and on-demand search using REST API
Hi all,I would like to execute a saved search and also an on-demand hard-coded search using REST API.While I found a way to execute a hard-coded search, I haven't found a way to execute a saved search...
View Articlecolor Table cells based on value (not just row colors)
I see how to color Table rows, however I would like to color individual cells within each row, based on the value in each cell. I note that Table's rowClass evaluates once per row, it'd be great if...
View ArticleHow to start a saved search using REST API
How to start a saved search using REST API URL?I can make a GET the saves searchs, extract the 'search' expression and run it using a POST.But I could not find any reference on how to start a job...
View Articlesplunk App for data power
hi,Is there any App available for IBM data power?Thanks and regards
View Article