The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.
Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.
Forums: SplunkDev
Topics 1–20 of 125
| Topic | Author | Replies | Latest Post |
|---|---|---|---|
|
Multiple lookup in a dashboard
(Not tagged)
Greetings,
I am experiencing a problem by which may be due to the limitations of Splunk's dashboards than anything else.
I am churning through Windows 2008 AD data and I have various extractions to get more specific data (Account Name is mentioned twice in the event so you have to regex them ...
|
3
|
10 months ago... | |
|
external_cmd lookup problems
(Not tagged)
**Problem:**
I've been trying to get a custom Python script to do a lookup in a custom application, but I haven't been able to get it to work. I tried running it from the search bar by using the "lookup" search command, but it says that my "lookup table" ... "does not exist".
**Details:**
I ...
|
1
|
16 months ago... | |
|
REGEX issues
(Not tagged)
I am having issues getting REGEX to work my sample input is a simple two column csv for testing purposes (date,fakeip) the data looks like this:
8/31/2010 12:12:12,1.1.1.1
9/1/2010 12:12:12,1.1.1.1
9/2/2010 12:12:12,1.1.1.1
9/3/2010 12:12:12,1.1.1.1
my config files are as follows
**props.conf**
[c_netflowdata]
TRANSFORMS-foo=c_regex
Over ...
|
–
|
17 months ago... | |
|
API POST string question
(Not tagged)
I am using PHP/curl to pull information from Splunk via the API. I am to successfully create a job and retrieve its results by the job ID. My issue is with the post string when creating a job. When I search for something like "wmi_type=Memory" and look up the job id, the query is only for wmi_type. ...
|
1
|
17 months ago... | |
|
Dashboards - concurrency
(Not tagged)
I've build a dashboard which contains 6 single-value queries. For admin, this is fine, but for general users they are getting caught with the limit of 3-concurrent queries at a time. This is causing the page not to fully load for a standard user.
Obviously one solution is to up the concurrency limit ...
|
1
|
19 months ago... | |
|
Transform, but only when matching this RE
(Not tagged)
Hi,
I get lots of data from various systems via syslog. One of my systems sends me data that looks like this
HEADERTEXT: name=value;name=value;name=value.......
I have a generic transform written to extract the name, value pairs. The problem is, I have other data that looks like this
SOMEOTHERHEADER: ...
|
–
|
19 months ago... | |
|
Runtime data for Reports
(Not tagged)
I want to define some 'off the shelf' reports.
As part of the report title, I want to add in todays date. I can't see any way to do this.
Any clues?
|
1
|
19 months ago... | |
|
Multiple drillDown targets
(Not tagged)
Hi all,
I am displaying tabular info and want to redirect to a view dependent on the column the user clicks.
Basically I have three scenarios
1) If column clicked is A then redirect to a search in viewA taking the column value as key
2) If column clicked is B then redirecy to a search in viewB ...
|
–
|
19 months ago... | |
|
Any examples of HiddenPostProcess?
(Not tagged)
We're building dashboards both with the simple elements and the view element. In neither are we having any luck using PostProcess.
I see Splunk.Module.HiddenPostProcess in the modules list, but I can't find any documentation or examples.
Stepping back, what I'm trying to accomplish first ...
|
7
|
20 months ago... | |
|
Expanded use of rangemap.
(Not tagged)
Greetings all,
I know that it is possible to generate coloured backgrounds using rangemaps with the SingleValue module and css, however, has anyone implemented a similar thing on a SimpleResultsTable? I know that there is a heatmap, but I require something with a little more flexibility. Possibly ...
|
2
|
22 months ago... | |
|
Custom Event Rendering
(Not tagged)
Hi,
I was using custom event rendering before 4.1. Now it doesn't work, the structure has been changed, but the documentation (http://www.splunk.com/base/Documentation/latest/Developer/EventRendering)
lacks important information
1. where should the custom html be placed? In <app>\appserver\event_renderers ...
|
3
|
22 months ago... | |
|
Drill down and timezone problem
(Not tagged)
Hi,
The version i used is splunk 4.1, and it was installed in a server in the USA.
I created a dashboard with a timechart with a query "eventtype=ERROR | timechart count".
A user in China picked the time from 2009-12-06 23:40:00 to 2009012-06 23:42:00 to view this dashboard. But the timechart ...
|
4
|
22 months ago... | |
|
Using extracted fields in REST api
(Not tagged)
Hi,
this is my scenario
i have many logs indexed, and i also have a few fields extracted in the application level (like log-level , source-component etc) (search time extraction not index)
for some reason im unable to use the REST API and use these fields for search while i have no problem doing ...
|
2
|
23 months ago... | |
|
SplitModeFormatter question
(Not tagged)
Hi,
When using SplitModeFormatter a dropdown appears in the panel, how can this be hidden?
thanks!
|
–
|
23 months ago... | |
|
Cannot retrieve all savedsearches via saved searches endpoint
(Not tagged)
I am attempting to create a custom command that will list all savedsearches. The problem I have is that only a fraction of the searches that are visible in splunk manager appear under the services/saved/searches endpoint.
[Revised on Tue, 06 Apr 2010 00:04:13 -0700]
I only get about 30 searches ...
|
5
|
23 months ago... | |
|
API reference docs?
(Not tagged)
Does anyone know where the REST API docs are?
I have a printed (pdf) copy of the "Splunk Developers Manual" back from 4.0.5, but I was hoping to get the most recent version. It looks like the manual was updated and reorganized, but now the API reference material has been moved or removed... Any ...
|
8
|
23 months ago... | |
|
Displaying results with hyperlinks
(Not tagged)
A view was created to search and display results in the SimpleResultsTable module. On each row a hyperlink needs to be created which can redirect to another view.
All the hyperlinks would call the same view, however I want the ability to pass values from the current row to the other view.
With ...
|
2
|
23 months ago... | |
|
Search Form - Cannot save/export results via 'actions'
(Not tagged)
I recently created a search form for my department that allows them to lookup application session Ids.
The form works great, but the option to save results or export results is not available via the 'actions' menu. Does anyone know why that's not the case? Is this a limitation within a search fo...
|
1
|
23 months ago... | |
|
splunk-labs
(Not tagged)
I was very excited to find
http://code.google.com/p/splunk-labs/#
and then noticed this part:
**Available SDKs
Splunk Server 4
SDKs for version 4 have not been released yet.**
Does anybody know how well the 3.x SKDs work with 4.x?
|
–
|
24 months ago... | |
|
Create Flash Dashboard
(Not tagged)
Hi,
I need to build custom flash dashboard/search graphic, I'd like to know if there is a help tutorial related to this because I can't find one.
I'd like to know how the flash file receive data, which kind and which data, from where etc?
Thanks you
Pat
|
3
|
24 months ago... |