The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.
Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.
Forums: Posted by nclarkau
| Topic | Author | Replies | Latest Post |
|---|---|---|---|
|
Help with custom time manipulation in the GUI
In: SplunkGeneral
(Not tagged)
zoom out seems to anchor on the endtime which is an issue if we want to expand the search forward in ...
Sorry I should add: Should the times be pre-populated or is there a way to configure this to happen. Right ... It would be more useful if the custom time was pre-populated with the start and end times currently ... |
3
|
26 months ago... | |
|
Cannot retrieve all savedsearches via saved searches endpoint
In: SplunkDev
(Not tagged)
found it. i was using the entity.getEntities method to return a list of searches.
a quick check of ...
Got roughly the same number of searches back from this endpoint. There were some small differences in ... Hey thanks. I had thought it would be a namespace or user thing. I had tried the servicesNS method for ... I am attempting to create a custom command that will list all savedsearches. The problem I have is that ... |
5
|
26 months ago... | |
|
Seach app 'Searches & Reports' drop down too long
In: SplunkGeneral
(Not tagged)
I would have to agree with ytl.
The substring match helps but it is far from ideal. Being able to ...
|
8
|
33 months ago... | |
|
Some minor issues with convert and fields search commands
In: SplunkGeneral
(Not tagged)
it would be better if plus and minues were pure opposites and removing hidden internal fields was performed ...
I am not sure whether they are malfunctioning or whether I am misusing them... @@+++Convert@@ *| ... |
3
|
33 months ago... | |
|
Please add email notification for forum posts
In: SplunkRequest
(Not tagged)
and <code> tags
yes and preview!!! |
4
|
33 months ago... | |
|
How can we add a list of saved searches to a dashboard?
In: SplunkGeneral
(Not tagged)
Thanks Emma. You just introduced me to Splunk> Answers. I will add the python script I wrote, that lists ...
How can we add a list of saved searches to a dashboard? In Splunk 3.0 we used a search like this... | ... |
2
|
34 months ago... | |
|
Forum post preview
In: SplunkGeneral
(Not tagged)
Would it be possible to a preview option for posting to the forum? Thanks!
[Revised on Thu, 20 Aug ...
|
–
|
34 months ago... | |
|
Transactionsearch with subsearch
In: SplunkGeneral
(Not tagged)
Do you have 2 results each with procid or 1 result with two different prodid values.
If you have ...
|
6
|
34 months ago... | |
|
Application scripts not executable when deployed via deployment server.
In: SplunkGeneral
(Not tagged)
An example is the Unix app. When this app is pushed to a Splunk instance using the deployment server ...
|
–
|
34 months ago... | |
|
Index problem
In: SplunkAdministration
(Not tagged)
Once you get Splunk stopped search for .lock files under your indexes. Typically these are under $SPLUNK_HOME/var/lib/splunk/<index>/db. ...
You could try restarting the gui only though it does sound like splunk has an issue with the index. {{$SPLUNK_HOME/bin/splunk ... |
8
|
34 months ago... | |
|
Spanning columns using the dashboard.html template
In: SplunkApplications
(Not tagged)
thanks nick.
that is indeed what i am after. definitely agree that the new framework is better. i ...
I am attempting to port a simple dashboard component from 3.x that lists all the sourcetypes without ... |
2
|
34 months ago... | |
|
uNIX app feedback
In: SplunkApplications
(Not tagged)
happy to help provide feedback for solaris 9/10
another issue i found is with the "Physical Memory ...
Thanks. I fogot to mention that the rwason for the suggested change at the end of the firtst post ... I have found some potential issues with the Unix App under 4.0 Both issues are with vmstat.sh... 1. ... |
4
|
35 months ago... | |
|
Splunk and ESX
In: SplunkAdministration
(Not tagged)
Can you post your inputs.conf file?
|
10
|
35 months ago... | |
|
License expired
In: SplunkPreview
(Not tagged)
i would like to give some feedback very soon however my testing was interupted by the license expiry. ...
the latest preview release license expired on Dec 22nd The license in the preview release has expired... Can we have a new license or new preview or both ... |
7
|
42 months ago... | |
|
anatomize credit card numbers
In: SplunkGeneral
(Not tagged)
There are two ways you could go about this.
First you could anonymize the entries... http://www.splunk.com/doc/3.3.3/admin/Anonymize
Secondly ...
|
1
|
44 months ago... | |
|
issue using more than one field with the transaction command
In: SplunkGeneral
(Not tagged)
Case # 20061
using Splunk 3.3.2 i am getting an "unknown transaction" error when using the transaction command ... |
5
|
44 months ago... | |
|
Editting other users saved searches
In: SplunkGeneral
(Not tagged)
Perhaps I should clarify.
The URL I gave above works for any user with sufficient permissions to ...
bump Certain users (Admin group users by default) are able to edit savedsearches regardless of who owns/creates ... |
3
|
45 months ago... | |
|
Default timerange not honoured in 3.3.2
In: SplunkGeneral
(Not tagged)
hey thanks for the workaround. though it still would be good to have a configurable option.
i am ...
i suppose the max event results setting would help here. i am not sure how our users will take this ... i might add what is the point of a default time range now? can this be configured to revert to the original behaviour? It appears that in 3.3.2 the default timerange is not honoured. Instead searches without an explicit ... |
9
|
45 months ago... | |
|
Problems with the metadata command and 3.3.2
In: SplunkGeneral
(Not tagged)
so i think i have the answer. i found that we had dist-search enabled, since we do not use this feature ...
i tried that search and i still get the sourcetypes from the main index. i have tried a "clean all" ... has something changed or been broken in 3.3.2 with regard to the metadata command? We have several ... |
6
|
45 months ago... | |
|
Need help with regex search
In: SplunkSearchAndAlert
(Not tagged)
can you post some samples of the data set and examples of what you are attempting to match?
|
2
|
45 months ago... |