A user called "seguridad" created in Radius but already eliminated is still visible in Splunk console (see images below). Initially the customer was in Splunk 6.3. We upgraded, first to 6.5 and finally to Splunk 7.1.2, but the issue persists. Also, the folder of this user was eliminated from path $HOME/splunk/etc/users. Any idea of what else is missing to eliminate this user?
![alt text][1]
[1]: /storage/temp/256077-3.png
↧
Why is a Radius user who we've eliminated still visible in Splunk Enterprise?
↧
Replace third party server certificate while Splunk is running: do we need to restart Splunk?
We use a third party SSL certificate on our heavy forwarders.
1. I create my server cert by combining cert + keys + cacert > servercert.pem
2. I start up Splunk
3. Time goes by and my certificate is going to expire soon. I get a new cert
4. I cat together new cert + keys + cacert > servercert.pem and put it in the same file as referenced by Splunk configs
Question: Do i need to restart Splunk?
↧
↧
Failed to start KV Store process. See mongod.log and splunkd.log for details - Windows machine
I'm running into this issue consistently when ever I change the logon details of "Splunkd Service" to a domain account. When the service is running on Local System account, "Splunk DB Connect" is fine.
***I'm on Windows machine.***
↧
Unable to send Email_Using_Gmail
I have configured email setting with smtp.gmail.com:25 (Checked with 465 & 587) , enabled ssl and got email alerts for past few days.I didn't get any email from yesterday and I have checked the splunkd.log it shows the below error.Let me know how to resolve this issue.
ERROR:root:(454, '4.7.0 Too many login attempts, please try again later. t15-v6sm241001qke.74 - gsmtp') while sending mail to: kavin@xxx.com
↧
Splunk_TA_Windows to be installed on Linux machines
I am trying to get the windows events logs on Windows hosts by installing a forwarder and Splunk_TA_windows on windows machines.
1. Do I need to install the the TA on the indexer which is a Linux host?
2. Will the linux host be able to collect data?
Any help will be appreciated.
Thank you.
↧
↧
help on regex
hi
I would like to extract the field in bold with a regex
06/09/2018 - 14:23:01 -- End of installation of **ePO (5.0.5.658_64b)** EN
14:23:08 ./ Check Product Endpoint Security (10.5.4_64b) EN installation Status
../ Completed
.../ Not installed
could you help me please??
↧
Dashboard populated by a report never stops loading.
Hello Splunkers,
I have created a Dashboard that gets populated by a report (this report runs after hours) however, whenever I load the page this happens
![alt text][1]
[1]: /storage/temp/255056-adawda.png
The process bar is on 0.0% and will never complete on its own, however after I refresh (either the whole page or that single panel) it is completed and it get populated. Btw, the report has no data in it (search did not return any events), I wonder if that is the problem.
I have tried improving my Splunk deployment but nothing really seems to help, the reports load by itself without any problem the only issue is when I populate a dashboard with it.
Hopefully one of you have come across something similar.
↧
horse shoe meter visual limitation
when i have 3-4 horse shoe meters on a page, it works fine, but when i have more than 5 , then i get visualization error like below.
looks like there is some limitation here, any body has any idea on this ?
Error: Failed to load source for Horseshoe Meter visualization.
↧
i want a color a table cell based on the other column value
i have two column 1. version and 2. status.
my status column has value low, elevated and severe
so based on the status column i want to color version cell.
i dont want to color status cell field column. if status is low i want to color particular version column as green and vice versa
↧
↧
How to import non native python libraries like pyMC in Splunk?
Hi,
I am working on building some Bayesian model in Splunk which requires non native libraries to be imported like pyMC.
Has anyone tried out something like this and help me with ways to achieve this in Splunk? Also, I would like to know in which directory can I find the native libraries in PSC add-on.
**Splunk version 7.1.2
ML Toolkit version 3.4
PSC version 1.3**
Thanks!
↧
Is juniper QFX series logs manageable on splunk?
Hi All,
I am not familiar with juniper network devices, what I want to know is if the logs of Juniper QFX series manageable using Splunk? Is the Splunk add on for Juniper applicable to this?
Any help is very much appreciated, thanks in advance :)
Regards,
↧
How to add Icons inside a multivalue field ?
I need to add icons in a multi value field. what will be the best way to implement this , javascript or any other solution
my Table values are like these
EmpName Cost
--------------------------------------------
(Y) Tom Bert 1
(N) Harrison Ford 1
(Y) Dwayne 1
-------------------------------------------
(Y) Josnine 1
(N) Henry Casel 1
(Y) Lester 1
So for the example in the two rows wherever the Text (Y) and (N) i need to add icons inline to the text, something like indicators red , green.
Is it possible ?
↧
I would like to make table_row_highlighting.js loaded automatically.
Hi,
I have copied the "table_row_highlighting.js" and "table_decorations.css" in Splunk DashBoard Example and created new ones.
After that the javascript and css looks fine. And table row color and font are changed depending on the key value.
However the only table row color is not changed with the following situation although the table value font is changed.
1. open this dashboard first time.
2. do not change the input panel value.
3. drilldown to this dashboard.
After I do the above thing, table row color is changed.
I am thinking that there is a cause to happen this issue in the lines.
**###Original JS###**
mvc.Components.get('colortable').getVisualization(function(tableView) {
tableView.on('rendered', function() {
//Apply class of the cells to the parent row in order to color the whole row
tableView.$el.find('td.range-cell').each(function() {
$(this).parents('tr').addClass(this.className);
});
});
//Add custom cell renderer, the table will re-render automatically.
tableView.addCellRenderer(new CustomRangeRenderer());
});
});
**###myJS###**
mvc.Components.get('colortable').getVisualization(function(tableView) {
// Add custom cell renderer
tableView.table.addCellRenderer(new CustomRangeRenderer());
tableView.on('rendered', function() {
// Apply class of the cells to the parent row in order to color the whole row
tableView.$el.find('td.range-cell').each(function() {
$(this).parents('tr').addClass(this.className);
});
// Force the table to re-render
tableView.table.render();
});
});
});
Does anyone have an idea or advice to solve it?
I appreciate any ideas and advices.
Best regards,
↧
↧
how to pass the output of one query as search key to a subsearch?
I have raw events that look as below:
2018:08:22:22:39:51.731 myhostname 3:INFO MY_IDENTIFIER_TEST 548026790130303164 454
2018:08:22:22:39:51.731 myhostname 3:INFO MY_STR_METHOD_ACTION.COMPONENT TEST 548026790130303164
2018:08:22:22:39:51.752 myhostname 1:ERR1 MY_SERVICE_TYPE STRTST 548026790130303164 ERRMSG : Main problem: Sub problem message
=====================================
I want to create a table that have equal "548026790130303164" values in 2dn and and 3rd row.
need help in getting the right search query.
I want the three column table output like below:
548026790130303164 "MY_STR_METHOD_ACTION.COMPONENT" "ERRMSG : Main problem: Sub problem message"
↧
table cell background color based on the value
@kamlesh_vaghela pls help me in updating the java script.
related post [link text][1]
i tried updating my column namehere return _(['Desc1','Desc2','Desc3']).contains(cell.field); but its doenst worked
i have updated the javascript to my colum value but it doesnt works. pls help in updating the column
new column name:
presentversion
7.6.2.3|1
4.1.32|3
3.5.33.2|3
5.6.23|1
3.2.32|5
7.5.33|5
` require([
'underscore',
'jquery',
'splunkjs/mvc',
'splunkjs/mvc/tableview',
'splunkjs/mvc/simplexml/ready!'
], function(_, $, mvc, TableView) {
var CustomRangeRenderer = TableView.BaseCellRenderer.extend({
canRender: function(cell) {
return _(['Desc1','Desc2','Desc3']).contains(cell.field);
},
render: function($td, cell) {
var label = cell.value.split("|")[0];
var val = cell.value.split("|")[1];
if(val=="1" || val=="3" || val=="5")
{
$td.html("
"+label+"
")
}
else
{
$td.html(""+label+"
")
}
}
});
//List of table IDs to add icon
var tableIDs = ["my_table"];
for (i=0;i↧
Top Unix processes as per CPU
I am trying to build a dashboard for listing of 5 top unix processes by CPU by using macro Top_5_CPU_Processes_by_Host(*) as listed in following link:-
https://docs.splunk.com/Documentation/UnixApp/5.2.4/User/Savedsearches
Can someone please guide me how to use this macro search?
↧
if field A is null, count field B instead
How do I go about the counting the following scenario:
1) CALLVARIABLE3 and CALLVARIABLE6 both empty, do not count
2) CALLVARIABLE3 is empty and CALLVARIABLE6 has value, count CALLVARIABLE6
3) CALLVARIABLE3 is not empty and CALLVARIABLE6 is empty, count CALLVARIABLE3
4) CALLVARIABLE3 and CALLVARIABLE6 both not empty and has the same value, count CALLVARIABLE6
5) CALLVARIABLE3 and CALLVARIABLE6 both not empty but does not have same value, count CALLVARIABLE6
Sample raw data below:
XXXXXXXYYYYYYYZZZZZZ|RemoteApplicationData|("CALLVARIABLE1"="","CALLVARIABLE2"="152574786091","CALLVARIABLE3"="2021212324,N,0000000,000,0","CALLVARIABLE4"="000,000,0,0000000,S,4,1,071011,N,0","CALLVARIABLE5"="Z1525740000786091","CALLVARIABLE6"="2021212324,8889991234,8889991234","CALLVARIABLE7"="L_SPEAK_FREELY","CALLVARIABLE8"="A,D,01,C,0,0,0,0,1,0,00,002,0,G,0,1,0,0","CALLVARIABLE9"="","CALLVARIABLE10"="N,,","APPLICATIONDATA"="1`0`user.XfrReason`R`1`0`user.EndPtCode`X`1`0`user.LstPrmpt`PS1394`1`0`user.ANIMatch`T")|2018-09-26 19:03:11.808
Thank you in advance!
↧
↧
I want to monitor TIBCO iProcess Engine using Splunk ?
I know that Splunk does not support TIBCO iProcess Engine monitoring out of the box, but are there workarounds to achieve this ?
↧
Merge indexes after restore fail
Hi,
I recently had to re-install the os of the machine where splunk enterprise is hosted, I backed up my splunk server which included the index files. When the restore was done the every thing was restored except the index files. On starting the server, this caused all the indexes to be newly created but now only containing recent data.
Now I somehome need to merge the data from the backed up index to and index of the same name on the server.
I've tried renaming the backed up index, stopping splunk, copying it the index folder and restarting splunk. Splunk however does not recognise the new index and hence I cant query it.
Any ideas?
Thanks
↧
How to remove columns with 0 values in trelli charts
I have a query from which I make the following trelli chart:![alt text][1]
[1]: /storage/temp/256082-uongoingprojectsglobalsolutioncapture.png
I would like that each graph represent the bar with non zero values, how can I do ?
↧