Splunk Add-on for ServiceNow: How to integrate F5 APM with SSO for...
I'm trying to integrate Splunk with ServiceNow. The add-on is failing to authenticate into the ServiceNow API. The access is through the F5 APM which provides the Single Sign-On. Did anyone do such an...
View ArticleHow are the Min and Max color settings determined for the Single Value...
Hello, In the new (6.3) version of Splunk, the single value visualization can be set with specific colors depending on a min/max range setting. **Questions:** How is the min/max setting determined? If...
View ArticleHow to troubleshoot why script execution is failing for the sendemail command...
My scheduled reports are not sent via email, any idea? 10-27-2015 17:05:02.217 -0600 WARN ScriptRunner - Killing script, probably timed out, grace=5sec, script="/opt/splunk/bin/python...
View ArticleHow to configure Splunk to recognize non-English month names during timestamp...
Hey community, I'm trying to detect the non-English (German) timestamp in a file, but Splunk has problems detecting the localized name of the month. A sample timestamp is: **26. Oktober 2015** (Notice...
View ArticleIs there a way to show a placeholder text/panel for a Hidden Panel on a...
**Description:** I have a dashboard with panels that do not load until the search completes via the following method:.......true While this is great because you don't have to watch a long running...
View ArticleCan the Universal Forwarder send logs to an AWS S3 bucket?
Hello, We would like to be able to have our universal forwarders that are installed on AWS instances, to forward logs/indexes to an S3 bucket(instead of an indexer). Our client will then use their own...
View ArticleData Retention - can we copy frozendb to tape?
Is it possible to archive frozendbs to tape and pull that data back for splunk to read at a later date? For example, I'd like to do something like this. All data has to be retained for 3 years. Warm /...
View ArticleHow do I edit my search to create a table of all currently logged on VPN users?
So after reviewing a number of Q&As on this site, I created the following search to track currently logged on VPN users: source="vpn.log" EventType="BROKER_USERLOGGEDIN" | eval n=strftime(_time,...
View ArticleIs the Splunk App for NetApp Data ONTAP available for Windows?
Is the Splunk App for NetApp Data ONTAP available for Windows version? The article I read mentions it is available for Linux X64 environment. Thanks Anand
View ArticleIs there way to add a warning message in Splunk Web saying the information is...
Hi I was asked to add a warning message in Splunk saying that the information is Proprietary. Is there some way to implement this? This is really important in order to comply with different company...
View ArticleHow to use the output from one search as input for another search?
I have a search that results in an IP address as the result with the field name **clientIP**: host=hostname SSL=TLSv1.2 | stats count by clientIP Now I want to take the results and use as a search...
View ArticleOur ISP sends us Exchange log files every hour. What is the best solution to...
Every hour our ISP send to us the Exchange logs file. What is the best solution to analyze this?
View ArticleHow can I optimize the performance of my search?
I am doing a simple search: index=pqr host=xyz* NOT TYPE="*ABCDE*" | fields X, Y | timechart limit=0 span=10m count, avg(X) by Y on a two week period. The search has been running for more than two...
View ArticleWhat is the curl command used on the deployer to apply shcluster-bundle?
Looking for a REST equivalent of this apply shcluster-bundle -target command: ./splunk apply shcluster-bundle -target https://10.75.4.105:8089 -auth admin:changeme --no-prompt --answer-yes I want to...
View ArticleHow to find the most searched index in splunk?
Hello, How to find the most searched index in splunk? This would help us to increase the hot/warm buckets for them. Thanks, Simon Mandy
View ArticleWebsense 7.5 Reporting
Has anyone imported data into Splunk from Websense Proxy in version 7.5. Unfortunately you cannot send to SIEM via Syslog and need to grab the data from the SQL Database. If anyone has done this, do...
View Articledata model - pivot calculations
Hi In the pivot i have two coulmn with number values I would like to create third column with ratio of those two compute coulmn. Is it possible?. I do not want to add to the search in the data model...
View ArticlePossible for the cluster master to have a different OS than the index cluster?
My Splunk environment has two indexers running on VMs with Linux OS, and I want to create an indexer cluster. My third VM is a Windows machine, and I want to use this VM as a cluster master for the...
View ArticleAre wildcards with tstats on accelerated data models not possible?
I'm running a search that is something like this: | tstats values from datamodel=foo When the datamodel is not accelerated, I get all my data. When it is accelerated, no data is returned. If i specify...
View ArticleMulti-value field from complex, flattened JSON array
Hi all, For reference, I've seen this Splunk Answer post, but it doesn't quite get me where I want:...
View Article