Is there a way to add HTML markup and hyperlinks to the message field of the...
I used sendemail and map in a scheduled search and shift+enter to add linebreaks. Is there a way to add html markup, e.g. href hyperlinks to the message field of the sendemail command and have them act...
View ArticleHow to search the list of hosts in the "Other" category for a license report?
Hello All I was asked to provide the list of hosts that are reporting in the other category, in the licensing report. Please see the search below: index=_internal host=ebssplunk-lm.wv.mentorg.com...
View ArticleHow do I use regex to extract URL parameter field names
I want to extract the field names from a URL's parameters. For example my raw event might look like this: action=accept host=myserver timestamp=01/01/2016:12:00:00 src_ip=1.1.1.1 domain=mydomain...
View ArticleHow to monitor files, subdirectory, and file size, but not the file content...
Hi, Splunk FSchange is deprecated. Is there another way to replicate information of what fschange does? I wan to show events information like below: Thu Apr 07 17:07:00 2016 action=add,...
View ArticleSplunk App for AWS: How to create an alert to trigger every time the amount...
I am trying to get Splunk Enterprise to alert on changes to a security group with information that is being fed in from an AWS account using the Splunk App for AWS. I have the information being...
View ArticleHow to configure OKTA SAML2 authentication with Splunk?
Support for OKTA SAML authentication was just announced with Splunk 6.4: http://blogs.splunk.com/2016/04/05/splunk-enterprise-6-4/ Our team is very eager to get this implemented, however, we could not...
View ArticleWhere can I download the latest and greatest SplunkJS_Stack with the new...
Where can I download the latest and greatest SplunkJS_Stack with the new splunkjs/mvc/visualizationregistry mentioned in Splunk 6.4? This link still downloads the previous version without...
View Articlelookup on DB returning errorcode 1while using Splunk DB connect
i'm using Splunk DB connect v2 and while running below search i'm getting error search : sourcetype="audit" | lookup db_connect_adminuser profileId AS user OUTPUTNEW userName error : Script for lookup...
View ArticleAfter 6.4 upgrade every server erroring with: ERROR AuditTrailManager...
Since upgrading the search heads and indexers to v 6.4 (forwarders are still v6.3) the indexers are now logging in splunkd.log the following: 04-07-2016 11:11:15.221 +1000 ERROR AuditTrailManager -...
View ArticleMultiple time zones in props.conf
Hi, If I have multiple matching TZ references in my props.conf on my indexer which one does it use? Is it just the one that comes first? For the host in question, it's Windows Event logs are in local...
View Articleconvert time field
i have the last sync time for my activesync clients going to splunk via powershell input. ex: `LastSyncAttemptTime = 04/07/2016 21:49:08` this produces a text field that is not sortable or useable. i...
View ArticleShow splunk dashboard in external web page
Hi, Need to know is there any way to show the splunk dashboard in external webpage, which has other reporting stuff I want to include some of the splunk dashboard in that webpage itself. Instead of...
View ArticleWhat is the basic difference between the lookup, inputlook and outputlookup...
Good afternoon All, I am having a hard time trying to understand the difference between "lookup", "inputlookup", and "outputlookup". I am also trying to get a basic real world example of why one may...
View ArticleHow can I chart 24hr difference between Fields at exactly 7am over the last 7...
I am capturing events every minute. Within the events, there is a continuously compounding field: "FlowTotal_Running_B". At exactly 7am CT, I need to calculate the difference between the current value...
View ArticleCentering value in single value panel
Attached is a screen shot of a dashboard that we created. We would like to center the value in the panels. If you look at the screen shot below the second set of values are all centered in the panels...
View ArticleAlert skipped - out of search disk space
We are currently running Splunk 6.2.3. One user has created an alert which for some reason is being skipped with the reason "Out of search disk space". 04-07-2016 23:55:01.126 -0400 INFO SavedSplunker...
View ArticleColor code single value on other field
I would like to color a single value, based on a field value that is not the one displayed in the panel. I was able to do so previously using the classField option; however, since it is deprecated in...
View ArticleIs there an 32 bit linux download for splunk latest version 6.4
I am not able to find the donwload for latest version for 32 bit linux systems , I am seeing only 64 bit ... Is there an different location I need to look at , however when I go to the download page I...
View Articlei have upgraded splunk form 6.3.3. to 6.4.0 and came up with warning like...
upgraation from 6.3.3 to 6.4.0 leads to error and i couldn't access my web page ,,,any answers will be appreciateble.
View ArticleHow can I create a Dashboard to display only those domain User Accounts for...
Specifically, if an AD user account attribute "employeeType" changes from "NULL" to "Contractor", how can I detect/filter for that? Ideally I'd make a Dashboard to display only the User Accounts for...
View Article