Why am I getting "ERROR:root:code for hash md5 was not found." running a...
I am having an issue running a python script from my dev Splunk search head. I keep getting this message: ERROR:root:code for hash md5 was not found. I am running this on RHEL 6.7. I have checked and...
View ArticleHow to count a sum of events since a specified time?
How to count how many events are over 1 yr old? And better yet, how to show a pie chart comparing against the entire list?
View ArticleIs it possible to create submenus in the time range picker Presets menu?
In Presets we have 2 submenus: Relative and Other. I wanted to create a third menu. How do I do that?![alt text][1] [1]: /storage/temp/121262-duvida2.png
View ArticleTrying to install the TA-browscap add-on and the URL is not working for...
@dshpritz When installing this add-on: https://splunkbase.splunk.com/app/1021 I am not able to access the URL: http://browsers.garykeith.com/stream.asp?BrowsCapCSV How can I report that to get it...
View ArticleHow to restrict access for multiple types of logs and grant permissions for...
**The background:** I have multiple types of logs from multiple groups being piped into Splunk into 1 index The index=index1 The sourcetype=syslog **The scenario:** One of my groups wants to access...
View ArticleTicket analytics: How to chart open tickets over time like a "Burndown chart"?
I would like to show an Open Ticket Count over time. A kind of “burndown chart”. I’ve read around on the KB, but there seem to be quite a few people who have faced this issue over the years, but no...
View ArticleSplunk archiving: how to reduce the number of buckets
I am using the Splunk archiving feature where events are archived to HDFS after a certain amount of time (23 days in my case) and then removed from the indexer after 26 days. This is all working but I...
View ArticleWhy does the Splunk Java SDK always return 500k results, but I get 800k...
The job returns 800k results in Splunk Web, whereas the Java API always returns 500k.
View ArticleSplunk Add-on for Check Point OPSEC LEA: After upgrading to Splunk Enterprise...
I just updated Splunk Enterprise to 6.4, but the GUI for the Checkpoint add-on seems to be broken now. ![alt text][1] It doesn't show any tables but the "loading" icon, see the screenshot. Did anyone...
View ArticleWhy does TimePicker have old/lag context data during change event?
I'm trying to set readable tokens based on TimePicker entries but the token content retrieved and processed always seems to lag by one user input. Any suggestions/workarounds would be appreciated....
View ArticleShould the Splunk App for ES Health Check be installed prior to installing...
Should the Splunk App for ES Health Check be installed prior to Splunk Enterprise Security being installed? Can it stay installed along side ES? I was just reading the app description and wasn't...
View ArticleView License Usage Beyond 30 Days
Unfortunately, the Splunk License Usage dashboard only displays the past 30 days of usage data. The usage log belongs to the _internal index and therefore it gets dropped beyond 30 days. After...
View ArticleHow to integrate IBM Proventia (XGS 5100) with Splunk
Can anyone tell, how to integrate IBM Proventia (XGS 5100) with Splunk ? I saw some document for integrating the Proventia with Qradar and other siem. In all these document they are using JDBC. Please...
View ArticleSophos events not "sourcetyped" according to inputs.conf
Hello to the community! I am trying to index Sophos events into Splunk but I am facing a problem. I have set up the XML file of the Sophos Reporting Interface, I have all the logs exported to a folder...
View ArticleMy Splunk missing index date
I'm using splunk to monitoring directories and in directories I've many sub folder such as /home/username/192.168.1.1/2016-03-01/(00-24)/(info.log.gz, err.log.gz)...
View ArticleIs search history replicated?
Hi, Testing out 6.4, and I noticed that the search-history feature is not replicated across SH. Is this possible?
View ArticleConfiguring inputs.conf to send data to specific Index
I have a Splunk setup defined like: Universal Forwarder ---->Heavy Forwarder ------>Indexer I need that all the logs hitting my Indexer should go to specific index. Which option is better: 1)...
View ArticleSegregate data base on IP Address
I am looking for the best solution for segregate data into multiple indexes. There are IP addresses (very vary) being generated into a file which need to be segregated into a specific index. The only...
View Articleexclude time from timechart alert
I am trying to setup alert based on time chart. my objective is check user login and if no user logged in for 1 hr send me alert. also I don't want to send me alert between 1am-5am because low traffic...
View ArticleSaved Search Doesn't Appear in Navigation on a Dashboard
I am building out the navigation bar for an app. It appears as follows:<nav color="#778899"><view name="my_dashboard" default='true' /><view name="search" /><view name="dashboards"...
View Article