Cisco CAM table decoding -- any good suggestions out there? Plug-in won't do it?
Hi everyone, I'm puzzled by something that I thought would be simple: CAM table update decoding. The objective is to see in a very simple way any adds and deletes to the CAM table of a Cisco switch....
View Articlehow to tell if the splunk ufw is keeping up
Hi, I've been trouble-shooting a problem where files are occasionally getting missed in Splunk. The app creates a lot of files and a lot of data - they roll over at 50mb, about every 1-2 minutes. Just...
View ArticleQuestions on Splunk and Syslog-ng Server
1. What are the Splunk requirements to receive the data from Syslog-ng server? 2. What are the Syslog requirements to get the data from the cisco network devices? 3. What are the Configuration...
View ArticleHow to index host specific event logs?
Hi , The overall scenario goes like this , i have multiple Active Directory in my environment. I want to index all the event id from one AD whereas i want only few event id to index for a specific time...
View ArticleSplunk Enterprise Security: Some dashboards are populated with data, but why...
The treat activity dashboard won't populate in the Splunk Enterprise Security app, although other dashboards (not all) are populated like the protocol center, useragent, url length. I created a list...
View ArticleCan I click (or hover) in a timechart to highlight that point in time in...
(Grafana does this.) ...or do I need to write my own JavaScript to do this? Use case: I have a dashboard that contains several timecharts covering the same (time picker-based) period. When I see an...
View ArticleImprove search efficiency for my variance timewrap search?
Hi, I currently have a search that I use to allow me show day variances using timewrap. It works fine with low amount of data but I don't believe it is probably the best for efficiency. My aim for the...
View ArticleVersion compatibility of License Master
Hi, what is the version compatibility of license master with other components? I couldn't find any documents. Can anyone help me with this? Thank you.
View ArticleWhere to download Splunk for Nagios version 3 for Nagios 3.x?
We are trying to integrate Nagios 3.X with Splunk 6.2. Can you please tell us, where to download Splunk for Nagios version 3 with Nagios 3.x and add-on with proper documentation? Analytics for Nagios...
View ArticleJMX Add-on and Splunk Add-on for Tomcat: Why am I getting error "Failed to...
I have installed Splunk on a Red Hat Enterprise Linux 6 system from the zip package. I installed the JMX and Tomcat Add-Ons. The Tomcat instance I'm trying to connect to is on the same machine. I am...
View ArticleHow to fix error "Forwarding to indexer group default-autolb-group blocked...
How do I solve this issue through Splunk Web? Forwarding to indexer group default-autolb-group blocked for 100 seconds
View ArticleHow to check if a table rendered in an HTML dashboard before running...
Please forgive my newbie questions! I have an HTML dashboard with a number of Search Managers and Visualizations. Half the visualizations are Splunk Tables, and the other half are Highcharts. I am...
View ArticleTrying to upgrade Windows universal forwarders from Splunk 5.0.3 to 6.4, why...
I am trying to upgrade the collectors on a few Windows Servers because I had a security come back saying my version had some issues. The readme in program files says I have Splunk 5.0.3. I am trying to...
View ArticleHow to search the count of each Windows event code in my data and run...
Hello! I have some Windows event log data with 5 different event codes. I need to count by each of the event codes and then perform basic arithmetic on those counts. For example, event code 21 is...
View ArticleWhy does older iframe code sometimes not work after any change to a Splunk...
Hi I created a Splunk report and then embed it to get the iframe code which we use at the portal. If we need to change any thing in the report, I need to disable the embed and then do the change and...
View ArticleWhy do I get a different result from tstats when using the time range picker...
Using the time selector in search I run this search for yesterday (-1d@d to @d; aka 2016-04-17 EDT): | tstats count min(_time) as Min max(_time) as Max where index=main 2016-04-17 EDT is equivalent to...
View ArticleFor Splunk Enterprise, Splunk Light, and Hunk pre 6.3, default root...
For Splunk Enterprise, Splunk Light and HUNK default root certificates prior to 6.3 will expire on July 21, 2016 What are the suggested recommendations?
View ArticleHow to loop through all the values of a list, run the same search for each...
Hi, Here is an example. I have a list of IP addresses and for each IP address I need to find out all the hosts assigned to it during the past 7 days. The process for finding the assigned hosts for each...
View ArticleHow to search the last 90 days of BlueCoat logs for the top 100 websites?
This is the criteria I'm using: index=bcoat_logs sc_filter_result!=DENIED cs_host!="-" | stats count(cs_host) by cs_host | sort -count(cs_host) which lists all websites users are hitting, but this...
View ArticleIs it possible to use two base searches in one post-processing search?
I have a dashboard similar to this one:Multiple Base SearchesHosthosthosttrue index=_internal | eval count = 1 | timechart per_minute(count) as rate by host-10m@m@m index=_internal | stats count as...
View Article