ADFS SAML: IDP failed to authenticate request (6.4)
We have some trouble getting SAML to work with our ADFS. After a login attempt we are redirected to a Splunk error screen with the message: IDP failed to authenticate request. Status Message="" Status...
View Articleuse MAX in addtotals?
I need to add a maximum column for a set of fields on each row (created using chart ... OVER ... BY ... ), and then add the maximum of this into the totals row. Any suggestions on how to do this?
View ArticleHow to Backup and import Indexed data during Splunk upgrade?
We are running a distributed clustered Splunk system on version 6.2 we are planning to upgrade to 6.3 due to definitive requirements. As part of the upgrade instructions, it is mentioned to take backup...
View ArticleHow to configure Splunk to collect syslog and forward the raw data to a 3rd...
Hello We have 2 Data Center locations and each location has 3 indexers that collect logs from Universal Forwarders in each location. All indexers from the 2 DC locations are replicated for redundancy...
View ArticleHow to search for all events that happened one hour before any event from a...
Let's say there's a specific set of events I'm looking at (Events A). Now I want to write a search to return all events that happened one hour before any event in Events A. How can I do that?
View ArticleIs there any way to set a custom panel width without custom JavaScript in...
I have seen responses to use custom JS, but is there anyway in Splunk to configure it without custom JS?
View ArticleHow to configure inputs.conf to blacklist "Account Name" field for EventCode...
Splunk 6.2.6 inputs.conf blacklisting Viewed numerous blogs and answers on similar topics, but can't come up the correct string for my need. Also looked at the inputs.conf spec. Event 4656, the Account...
View ArticleHow to search if a string exists in a variable number of columns?
Hi, I have multiple columns (number of columns may vary) and wanted to search a string if it exists in any of the columns. How do I do this using a simple search? Log example: There are three...
View ArticleHow to alert if a Cisco device has not sent any logs via syslog to Splunk in...
Hello, Currently I have 50 Cisco devices sending logs via syslog to Splunk and use the Cisco App. Trying to figure out how to create one alert that can fire once or twice a day, that will report all...
View ArticleWhy am I getting these failed bucket replication errors on each indexer in a...
I have two indexers set for a 2:2 configuration for replication/search factor. All has been fine until a couple of weeks ago when an error crept in. The problem began before I upgraded the cluster to...
View ArticleAfter rebuilding a Splunk server, is there way to centrally tell all my...
Recently I had to rebuild our Splunk server. Luckily we had the config files so was able to get everything back up and running quickly. However, now all my servers have begun forwarding the logs in as...
View ArticleHow to write a search to display events that do not have a corresponding...
I want to write a search that returns results in a time frame that is conditional in this manner: Event A: If field1 = [unique_item {arbitrary ID: 000}] and field2 = [1] then [display this event] Event...
View ArticleHow to convert computer name to host name?
Hi We have environment where windows events are forwarded => windows Event Collector Windows Event Collector => Splunk indexer Spunk forwarder has been installed only on Collector server. In...
View ArticleNmon splunk app:Calculations for average are defying the logics of Math
Hi , We have installed the splunk forwarder to calculate the cpu usage on few aix servers. This is the stats observed in the following selection of NMON app: UI LPAR Pool, Pool Virtual CPU Usage (AIX)...
View ArticleUnable to index to Splunk server from MuleSoft
Greetings everyone!!! We were trying to integrate Splunk with Mulesoft. we already had splunk plugins in Mulesoft. We gave heavy forwarder IP and 8089 as port number. But we are not getting data in...
View ArticleHow can I use a unixtimestamp as a timerange filter like with earliest &...
Hi, my events have a field with epochtime which I want to use in the very first pipe to filter the search Of course I can do it like sourcetype=foo field<=1461110400 Is it somehow possible to use...
View ArticleSplunk for BlueCoat
Hi at all, I'm trying to ingest logs from BlueCoat Reporter and use them in Splunk Using the Splunk App for BlueCoat. I receive logs as files and I ingest them with no problems. Logs are summarized...
View ArticleIndex Routing based on _meta - Problems with REGEX
Hello, we followed the description given in the following .conf session to achieve Index Routing based on _meta Values: .conf 2013 - Splunk in a Global Banking Environment (I am not allowed to poast...
View ArticleWhy am I getting Highcharts errors "Cannot read property 'rows' of undefined"...
In my HTML Dashboard, I have implemented a few Highcharts charts and matching table elements. Their data is populated from the same search managers, meaning that each table and chart share the same...
View ArticleHow to edit my single regex for parsing multiple types of events in the same...
Hi All, I want a single regex for multiple types of events getting generated in my access logs. I have written the following regex for extracting fields from my access.log : ^(?P[^ ]+)\s+(?P[^...
View Article