LDAPsearch is not showing latest group membership
I have recently added a user to a group. When I query the user's AD object using ldapsearch, I can see his group membership, however the new group that he was added to is nowhere to be seen. What is...
View ArticleMac OSX 10.11.1 (El Capitan) & Spunk 6.3 - "Splunk's Little Helper" Startup /...
Yo Splunkers, I am a Splunk 6.3 user, supporting users running on Mac OS X 10.11.1. Yesterday I spent about 1.5 hours investigating and determining a work-around to "Splunk's Little Helper" failing to...
View ArticleHow to pass search results as a token to an ldapsearch withtout using xml or...
Trying to get a basic search of Windows event data to cross reference with fields from ldapsearch. I'm wanting it to take the value of a field (like Account_Name) in a Windows event and use it as a...
View ArticleHow to get large a JSON file recognized as JSON in Splunk Web and prevent it...
We're pushing a few different JSON files to our Splunk server via a Splunk Forwarder running on a different machine. With the smaller JSON file (https://gist.github.com/tleyden/d6d29fd5442c512405b6)...
View ArticleWhy am I getting Hunk "Error while running external process...Invalid option...
Why am I getting this error and how do I resolve it? In handler 'vix-indexes': [hdpprovider] Error while running external process, return_code=255. See search.log for more info[hdpprovider]...
View ArticleInput files have changed format, so how do I edit my configurations to keep...
Hi, Here is my situation (and I know it isn't ideal, but I have to work with it for now) I have scripts that pre-process log files to a standard format that Splunk digests. The format isn't really that...
View ArticleSplunk 6.3.0 search took very long and timed out error from peers: Buckets...
We recently set up a new Splunk environment with one search head, multiple indexers, and one heavy forwarder. They're all running version 6.3.0. We have data sent to the heavy forwarder that forwards...
View ArticleSplunk App for AWS: How do I configure inputs for CloudWatch logs on a heavy...
On this page: http://docs.splunk.com/Documentation/AddOns/released/AWS/CloudWatchLogs it says: *"To configure inputs in Splunk Web, click on Splunk Add-on for AWS in the left navigation bar on Splunk...
View ArticleEl capitan & splunk 6.3 & eventgen installation issue
Hi guys I am sorry, I am not familiar with english My question is why I met an error like below -------------------- 10-30-2015 11:19:42.191 +0900 ERROR ExecProcessor - message from "python...
View ArticleCreate a new field with cumulative count of a unique ID
IS there a way I can create a new field with a cumulative count of a unique ID? For example, currently i have created a transaction which groups events together as "trips", however I would like to give...
View Articlequery using multiple rex commands
I have a query - index="production" [search source="port-120" "Decision Received: REJECT"| fields x_reqid] | rex field=_raw "Req Id:(?<req_id>.*)" | rex field=_raw "cust ID :(?<cust_id>.*)"...
View Articlechange colour of whole panel based on single value result
Hello, I'm creating a dashboard using splunk 6.2.1 which will have multiple single value panels each with a value of YES or NO and a drilldown to a different dashboard. I am able to change the text...
View ArticleActivating Forwarder manually on Windows7
I have an issue with my forwarder in Windows 7 (32bit). After I installed Universal forwarder by .msi, indexer did not received any information from the forwarder. Below is what I get when I through a...
View ArticleShould I increase search head specs, add a new search head, or migrate to...
Hi all, We're starting to ramp up our usage of Splunk with a lot of extra data, eventually adding Enterprise Security, and people on other teams are starting to get into Splunk, requesting forwarder...
View ArticleAlert two levels of check - one to check if job has run other to compute count
hi I have a alert with multiple checks like below: 1> check if a job has completed , 2> if Job completed , calculate count of categories and calculate the count difference from today export to...
View ArticleIs there a way to use the result of a scheduled report to generate multiple...
I have 4 charts in a dashboard, ABCD|E , ABCD|F, ABCD|G, and ABCD|H. ABCD being the search condition. The only different in each chart is which value is being charted (E, F, G or H). Rather than...
View ArticleF5 iControl data collection issues [resolved]
A couple of things for people installing/configuring this app: These are over & above the instructions that come with the app: a) Ensure your...
View ArticleSplunk Enterprise Security 3.3.1: Notable Event Suppression "The provided...
I am trying to suppress an event "Account Deleted" and receiving the error "The provided search is not valid" when trying to save the suppression. This search works in a normal search window....
View ArticleSCCM App will not index Installed_Software and Malware DB Tails
Hello, I've recently installed the SCCM app and cannot get any of the dashboards to display info. The only data I see is from the 2 out of the box reports. In an attempt to troubleshoot this issue, I...
View Articleindexing multiple timezone data
We currently have 4 servers that send data to the Splunk indexer. Each server is located in different time zone, Our indexer is in CST timezone. We want to index the data in CST time. Is there anyway...
View Article