Splunk Enterprise Security vs Splunk UBA
Hi, Is Splunk Enterprise Security and Splunk UBA totally independent apps/software? Do they depend on each other in any way? I'm looking to check out UBA but do not want ES. Regards
View ArticleSplunk Software - Release Code Names
This is an important one I know :) I told my 3year old daughter how buttercup (which she has several stuffed versions of now) is the mascot for splunk and that they name their software releases after...
View ArticleExtract unique values from a column into a dropmenu
Trying to extract unique values from a column and appear them in the dropdown menu index=main source=traffic_information | search * traffic_location | fields traffic_location | dedup traffic_location |...
View ArticleFinding duration between time stamps.
Hi , we need ot find duration for timestamps and the format looks like as below. max_time=1461593558.000 min _time=1461593258.000 Used below query to convert this to proper timeframe. index=datapower...
View ArticleHow can I specify TIMESTAMP_FIELDS for CSV file without HEADERS ?
I am loading **CSV file without HEADERS** in Splunk. File is getting correctly loaded in Splunk. For column names I have defined ‘FIELD_NAMES’ property in props.conf. I have set one of the fields from...
View ArticleMutilsearch command only returning results for second seach, however, when...
Hi, I'm on 6.1.1 and I need to interrogate two different indexes, so I thought the multisearch command would be up for the job. the first search is: index=a sourcetype=b f1!="" f2!="stuff" f2!="stuff"...
View ArticleIssue while configuring Splunk App for Unix and Linux
I have installed Splunk Add on for Unix and linux in my Server where i have Splunk Server setup. Installation is successful, but when i try to configure the App, after clicking the Save button nothing...
View ArticleHow to pulls logs using WMI by splunk universal forwarder
In reference to the following link: https://answers.splunk.com/answers/26743/can-i-index-wmi-from-a-splunk-instance-running-on-linux.html I want to know that How to pulls logs using WMI by splunk...
View ArticleWhy Splunk showme events outside the frozenTimePeriodInSecs setting?
Hi there! I'm trying to set up the buckets in one splunk deployment. I want to delete events greater than 1 week and for that I write the next parameters for some indexes inside the...
View ArticleCan't success with database lookup feature of DB Connect 2 App
Hi, all! Using DB Connect 2 I have created DB Lookup definition followed [this][1] steps. But i cant success with manual lookup. These commands: index=oracle_audit_trail | lookup...
View ArticleUse with Tenable Security Center
Anyone using this app with tenable security center? currently using version 5.2 of security center with nessus manager 6.5.6.
View ArticleHow to edit my regex for props and transforms.conf to extract all values for...
Hello, I have logs coming from one of my applications were the events are structured differently. I want to extract "user" and "action" from these events, but the logs don't have a consistent pattern....
View Articleomit text from an event
hi, i have log with 3 column ID....TYPE...... DESC 1.......A............Member Since **Year-2015** 2...... B............Member Since **Year-2014** 3...... A............Member Since **Year-2014** i only...
View ArticleHow do I extract these two fields from a string in my sample data?
Hello, I have this logs : Apr 26 12:49:09 10.30.245.203 Apr 26 14:49:12 MachineOne info tmm1[11869]: Rule /User_Agent :...
View ArticleSplunk Enterprise Security: Where can I find the incident review logs...
Hello: Can anyone help me in finding the Incident review logs? Will it be there in the Indexer or the Search heads? I tried doing an ssh to both Indexer and search heads, but couldn't find the...
View ArticleCreating an app
I would like to create an app with just a tab "search" and another tab with a specific dashboard (that I created). How can I do it? Someone have any step by step or template? Best regards, Lopes.
View ArticleCron for Last Business day of the month
I need to configure an alert to run on last business day of the month how to write the Cron expression for it ?
View ArticleHow to compare the value of a field with another displayed over time
I imagine this is a common use case, but I just have yet to be able to wrap my mind around getting the search string to give me what I want. I have two fields: **hostname** and **ap_loc**. I can table...
View ArticleHow to sum values in a table with a condition that compares columns?
Hi, I've got a table like this ts1 | ts2 | count | id 1461347440 | 1461347448 | 5 | 1234 1461347459 | 1461347452 | 10 | 1234 1461347455 | 1461347459 | 10 | 7899 I would like to sum "count" if...
View ArticleHow to extract multiple fileds from one regex
I try to extract several fields from my log but for some reason it does not work :( Here is my props:[ev_event] EXTRACT-sourceTask,groupName,virusName,targetUser,targetUserType,infectedObject =...
View Article