How can I select a file in alert action?
I want to create an alert, in which I want to provide functionality of file upload. For that I want user to be able to select a file, just like we can select file by pressing browse button. I have...
View ArticleIssue while printing a report
Hello, When i am printing a report(which has filters, table and column chart), filters are overlapping on the table and some texts in the printed report are not aligned and some filter values are not...
View Articlecan DB connect be used to connect to RDS instances (oracle, MySQL and MSSQL),...
can DB connect be used to connect to RDS instances (oracle, MySQL and MSSQL), if so is there any documentation detailing the steps of integration. i am currently looking at multiple DB instances that...
View ArticleParser Error in HttpEventCollector
Hi Team, We are using httpevent collector to extract the data from boomerang.js. In recent days, we are receiving "Parser Error(per-token parser errors due to incorrectly formatted event data)" in...
View Articleunifi USG syslog to Splunk enterprise
Good Morning, I configured my Unifi USG to send logs to the splunk server on udp 514, created a receiver udp 514. I have verified the traffic is getting to the server but i am not seeing the raw events...
View ArticleCompare two search results in one chart
I would like to compare the result count of two search queries in one column chart (one column for each query and day) The two queries are: 1) `index=ex_prod sourcetype=backend /finish status:200 |...
View ArticleCheckpoint OPSEC LEA Add-On 4.3.1 "origin_sic_name=XXXX" not in the traffic...
Hi, After upgrade of the app to 4.3.1 I notice that I don't have in trafic log the info about origin_sic_name= For the sourcetype=opsec (for the other sourcetype, I have the info in the log) The field...
View ArticleHow do I remove fields from VMWare Add-on before indexing?
I'm currently receiving an excess amount of data from the VMWare app sample below and would like to only keep a few of the fields before being indexed. Is there a way to do this? _raw: vm-1111...
View ArticleHow to join using a wildcard from a lookup?
I have a lookup that contains host names with wildcards. I am trying to do a inputlookup to grab those host names with the wildcards and then join those host names to find all other hosts that have a...
View ArticleHow to generate several "chart / over / by" charts for each value X using...
Hello Splunk Community, I'm trying to build a dashboard that dynamically displays several bar charts based on each value of "Origem". Values: Origem, SentidoCanal, Metrica, Valor Chart should looks...
View ArticleOutliers Viz not loading
Hello Splunkers. I've downloaded the Splunk Machine Learning Toolkit. In Detect Numeric Outliers Showcase, I can successfully create a search, detect the outliers and see the "Data and outliers" graph....
View ArticleOutput Additional Sourcefire fields (description)
Has anyone been able to successfully modify which fields are exported from the eStreamer interface? I am specifically wanting to output the "description" field which sometimes contains a list of...
View ArticleWhich is the best approach to join two database tables in SPLUNK?
Hi, I have 6 database tables and I have to create dashboards depending on these tables. I have to use joins to get the data in the desired way. So I wanted to know what should I use: the SQL joins or...
View ArticleRegex on input change
In a dashboard, I have a dropdown input where the user can enter an IP address (customs value). I want to validate that the user's input is really an IP address/net and if not change it to 0.0.0.0/0. I...
View ArticleCan I restart search head servers from deployer ?
I have 3 search heads . can I restart those from deployer server using below command? splunk rolling-restart shcluster-members -status 1 Also My indexer cluster and deployer are on same instance . when...
View ArticleHow to join using a wildcard?
I have a lookup that contains host names with wildcards. I am trying to do a inputlookup to grab those host names with the wildcards and then join those host names to find all other hosts that have a...
View ArticleTranslating SID to Username via Lookup Table
I have a lookup file which contains various fields, including the username and corresponding SID (pulled from AD). I have a Windows event with data showing as User=NOT_TRANSLATED and Sid=(a value) The...
View ArticleSplunk Losing Web UI Access
Hi, Since upgrading to Splunk 7.1.0 from Splunk 6.5.0 I've been having issues with splunk losing access to the Web UI after some time. I restart Splunk via /opt/splunk/bin/splunk restart and it comes...
View ArticleScheduled report show 0 results but running same search run manually yields...
Hello, I have 6 reports that have to run in a specific order to get the results I need for the 6th report which is emailed out. (It's very convoluted but with our data structure, it's the only thing I...
View ArticleMonitoring Active Directory with Splunk 7.x
I am trying to monitor changes in Active Directory and found a number of ways to ingest data from AD. Splunk Add-on for Active Directory seems to be the big one but I am starting to think it is not...
View Article