License used but no corresponding events in index
The license_usage.log on my license master indicates usage for the sourcetype MSExchange:2013:MailboxAudit but no events are returned in searches. ![alt text][1] ![alt text][2] I've run the above...
View Articlewhat Ciphers are being used to hit my sites?
Hello Looking to see what ciphers are being used to access my sites before i disabled them locally. thank you
View ArticleIngest CSV removing Top X Lines from file
I am ingesting a csv file from my server. I have tried many configurations on the props.conf to no success. Any assistance with what I am doing incorrectly. Props.conf [OpsCenter] INDEXED_EXTRACTRIONS...
View ArticleSplunk Rest API
Hi guys i am new to Splunk and i am currently creating a UI page for my app to let users set what port the APP is listening for to collect logs from remote server ![alt text][1] So far i am able to get...
View ArticleUse lookup file to match IP address from SPL query field to IP range in CSV...
I have a CSV file *ip_ranges* that contains a list of ip_ranges along with the appropriate tag for that ip range. The CSV file is in the following format (data is made up for this example): ip_range...
View ArticleHow to use "set diff" and "diff" commands to list out new values in a filed...
I have data which add new files every day. I want to compare today's data with previous day/week/month/year data and list out new files. Is it possible to list out? I have gone through Splunk answers...
View ArticleIs it possible to set specific user permissions to read only for dashboards...
I have generated several dashboards in our environment and I only need specific user to have access to each dashboards. Is it plausible to create a specific user list to access their specific dashboard...
View ArticleSplunk ODBC connection for SSIS package
Hi, The aim is to use splunk ODBC driver to connect to splunk from SQL Server using visual Studio (SSIS), run a search, export the results to a table in SQL Server. I was able to configure the ODBC...
View Articleeventcount - spanning over time
I'm attempting to write a search using eventcount command. I want to graph the number of events in my index/sourcetype per day over a span of 1 week. Can I use the eventcount for this? I'm not having...
View ArticleXML - sampleRatio default value
We will be building a lot dashboards very soon. We will likely use css stylesheets. Question regarding sampleRatio tag. If sampleRatio tag is not explicitly defined in the source of you panel, will the...
View ArticleQuestion with time chart and Round
host="*ESX*" NOT (host="GA*" OR host="WA*") | timechart span=1m eval(round(avg(Temperatures{}.CurrentReading),2)) by host Trying to get just 2 decimal places on the "Temperatures{}.CurrentReading" but...
View ArticleIs there an API call or CLI argument to update the password for the bind user...
I have a very large, complex Splunk environment and I need to update the LDAP BIND user password. With over 100 instances I need to update it with a script but cannot find either a cli option or an API...
View ArticleFixup Status Message is "Waiting 'target_wait_time' before search factor...
In Splunk 7.1.0 with Multi-site Index Cluster, I have a bucket that has been **pending** fixup for more than 1 hour. The Status message is "Waiting 'target_wait_time' before search factor fixup", but...
View ArticleReturn only events where field value is in lookup table
Hi all, I am running a search that returns many events. Some of these events contain a field value that is also in a lookup table I have uploaded. What is the best way to format my search in such a way...
View ArticleMicrosoft Office 365 Reporting Add-on Office 365 license
What is the minimal Office 365 license an accounts needs to pull Office 365 message trace data?
View ArticleWhy is the scheduled report showing 0 results but running the same search run...
Hello, I have 6 reports that have to run in a specific order to get the results I need for the 6th report which is emailed out. (It's very convoluted but with our data structure, it's the only thing I...
View ArticleWhat is a good replacement to monitor Active Directory with Splunk 7.x?
I am trying to monitor changes in Active Directory and found a number of ways to ingest data from AD. Splunk Add-on for Active Directory seems to be the big one but I am starting to think it is not...
View ArticleHow to Extract Named Capture Groups Using a Single Line in Props.conf
Trying to extract named capture groups in a txt file, with the stipulation that it must be done from a single line in props.conf. The exercise is designed to teach how to assign many fields/values in a...
View ArticleSplunk and ETL/Data Warehousing Functions
My customer has asked me to look into the ETL/data transformation capabilities of Splunk, in terms of SQL Server SSIS, Pentaho, Apache NiFi, etc. I've seen Pentaho linked before, but to be honest, I'm...
View ArticleVariable in default.xml?
Hi guys I have a question if I have the following default.xml nav search_view="search" color="#800000" view name="dash1" view name="dash2" a href="http://**$variable$**.domain.com"...
View Article