SA-LDAPSearch test connection error client.py u'ldap
splunk 6.4 and SA-LDAPSearch 2.1.3 I´m contantly getting an error while configuring ldap connect with the following message: "KeyError at...
View ArticleTrouble Loading Cloud lock App. Anyone familiar with this error
message from "python /opt/splunk/etc/apps/Splunk_TA_cloudlock/bin/cloudlock.py" ERRORhttps://127.0.0.1:8089/servicesNS/nobody/cloudlock/storage/collections/data/cloudloc
View ArticleHow to create a bubble chart?
Hi, I've calculated the amount of purchase actions grouped by the productId and the elapsed time (in minutes) after userregistration. productId | minutes | amount productA | 5 | 1500 ProductB | 10 |...
View ArticleSplunk Search does not return all event data on a field
I'm facing a very strange issue in my Splunk search. I have a data input coming from a REST API that returns a multi-level (nested) JSON response: ![REST API Response][1] The entity node has several...
View ArticleHow to write a search to only list servers that are sending logs to Splunk...
Hi, I have server message logs sending to Splunk. Eg 1000 servers sending logs at a time. Wanted to find a way to list only the servers which have two types of error appearing in its message files....
View ArticleSplunk roles minimum ensured search jobs
Even though Splunk allows us to set a role level concurrent search jobs limit it really does not allow us to ensure a role will have a minimum search jobs number allocated to it We need a way to...
View ArticleHow to search for top 10 with stats list and count?
I have the following search that looks for a count of blocked domains per IP: index=indexname |stats count by domain,src_ip |sort -count |stats list(domain) as Domain, list(count) as count by src_ip...
View ArticleHow to edit my search to return events with an IP that originate from a...
I have a search for my IDS / IPS systems feeding Splunk. I want to evaluate all the IDS/IPS events that have triggered and check any of the src_ip or dest_ip that originate from an embargoed country. I...
View ArticleWhy is one of my universal forwarders trying to contact the deployment server...
Hi, I have a configuration where many Universal Forwarders are managed by a Deployment Server. Today I installed a new UF on a Windows machine, and I have several problems: - in the internal log I see...
View ArticleSplunk DB Connect 2: Is there a way to get just new rows, not every row in...
When connecting to a database using Splunk DB Connect 2, is there a way just to get new rows? Otherwise, I get every row in the table each time I connect.
View ArticleWhy is Splunk DB Connect 2 not capturing the correct timestamp from our...
Any idea on how to fix the incorrect time stamp being changed or how to use Splunk to condition the timestamp? For some reason between midnight and 1am, Splunk changes the original data from a Sybase...
View ArticleHow can I use and centrally manage native Active Directory user accounts to...
All, I want to create dedicated admin accounts for users so they are not running as admin, except when needed. However our Active Directory team will only issue 1 AD account per user. I thought then,...
View ArticleSplunk 6.x Dashboard Examples: Where is the donut chart example?
I installed the Splunk6.x Dashboard Examples app, but did not find the Donut Chart example in https://splunkbase.splunk.com/app/1161/#/documentation. Where can I find it?
View ArticleSending alerts with details
I currently have an alert set to notify me on any mass modification files over 100. The alert only provides the User, Operation, Source and Count. I am now being asked to provide the details (what got...
View ArticleHow do I configure proper line breaking for my sample multiline event in...
Hi... I am using a Mainframe log which has different type of events. I am only trying to split the lines of events which look like below and no other events. How can I configure this using...
View ArticleWhy is geostats not showing data for all expected countries when the search...
Hello all, I have an issue trying to visualize data on a map. I don't have an extra plugin and is not a search by IP. Now, I'm trying to get the lat and log from a lookup and count the events per...
View ArticleWhen check-integrity reveals a bad bucket, do numbers for the bad slices get...
I'm doing research on Splunk. I don't have direct access the product. I saw in a Splunk-provided presentation that "a bad bucket result returns the bucket number and slice number for a changed...
View ArticleHow to search and alert if someone from a disabled user account list accessed...
Do we have some search command to check if someone from disabled user account list? We want to monitor unauthorized access to create a report and alert for this in Splunk.
View ArticleHow to delete events from a summary-index?
Hi, Is it possible to delete some events (not the full index) from a summary index? something like `| delete` command? Thank you. Giuseppe
View Articlemsg="A script exited abnormally" input=""C:\Program...
This error is reoccurring 100+ times a day. Don't really know where to start with this. msg="A script exited abnormally" input=""C:\Program Files\Splunk\etc\apps\SA-Utils\bin\dm_accel_settings.py""...
View Article