Why is one of our Linux Splunk 6.x forwarders reporting "Detected system time...
One of our Linux hosts running a Splunk 6.x forwarder is getting an excessive number of messages in splunkd.log: 04-28-2016 21:39:18.560 -0400 WARN TimeoutHeap - Detected system time adjusted backwards...
View ArticleIs there a recommended configuration for syslog-ng log rotation and blacklist...
Hello All, We have a Splunk server setup for monitoring our Cisco WSA server using *"Cisco Web Security Advanced Reporting"* add-on, which is currently the only source sending files to this Splunk...
View ArticleHow to set up a drilldown from a single value panel to a table?
Hi All, Below is my requirement: I had single value attributes in my dashboards like Total Approved Pending Cancelled 100 25 50 25 Searches: I kept drilldown. If I click on "50", I should see 50 events...
View ArticleAMQP Messaging Modular Input: How to troubleshoot why RabbitMQ AMQP data is...
Hi Team, I have set up an AMQP Messaging data input to collect data from our RabbitMQ instance. The input appears to be configured properly, however, the only way to get messages from the queue is to...
View ArticleWhat are the minimum set of capabilities to log in to Splunk and search an...
I want to create a standalone user role to access a single index for search only. I do not want to inherit any existing role. What are the minimum capabilities required to do this?
View ArticleSplunk DB Connect 2.2.0: Why am I getting "AttributeError: 'dict' object has...
After installing Splunk DB Connect 2.2.0 I'm getting External search command 'dbxquery' returned error code 1. Script output = "AttributeError: 'dict' object has no attribute 'user' independent from...
View ArticleHow to run a brute force attack test on application username and password?
Hi, We have a requirement from our security team to test the brute force attack scenario against user name and password of our application using THC Hydra password cracking tool We are using https (...
View ArticleSpunkJS using client side sdk Authentication failed
I've been following the Splunk documentation on how to use the client sdk. I've created an express js application by using a generator. I'm planning on using the REST API on the website I'm hosting,...
View ArticleAll time range picker options under Presets on my Splunk 6.2.5 dashboard have...
Hi, We have the Splunk Enterprise 6.2.5 and my dashBoard has a problem in the time range picker presets menu. When I click in the tab, I can't see anything at all under presets. All options have...
View ArticleAfter installing NMON Performance Monitor for Unix and LInux Systems on Linux...
First of all, this is a great app, thank you! This is version 1.6.15, according to the home screen of the nmon app. When I install the TA on a Universal Forwarder and reboot, I'm presented with the...
View ArticleIs there any reason to use Perfmon over WMI on a universal forwarder when...
Is there any reason to use Perfmon over WMI on a Universal Forwarder when monitoring local data? Perfmon gets it's data from WMI anyways, so why add the extra step of using Perfmon when you can just...
View ArticleWhen I navigate to my app in Splunk 6.3, why am I directed to the Splunk DB...
Hi Everyone, I have an app called abc on my Splunk 6.3 and I also use Splunk DB Connect 1.2.2. When I go to abc (i.e. go to splunkserver:8000/en-US/app/abc/home) I get the page of Splunk DB Connect....
View ArticleQualys Technology Add-on (TA) for Splunk 1.0.3: Why am I getting "Error -5...
Since updating to version 1.0.3 of the Qualys Technology Add-on (TA) for Splunk (Running on a dedicated "API Forwarder", a standalone Splunk 6.4.0 instance that forwards data to my indexers), I can no...
View ArticleWhy am I getting error "global name 'ssl' is not defined" when Splunk invokes...
I have a simple bash script that I've configured as the coldToFrozenScript: set -e set -u if [ $# -lt 1 ]; then echo 1>&2 "usage: $0 " exit 1 fi bucket=$1 index=${bucket##*/} echo 1>&2...
View ArticleHow do I run a Linux or Python script to load files into Splunk?
I have been looking for ways to load files into directories and access them by running scripts, either Python or Linux. Can someone answer where exactly does Linux scripting or Python fall in place?
View ArticleSubtring from url field and then group using the url
I have a field "BackendURL" which contains different url's. for eg : http://abc.com/emp?name=jim&no=101 http://abc.com/emp?name=tim&no=102 http://gef.com/vehicle I am trying to generate a...
View ArticleRapid7 App for Splunk Enterprise: How to change the "default" index so that...
When installing the Rapid7 App, I added to `$SPLUNK_HOME\etc\apps\rapid7\local\inputs.conf` under the [monitor] stanza `index=nexpose_index`. The data from the lookup tables is properly indexed into...
View ArticleHow do I join my epO events with my user login events?
I am trying to alert on when a specific user logs into an affected / malware not cleaned machine. I am using the following search, but can't seem to get the join to work. All I see are the signatures...
View ArticleHow to change default time range in the pivot window?
I'd like to change the the default time range in the pivot window from "All time" to "Last 24 hours" for instance. The reason is I'm working with a very large deployment and pivoting on a large data...
View ArticlePivot dashboard views not working for admin role user
Hi All, I have created dashboard views using data model (using pivot queries) as admin users. When I log in using user which was added as admin, have given that user admin role, the views are not...
View Article