How to connect to the Splunk Lab server?
I am getting below error when trying to connect to Lab server. Please help resolve this....
View ArticleEvents from FortiGate to Splunk
I currently have a FortiGate reporting events to Splunk through a TCP port: 601 (Reliable) and I getting some weird events that look like the following: RPY 0 0 . 0 52 Content-type:...
View ArticleIs there a way in Splunk 6 to add a UTF-8 BOM to exported CSV?
Searching for a solution that will allow you to add a UTF-8 BOM to exported CSV files. [Similar questions haven't been...
View ArticleSplunk Add-on for Microsoft Cloud Services: Why am I unable to upload a...
Anyone having issues with trying to upload a self-signed cert for this add-on? I generated a self-signed cert, and when I upload the file, I get the following message: Selected file is an invalid file....
View ArticleHow to write a search to find values similar to a certain string?
Case Scenario: The search string is "google" The results should find g0ogle, go0gle, gogle, gooogle, etc... I have searched all documentation and Splunk Answers. Any ideas?
View ArticleCan I deploy Splunk on an existing Red Hat VM?
I want to deploy on an already existing Red Hat VM. Will I be able to do this?
View ArticleHow to group by text within a field
I am trying to group by text within a specific field. I'm essentially searching a message content field called event. Within this event field, I am searching for specific errorCodes, but I also want to...
View ArticleIs it possible to update a target graph from multiple selections?
Is it possible to update a target graph from the selection of either graph A or graph B? Using this in Graph A & Graph B$start$$end$ Graph C then has:$selection_earliest$$selection_latest$ However,...
View ArticleCan't see the label on input fields when using dark.css with a form
When I specify , I can no longer see the labels on my input fields. Seems likely that the input fields have a color attribute of black, so I can't see them with a black background. What do I need to...
View ArticleImage Overlay with Icons based on value
Hello Splunkers. I know that I can have some single values over an image, as follows: (example from Dashboards for Splunk 6.X). ![alt text][1] However I need to display an icon based on values, instead...
View Articlehow to keep the earliest time as constant and latest as current time (now)...
Hi, how to keep the earliest time as constant(Say 12.00AM) and latest as current time (now)in splunk dashboard? requirement is without using timerange picker or token. My earliest time is fixed every...
View ArticleSaved search permissions with custom roles
This is all happening on a standalone Splunk 6.3.4 search head. (It's a development environment, so my very few forwarders are all sending to the one system.) I have a user, "resttest", who has only...
View ArticleFind missing ids from two searches using stats not set
I have an index with two 'transaction types'. Create and Offer. For each create, I get an ID and I want to find out all created Ids that do not get an offer. I am making multiple 'Offer' requests, so...
View ArticleCan't get results using _time in my search
I performed this search index=* source="WinEventLog:System" EventCode=3 host=jj1 | table host, _time, message and get the following results: jj1 2016-05-02 18:27:04 Service started. jj1 2016-05-02...
View ArticleLooking for new events
Good Day Everyone, I"m trying to construct a search that will search our weblogs over a one hour period and report on IP addresses that didn't appear in the first half hour. I would like to display the...
View ArticleData storage retention for 30 days of data
I have a 6.x environment and I want to configure splunk to only retain the last 30 days worth of data. How do I configure this for each indexer. I have 315 GB per indexer. I have 5 indexers. I only...
View Articlehow does keepevicted affects timespan, timepause
I'd like to understand how the keepevicted transaction flags is related to timespan It is pretty straightforward to understand how keepevicted affects when it is used with **startswith** (It includes...
View ArticleWhat is the default splunk user password in Unix after install?
I was having some issues and decided to change the splunk user password, but now I can't start my Splunk instance at all due to permission denied errors. I'd prefer not to reinstall but that might be...
View ArticleDoes Splunk meet 800-53 Audit Reduction requirements and a common Date-Time...
I am having trouble finding documentation that explicitly states Splunk's ability to perform audit reduction. I am also having difficulty finding out if Splunk meets the AU-8 requirement for a common...
View ArticleIs there a way to have different timescale for lookups than the actual search?
Hi, I am looking for a solution for this problem. I have implemented Lookup tables based on time and they are working fine. The issue I am having is that if the lookup table entry falls outside the...
View Article