Dynamic SNMP OID - Convert ASCII number to Text Value
Let me start by admitting there are likely a half dozen better ways to ingest the data but I don't have access to change that, thus I must learn how to manipulate what I have. Goal: Take a dynamic set...
View ArticleCurrent Month Estimated Billing not displaying Account ID in drop-down
Unable to get billing details in Splunk App for AWS. I have configured the billing input in Splunk Add-on apps. [1]: /storage/temp/252263-capture.png
View ArticleERROR TcpOutputProc - LightWeightForwarder/UniversalForwarder not configured....
07-18-2018 21:20:40.725 +0000 WARN X509Verify - X509 certificate (O=SplunkUser,CN=SplunkServerDefaultCert) should not be used, as it is issued by Splunk's own default Certificate Authority (CA). This...
View Articlestrptime returns negative number in
I have a drill-down in this dash board. ..... eval Date=strftime(_time,"%m/%d/%Y") .... table Date,queryHash........ ...... strptime($row.Date$,"%m/%d/%Y)...
View ArticleHow do I set an alert out of a search query?
Hi, I have this search query: tag=NginxLogs host=www* |stats count by status|eventstats sum(count) as total|eval perc=round((count/total)*100,2)|where status="404" AND perc>5 In the result...
View ArticleHow to restrict timerange in tstats search within query?
I have a `tstats` search panel on a dashboard and I'm trying to limit the timeframe for this particular search (separate from the shared time token). I tried using various commands but just can't seem...
View ArticleSendmail command in query doest not popoulate the Dashboard
I am creating a dashboard with mail to button in it, in the query I have inserted the **sendmail** to command at the end. The observation is If I have the **sendemail** at the end then visual table...
View ArticleBrute force detection
This is my search for detecting brute force behavior- index="wineventlog" sourcetype=wineventlog:security | stats dc(action) as Attempts, earliest(_time) as FirstAppearance...
View ArticleIs it a problem to add a new input at the same time your are already...
Hello everyone, I am having a problem which the `_time` is being populated with wrong date and time even if it is well specified. I tried many approaches to isolate all the variables and noticed that...
View ArticleStats to use for comparison for present VS previous time
Hi, I have below search string: index=XYZ | eval ip = mvindex(split(ip_address,"/"),0) | lookup ABC IP as ip | stats dc(vuln_id) AS Total by os_name, vuln_id, Organization, Group | lookup XYZ.csv...
View ArticleSingle log is getting split into two events.
I am not using props.conf. So I guess it is the default behavior. Below is the single log: 2018-07-19 13:30:40.293 +0000 [http8080] INFO RequestFilter- { "transaction_id" : "aaaaaaaaawwwwwwww",...
View ArticleUF not connected with DS
Currently, one system out of three works . not sure why 2 are not getting connected and getting the below message. any help is appreciated 07-13-2018 20:02:09.935 -0400 INFO DC:DeploymentClient -...
View ArticleFetch config on initial startup (non-search heads)?
Search heads have a config option `conf_deploy_fetch_url` under `shclustering` in `server.conf` that causes them to, on startup, fetch the current config bundle from a deployer. Is there any way to...
View Articlei have configured s3 bucket logs on splunk heavyforwarder through splunk...
I have configured S3 bucket logs with input Generic S3 on splunk heavyforwarder through splunk add-on for AWS and given the index name,but all s3 bucket logs are going to splunk default index...
View ArticleRenaming fields from Permon CSV
Splunk v6.6.5 I have my Perfmon CSVs from my Domain Controllers imported into Splunk for a dashboard. When the CSV is ingested by Splunk, it associates the column values to the appropriate CSV headers....
View ArticleHow do I configure TA-mailclient?
I configured email messages in the `inputs.conf` , but I still can't receive email messages.I configuration file in this path:/opt/splunk/apps/TA-mailcilent/local/inputs.conf The configuration content...
View ArticleHow to you sort twice in chart?
I've created my graph but the data is in the wrong order. I want to be able to rearrange the columns. How would i do this? ![alt text][1] [1]: /storage/temp/252260-123.png
View ArticleRenaming fields from Permon CSV
Splunk v6.6.5 I have my Perfmon CSVs from my Domain Controllers imported into Splunk for a dashboard. When the CSV is ingested by Splunk, it associates the column values to the appropriate CSV headers....
View ArticleNOT Inputlookup not working
I am trying to perform a search and trying to add an inputlookup to filter information I don't need to know about. For example if I run the following query index=firewall NOT [|inputlookup...
View ArticleTemporary Memory
Hi, Is there an easy way to have a "temporary memory" that stores some variables when a query runs, and after each run it updates these variables so we can present these to the end users? An example...
View Article