How do I prevent multiple connections when I log in to Splunk?
Hi. Multiple people can log in using one ID/PW. When I log into Splunk, how can I prevent my login using the same account across multiple PCs? Thank you
View ArticleField Extraction from html tags
- Accepted 64399 56.32% I want to extract the field Accepted=64399
View Articlecount a field that contains special values and display it with others using...
I have a column named **Target** that contains several values where some ends with `@myemail.com` , but when I just used `stats count by Target`it became really messy as there are many email users. So...
View ArticlerestartSplunkd doesn't restart Splunkd
Hi, I am deploying apps from deployment server. Server classes having restartSplunkd=1 gets to stop when I deploy new apps but it doesn't start app. How does the deployment server send a request to...
View ArticleGsuite for Splunk logs error
I tried configuring the [GsuiteforSplunk][1] App. Configuration, authorization part and the google apps input all have been configured and saved. But I have issues receiving the logs in Splunk App. All...
View ArticleDisadvantages of Splunk Developer Licence
What are the Disadvantages of Splunk Developer Licence? Can it be used as SH or any other splunk component apart from standalone and what about licence usage?
View ArticleAfter the Upgrade to 7.0.3 the inputlookup command not working properly
The lookup file was working fine for long time (2 months) and contained 1000+ entries However, after upgrading to 7.0.3, it's not working properly. When run , most of the time throwing me errors like...
View ArticleSplunk installation Failure in windows 10 64 bit
Hi I have downloaded Splunk Enterprise 7.1.2 version and installed in my machine but I'm getting error during installation. Here I have attached information about my system and error wizard.Please let...
View Articlesplunk search produces different results when the same query is run several...
I run the query index=* tag=xyz customertype=abc action=failure sourcetype=abc123_winlog | dedup _time, user, src, dest in fast mode, for the last 7 days how can I get different results??? on day 4 for...
View Articleis there a rest query I can use to identify all logfiles being monitored in...
If I use the query index=* source=* | dedup source | table index source this appears to provide me with a list of all indexes and associated sources I am trying to find all logfiles monitored in my...
View ArticleSplunk alert/reports
i have a search head in eastern time and user is configured in Asia time. so if i configure a report/alert in which time the reports wil be executed. whether user time or search head time. so if user...
View ArticleCOMPLEX COLOR RULE
Hi I use this code in order to display the difference between the free space disk and the total space disk I need to create a color alert in the field when the difference between space disk and total...
View ArticleInputs.conf - use a variable
Hello all. I have a bunch of *nix machines which all mount the same shared file server location to write their logs (/mnt/logs for example). For various (mostly political) reasons, it will be very...
View ArticleCustom fields for CSV Input
Hi All, We have Splunk environment with Indexers clustered and many forwarders managed by Deployment server. We are monitoring some of CSV files of an application using Universal Forwarders. Now, Can I...
View ArticleLookup Table and Regex
Hi, I need some help with lookup table combined with regular expressions. I have the an apache log file which looks like: *25/Jul/2018:10:17:30.999;2.2.2.255;temp-prod.nl;https://finance.host.nl;GET...
View ArticleHow to construct columns with the same data, and then use these pseudo...
I want to get data ,as following ![alt text][1] How to construct columns with the same data, and then use these pseudo columns to calculate in splunk ? [1]: /storage/temp/252572-splunkquestion.png
View Articlesourcetype=WinEventLog:ForwardedEvents missing details
I've an WEC server which is forwarding logs to Splunk. I can see forwarded events coming in with sourcetype=WinEventLog:ForwardedEvents but specific details are missing while they are available in the...
View ArticleHow to exclude fields from LinearRegression command/use subsearch to generate...
Consider fit LinearRegression | fit LinearRegression "name2predict" from "f1" "f2" into "test_model" **Question 0** What are flexebilities defining the FEATURE LIST -- i.e. from "f1" "f2" ?...
View ArticleForward messages to different indexes based on the value of its field
Is it possible to forward messages to different indexes based on the value of message field ? And which forwarder is the most appropriate (Universal or Heavy) ?
View ArticleComplex Color Rule
Hi I use this code in order to display the difference between the free space disk and the total space disk I need to create a color alert in the field when the difference between space disk and total...
View Article