Possible to change permissions on all reports and dashboards?
I need to change permissions on all reports and dashboards to allow a new user role to only be able to read them. But I have over 400 reports. Is there a simple way to apply the same set of permissions...
View ArticleHow to ingest PCAP files into Splunk?
I tried to ingest the captured pcap files manually using the following documentation and I don't see that file being indexed....
View ArticleUnable to search for the first 10,000 event only
Hello, i'm trying to run a query but I would like it to stop at the first 10,000 events and I don't mean to display the first 10,000 events. The issue is that I'm building a front end for errors and if...
View ArticleAsk about splunk cookie modulation vulnerability and session fixing...
Hi Does the splunk have the following security vulnerabilities? ( in Splumk 7.1.2 ) ã…¡ã…¡ã…¡ã…¡ã…¡ã…¡ã…¡ã…¡ã…¡ã…¡ã…¡ã…¡ã…¡ã…¡ã…¡ã…¡ã…¡ã…¡ã…¡ã…¡ã…¡ã…¡ã…¡ã…¡ Threat Cookie Modulation Vulnerability (a vulnerability that enables the use of a fixed...
View ArticleBest Practice for saved serches and own APPs / TA
Hi there, we have a SH-cluster and index-cluster (and Dextra deploy-server). We defined some automatic lookup and searches on the SH-cluster. The permissions are set read to everyone so that event...
View ArticlePull syslog data from EC2 instance into Splunk
We're running an on-prem instance of Splunk Enterprise behind a firewall which (currently) does not permit ingress on ports 9996 or 9997. As such, I can't get EC2 syslog data in using the UF. Is it...
View Articlehow to combine multiple complex searches into 1 output table?
i think i didn't describe my question properly because i don't really have a ood grasp of Splunk Jargons but here are more details... this is search # 1 index ="12345" sourcetype = "system_database" |...
View ArticleHow to find out the index and sourcetype for AWS App dashboards
How to find out the indexes ans sourcetypes of the default dashboards in Splunk app for AWS .Most of the panels use the below macro `aws-description-resource( (aws_account_id="*") , (region="*") ,...
View ArticleAdditional indexed fields
Splunk generally index data based on _time. We have a use case where we want to retrieve results from summary index based on the batchid field. Can you please let us know what is the best way to...
View ArticleIs it possible to know from which heavy forwarder syslog event got indexed by...
Any fields in events or raw data holds information about HF through which it got indexed
View Articleis it possible to send splunk stored data on some filter condition outside of...
I have an application which has a rest service. Now I want to send some data FROM splunk to that application rest service. is it possible ?
View ArticleAre Data model acceleration searches distributed across Search head cluster ?
Hi, I have search head cluster with 3 search heads. I am trying to accelerate a data model. According to data model acceleration document, it is clear that there will be 3 concurrent searches executed...
View ArticleForecast Time series
Hi Ninjas, I have a query that looks like this: sourcetype="x" index=y source="z" host="S" | bin _time span=10m | stats dc(CN) as Actual by _time | lookup CN_Forecast_S.csv _time OUTPUT lowerBound pred...
View ArticleRabbitMQ Monitoring do not show results from queues
Hello, i'm getting the following results after trying to monitoring some queues on RabbitMQ with REST APP, and already enabled the plugin management, it's missing some kind of setup settings ? t...
View ArticleMultiple Domain Usage Stats Count
Hey there! I have three broad domains (many IPs associated). gotomeeting.com webex.com zoom.us I want to get the usage count for these three domains and compare them. I'd like to know the number of...
View ArticleCitrix XenDesktop app spiking CPU usage
Hello, I'm having issues with my Citrix XenDesktop7 app and TA. The forwarder (7.02, same as my enterprise splunk) doesn't seem to be the issue but after running procmon and resource monitor, I found...
View ArticleSplunk DB connection : Where to install in cluster
Hi We have setup Splunk cluster with following configration ; 1 Node : Master + License Manager 3 Nodes : Indexers 1 Node : Search head Can u please advise where do we need to install Splunk DB...
View ArticleHow to pull data from a lookup within a date range?
I created a lookup definition, account_admin, for a csv file that I have. ark_admin - file - Time,User,Source IP,Service Account,Action,Service Account Path,Server Connection, Message Here is a sample...
View ArticleHow to combine multiple complex searches into 1 output table?
I think I didn't describe my question properly because I don't really have a good grasp of Splunk Jargons but here are more details. this is search # 1: index ="12345" sourcetype = "system_database" |...
View Articlefiltering search to exclude all instances of field 1 for when certain results...
I have a search that brakes down some router alarms . my fields are Host_IP & Alarm What I'm trying to do is filter for hosts that only take a specific alarm and do not have certain alarms. these...
View Article