What is the best way to get Gomez Synthetic data into Splunk?
What is the best and efficient way to get Gomez synthetic data into Splunk? Specifically Transaction availability status and performance.
View ArticleWhat are best practices on setting the replication factor for X number of...
Need your help, We are trying to increase the number of indexer nodes in the indexer cluster for max availability approach. Can you please share the best Splunk replication factor vs number of indexer...
View ArticleHow to change the background color of the data series tooltip in a timechart?
The background color of the Splunk Web timechart tooltip is all black. Depending on the data series color, it is very hard to read the data series' name in the tooltip. Is there some way in CSS or...
View ArticleIs there a limit on the number of selected or interesting fields in Splunk?
Hi, I have a log statement with almost 100 fields. When searched, it doesn't show all the fields in Selected fields nor in All fields tab. Is there a limitation for the number of fields in Splunk? If...
View ArticleHow to set up an email alert in Splunk for Cisco Ironport ESA logs
We have a requirement that when using Ironport DLP feature, when a DLP violation is detected, we want to encrypt the email using PXE If TLS is not available. But we want to send our sender a...
View ArticleREST API Modular Input: How to make additional requests through a custom...
I'm working with the rabbitMQ API and trying to make additional requests through a custom response handler. We call the API/queues API which gives us all the queues. Then in the response handler, I'm...
View ArticleAfter upgrading the Website Monitoring app from 1.4.0 to 1.5.0, why am I...
Before environment: - Windows Server 2008 R2 - Splunk 6.4 - Website Monitoring 1.4.0 I can access the "Settings >> Data Inputs >> Website Availability Check". After upgrading to 1.5.0, I...
View Articleapplying different replication factor to cold buckets only
Does any one know of a mechanism to apply different replication factor to cold buckets only? I know R factor applies to all buckets but I need to know if we can break it hot/warm to be different than...
View Articleresolve IP to external hostname and list in in a field
Hello, I've been reading alot of posts here but I seem to be missing something because I'm not understanding. Search Rule ACCEPT | lookup dnslookup clientip AS src_ip OUTPUT clienthost as Hostname...
View ArticleNessus add-on error
I am getting this error while trying to integrate Nessus logs with Splunk: 2016-05-13 04:55:06,583 ERROR pid=9133 tid=MainThread file=nessus.py:get_nessus_modinput_configs:157 | Traceback (most recent...
View ArticleSplunk Add-on for McAfee 2.1.3: How to troubleshoot why no data is getting...
I can't figure out why no data is being indexed. The search I am using is from the template and I tested it on the heavy forwarder where Splunk DB Connect v1.2.2 is installed and as long as I remove...
View ArticleHow to troubleshoot why one of our users is not receiving email alerts from...
This is one of the example email alerts: __________________________________________________________________ Saved search results. Name: 'Cisco - Level 3 Internet BGP Drops (dcinternet02r)' Query Terms:...
View ArticleCisco eStreamer for Splunk: When there be support for Windows?
We are using Splunk on Windows servers. Also we have FirePOWER IPS. When we can expect Windows version for this app?
View ArticleHeavy Forwarder, License Exceeded and Log Rotation
Complex question here. I have the following set up: Universal forwarder[20G rotating file] -> Heavy Forwarder[props.conf, transforms.conf] -> Splunk Light [ 5G license ] I'm tuning the heavy...
View ArticleWhen a search is paused, is it terminated at a certain time, and does the...
If search is put in pause, how long will it stay in pause before being terminated? Does the search process stay alive when in pause? Does it count against any search concurrency when in pause state?
View ArticleTenable Network Security PVS App for Splunk: How to troubleshoot why field...
Greetings, I have a few PVS's coming through syslog via TCP. I have set index=pvs, sourcetype=pvs:internal (for these, there will be "externals" coming down the pipe in a few weeks) and the host=. I...
View ArticleSAML/PingFederate integration
newbie here - I am trying to set it up using the SAML Configuration Web UI. What is the format of the Entity ID in the SAML Configuration form? Thanks
View ArticleHow do I search for all current user searches?
I see a lot of searches when using top or htop on the Splunk server, but I don't see them when trying to search for all searches in Splunk Web.
View ArticleHow to configure a universal forwarder on a syslog server to monitor logs in...
I am interested in configuring a universal forwarder on a syslog server, and have a question regarding how the log data is currently being written. There are multiple sources which forward log data to...
View ArticleHow to integrate Remedy with Splunk to collect and report on ticket details...
I have Remedy and splunk in our environment. I need to view the remedy ticket details through a Splunk dashboard. How to Integrate Splunk with Remedy? How to collect ticket details from Remedy and...
View Article