character limit in field extraction using transforms REPORT
Hi, I have data in the KV format, for example: field1="100",field2="100:\"string\"",field3="string2=value3(name)" I am trying to extract my events into key-value pairs myself without using KV_MODE....
View ArticleUnable to start splunkd after upgrade to 6.4 and applying SSL config. for...
Hi Users, Today I decided to upgrade to 6.4 after having issues with Splunk Universal Forwarders not correctly encrypting traffic between each other. After the upgrade all went smoothly till I decided...
View ArticleScript to download latest Splunk
All, I see there is a "got wget" option on the download page for Splunk, which is great. But that hardcodes me to that version. I am hoping to get something similar that always gets me the latest RPM?...
View ArticleRedhat 7.2 redirect port 443 to port 8000
All, Setting up Splunk on Redhat 7.2 today which does not use iptables. I have Splunk running on port 8000 with https as "splunk". Just curious if anyone has had to map port 443 to 8000 before using...
View ArticleBad gateway ERROR
いつもお世話になっております。 Splunk > Splunk Apps をクリックすると、添付のエラーとなり、 Splunk Appsの画面が表示されない状況です。 社内のSplunkサーバからプロキシサーバ経由で、 Splunk社のサーバと通信させ、APPをダウンロード&インストールしたいと考えております。 社内のSplunkサーバの以下の設定ファイルにプロキシを設定しましたが、...
View ArticleHow to integrate SAP PowerConnect for Splunk Enterprise app with my SAP system?
Hi All I am little bit confused about SAP Powerconnector. Is this really helpful to monitor SAP system? If yes, then please tell me how to connect my SAP System to the SAP PowerConnect for Splunk...
View ArticleHow to remove everything after a colon in an existing field?
I have a field that contains both IP address and port number separated by a semicolon (example 10.1.1.1:23) How do I use rex to trim off the port# leaving me with just the IP address?
View ArticleSplunk ODBC: "error code 126: The specified module could not be found...
We're having troubles with configuring the Splunk ODBC driver on one of our machines. Machine is powered by Windows 2008 R2 Std x64. I've installed Splunk 64-bit driver, but I'm encountering errors...
View ArticleHow do I write the regex to extract this field from my data?
Here is the data I am trying to parse. I actually want to extract a number of fields but cannot figure out how to parse through the {0d}{0a}{20}s. For this question, what regex will pull out...
View ArticleHow to convert date time format from my log parser to Splunk?
Hi, I am converting all statements from my log parser tool to Splunk. I didn't get the exact conversion for date and time timezone format. Please find my search here from log parser. Log parser:...
View ArticleSplunk App for VMware: Why am I getting a permission denied error when trying...
Trying to install the Splunk App for VMware on an Ubuntu server, but I get a permissions denied error when trying to copy over the zip file. I'm using winscp as my application to get the data over. Any...
View ArticleWhen launching our app, why are we getting "SearchOperator: inputcsv -...
Hello, When I launch an App that was written and that we have here on site, I receive the following error (quite a few times) WARN SearchOperator:inputcsv - Encountered 11 'inconsistent number of...
View ArticleWhat does "Unknown" mean for the Source Workstation field from our domain...
We are reviewing our Splunk logs from our domain controller, and it has been properly set up where endpoints on our network are identified in the Source_Workstation field. However, there is some...
View ArticleSplunk App for Windows Infrastructure: How to get logon and logoff audit...
Hi Currently I am trying to configure "Splunk App for Windows Infrastructure". Our goal is audit Logon/Logoff Domain Administrator. After downloading the app, I have configured it by using "Guided...
View ArticleNeed help getting right timestamp from CSV
I have a CSV file I'm trying to index, but the wrong timestamp field is getting selected. UTC,LOCAL,HOSTNAME,SEVERITY,CATEGORY,PNAME,PID,MTNAME,MTID,METHOD,SRCFILE,SRCLINE,INDENT,MESSAGE 2016-05-10...
View ArticleWill the Splunk DB Connect app eat up my monthly index cap we have as part of...
I'm an analyst not a sysadmin, but I'm looking into proposing we use Splunk DB Connect. The one concern I'm trying to learn about is will it affect the monthly index cap limit we have as part of our...
View ArticleHow to get foreach, eval, and subsearch to work together in my search?
Basically, what I need to do is take some values (x, y, z) that are stored in the summary index, then for each x value, run a subsearch to find values for foo and bar, then create one record with x, y,...
View ArticleCan you rename fields that were automatically extracted with KV_mode=auto...
If I have Key-Value pair events and fields that are automatically extracted with `KV_MODE=auto` in props.conf, can I apply a field transformation to an extracted field? For example, I have a field...
View ArticleHow do I prevent indexing duplicate data with CLONE_SOURCETYPE...
Hello, I've got a difficult scenario I am trying to work out. I am attempting to make a copy of a sourcetype, using SEDCMD to reformat it and then send it to a 3rd party destination via SYSLOG....
View Articleoutputcsv type userid_date.csv
I want output csv like this "splunkuserid_data.csv" automatically. for example) admin_17_05_16_09_07_58.csv I tried this search -> my search | outputcsv [| stats count | addinfo | eval...
View Article