How to extract only successful and failed logins using regex?
Hello All, I have a file with data: --------------server1 2018-07-----SQL2008-- Number of Success Logins: SOFTPOINTPERFOMANCEEXPERTLICENCEUSER - SQL SERVER AUTHENTICATION - xx.xxx.xxx.xx -...
View ArticleWhy is DBConnect for Sybase giving the following error "Connect error: no...
Hello Everyone I am setting up database monitoring using DBconnect, it worked well for MSSQL, Oracle, DB2 however Sybase is not giving up. I am getting the following error: Connect error: no protocol:...
View ArticleHow to rewrite this query to get percentage at each range?
index=sample | eval Latency=case(walltime<500, "0-0.5s", walltime>=500 AND walltime<1000, "0.5s-1s", walltime>=1000 AND walltime<3000, "1s-3s", walltime>=3000 AND walltime<6000,...
View ArticleSplunk addon builder - How to create an input that shows list of indexes?
Hello, I have a requirement in new app being build using add-on builder create a input parameter called choose index. This parameter should show the list of avalable indexes from which an user selects...
View ArticleCan we forward a specific table of a DB to Splunk?
Is it possible to forward specific table of a DB to Splunk? I understand that we can push the complete DB and create a dashboard to see the data we wish to. But I am more interested in understanding if...
View ArticleHow to build a summary index that uses eval statements to configure timechart...
I am trying to build a summary index to pull a week over week comparison of specific applications. The below query works normally, but for efficiency reasons I would like to place this in a summary...
View ArticleActive Directory – Failed Login Events - SPL – Which is most efficient and why?
Community, New to Splunk, first post, your patience is appreciated. Also, thank you in advance. This post is focused in the direction of efficiency, effectiveness, accuracy, and understanding rather...
View ArticleSkip message starting with Integer in Splunk.
I am creating a query to get message type count but i want to skip some the message that are not valid . Some of the messages are starting like "-100" or "Data ...". I want to skip them while i...
View ArticleHow to build a summary index that uses eval statements to configure timechart...
I am trying to build a summary index to pull a week over week comparison of specific applications. The below query works normally, but for efficiency reasons I would like to place this in a summary...
View ArticleCoalesce in transforms
Hello, I am working with some apache logs that _can_ go through one or more proxies, when a request go through a proxy a X-forwarded-for header is added. The problem is that the apache logs show the...
View ArticleCompare Fields from Different Indexes and display only the duplicates.
Hi, I have two searches `index= windows EventCode=1234 Logon_Type=8 | table host | dedup host` and `index=iis host=*|table host|dedup host` How to combine both these queries to display only the hosts...
View ArticleWorking to setup the Network toolkit on windows. Any installation or...
I created the inputs.conf for ping but get an error about the format when splunk starts. I am using the format [ping://192.168.0.62] hosts = 192.168.0.62 interval = 30s runs = 1 it fails on the hosts...
View Articlesome of the values are not able see when I table
index=** sourcetype=**** location=00000 | bin _time span=1d | rex "\[Id=(?[^\,]*?),[\s ].*?,[\s ]percentage=(?[^\,]*?),[\s ].*?,[\s ]location=(?[^\,]*?)," max_match=0 | fields * | stats...
View ArticleAre there any installation or configuration guides to setup the Network...
I created the inputs.conf for ping but get an error about the format when splunk starts. I am using the format [ping://192.168.0.62] hosts = 192.168.0.62 interval = 30s runs = 1 It fails on the hosts...
View Articlesome of the values are not able see when use table
index=** sourcetype=**** location=00000 | bin _time span=1d | rex "\[Id=(?[^\,]*?),[\s ].*?,[\s ]percentage=(?[^\,]*?),[\s ].*?,[\s ]location=(?[^\,]*?)," max_match=0 | fields * | stats...
View ArticleRegex - Filtering out unwanted events doesn't work
Raw Cisco WSA squid event: 1533849492.277 0 192.168.1.11 TCP_DENIED/307 0 GET http://detectportal.firefox.com/success.txt - NONE/- - OTHER-NONE-AuthenticatedUsers-NONE-NONE-NONE-NONE...
View ArticleRe-use host field in Timechart for count aggregation
I am attempting to create a dynamic timecharted trellis dashboard panel that only shows an aggregation by host based on which host fields are present in the main search. As an example, the below shows...
View ArticleConfiguration stanza precedence vs Configuration file location precedence?
For props.conf which has highest precedence. In documentation, they said [source::] settings override both [host::] and [] settings 1) if props.conf is in ..etc/system/local [sourcetype1]...
View ArticleSplunk Sourcetype wildcard entries
Hi I have a input with sourcetype [eventlog]. In props.conf If I use sourcetype as below to define settings it is working. [eventlog] ... But if I use wildcards as below my input is not getting parsed...
View ArticleBest way to monitor for file transfer across multiple servers without...
Hi Splunk community I need to monitor file transfers from servers to servers in different directories. I do not need to know the file content, only the time the file appear in each server as well as...
View Article