Deploying a Heavy Forwarder on a Cloud Server, what is needed?
Hello everyone! I'm working closely with my server team, and we are going to deploy a Heavy Forwarder on a cloud server. We're doing this so that we can manage our own tokens. We also have a Splunk...
View ArticleCustom DBConnect to get McAfee EPO inventory info
Wanted to share this with community: We use the query below to collect a static inventory of systems currently in McAfee EPO, as well as information on their product installations. We set this up as a...
View ArticleHow do I assign dropdown links in a table with events from two sourcetypes...
For example, the table is like this time description vendor1 time description vendor2 time description vendor1 When I click vendor1-its a regular index based search. But vendor 2, it should go the...
View ArticleHow can I create a visual depiction of when a device is on or off over a...
I have two separate events that logs a turn on and a turn off. I want to create a timechart showing when the device is on and off over a period of time. I only get a single event each time the state...
View ArticleHow to use regex and format strings for an XML sample without using KV_MODE=XML?
Hi, I want to use REGEX and FORMAT strings for an xml sample as given without using KV_MODE=xml So i am trying to use different regex to get hold of parsing fields but failing Please find the sample...
View ArticleCan you skip the first x rows returned in a search?
Hi, If I have a query which returns 100 rows I'd like to be able to only get rows 11-100 shown (and if 200 only rows 11-200) I have looked for an `offset` command similar to `head` or `tail` but I...
View ArticleHow to "fill" missing hours from a search where there are no results with a...
I have a simple search where we are searching the logs for a specific event. We want to chart out the count of how many times that event is found each hour, irrespective of the day. We are looking to...
View Article7.1 Dashboards not converting timepicker to timezone
I'm having two problems with splunk dashboards after I upgraded to 7.1.2. These only seem to occur when searching Date range or date-time range on dashboards. Making a custom search returns correclty....
View ArticleDashboard Drill-down not working correctly with conditions
Hey all, I am trying to make a conditional drill down for a table. The problem is it only ever picks up the hostname condition by itself. The severity condition it acts like it is not even there. For...
View ArticleSplunkd service wont start on Windows Server (handler/weak reference error)
Has anyone encountered this error before? Our splunk instance is completely down. 08-10-2018 12:45:50.153 -0700 INFO loader - win-service: Starting as a Windows service: will run various system checks...
View Articlerun script in SHC
Hi all, We have some scripts for lookup filling via splunk lookup rest api [link text][1] Also we have search head cluster (SHC). It would be great to use SHC capability to to run our scripts on the...
View ArticleSplunk Developer License Question
Greetings Splunk Community & Mods, I have a question about the Splunk Dev License. A little more than a year and a half ago I requested and was granted a dev license using my personal email and...
View ArticleApply command on a large field
Hi everyone, I am trying to apply logistic regression to predict phishing based on a baseline of phishing emails data. But, the issue I am facing is that, the apply command execution inside Splunk is...
View Articleplease help me : How CAN I configurate splunk enterprise so it could see the...
hey please help!! i did all the steps of universal forwarder configuration but i still can't forward data into splunk entreprise How CAN I configurate splunk enterprise so it could see the forwarder ??...
View Articlecalculate average response time per application
Hi, I am a bit new to splunk and query language. In my logs, i am having "application name", "Request Time stamp" and "Response Time stamp". Using this, I need get average response time for all my...
View ArticleSplunk searching nested json
Hello I use automatic translation because I am not good at English. sorry. I took NVD 's CVE list (Json Feed) into Splunk. That's index="testIndex" product_name = "openssl" "version_data" = "1.6.0"...
View ArticleDo i create indexs on Search head or on each indexer on non cluster envioment
Hi, We have a indexer{2 indexers] in our environment, 2 fowarder and 1 search heads. If we create indexes on a search head using GUI will the configuration for these be reflected in indexers? Please...
View Articleuser flow design on Sankey visualization in Splunk
Hello Splunkers, I would like to show the user flow on Sankey visualization.For ,that i have index, source type ,interaction_id ,activity_id, screen_id flow_name ,component fields. In the component...
View Articletimeformat are not getting extracted properly
timeformat are not getting extracted properly, we have one type of timestamp but clock there is different. It is starting from 0 - 24 hours and date starting from 1- 31, and also same for month 1- 12,...
View Articlechange hostname
I am trying to change the host name. the name is from the log files. Sep 20 11:13:18 10.50.3.100 Sep 20 11:13:15 ac.dc1.buttercomom.com ASM: the host name is always before ASM: I tried to change it...
View Article