REST API Modular Input App - Passing tokens from response handler back to API...
Orignally I set up two tokens in the tokens.py file, it did seem to work initially, but I ran into the same problem as this:...
View ArticleDB Input keeps becoming Disabled. Splunk DB Connect v2
I am attempting to upgrade from DB Connect v1 to v2, but running into a problem with my first ever input. Everything looks fine and is set up. Marked as a Valid Connection, and I can save it, but about...
View ArticleSplunk retention not happening
Hi , I am testing the retention related settings in my test index. I have set up the frozenTimePeriodInSecs = 259200. 259200 is for 3 days. And it cleaned up all the 3 days old data after restart. But...
View Articlesplunk retention not working as expected
Hi , I am testing the retention policy setting on my test index. I have setup frozenTimePeriodInSecs = 259200 under my test index. After restart it cleaned up all the old data. But it is not cleaning...
View ArticleSplunk Add-on for Nessus: Why am I getting errors "Proxy username is empty"...
Hi All, I am trying to integrate Nessus with Splunk. Performed all the mentioned steps, however, unable to find any logs from Nessus. Attaching error logs from ***C:\Program...
View ArticleWhy is our Python script no longer working after upgrading to the Splunk App...
We have a custom Python script that we use to send "event" to service-now from Splunk. This is working fine in Splunk 6.1.8 (Splunk App for ServiceNow 2.4). The same Python script is not working on...
View ArticleHow to use top in timechart
Hi All, I have a requirement to use TOP 4 in the timechart command: Below is my search: index=_internal |timechart count by sourcetype limit=5 span=1d|addcoltotals (7DAYS DATA) I need the top 4 column...
View ArticleAfter upgrade to Splunk 6.4.0 from 6.3.1, why is UDP:514 data being indexed...
I just updated to 6.4.0 from 6.3.1. Data is being received on UDP:514 from my firewalls. This data was indexed as syslog, but is now going into main. I have the \etc\apps\search\local\inputs.conf...
View ArticleIs there a way to add an index via CLI that includes hot/warm and cold paths...
Is there a way to add an index via CLI that includes hot/warm and cold paths without restarting?
View ArticleSplunk Add-on for Check Point OPSEC LEA: How to configure props and...
Hi guys, I'm trying to delete the events *action=drop* of Checkpoint firewalls. I've already set my stanzas (opt/splunk/etc/system/ local) props.conf and transform.conf as follows, but it did not work....
View ArticleHow can I search Windows security events to track which admin users logged on...
Hi How can I use Window security events to track which admin users ("*-admin*") did log on or log off into our domain computer? thanks
View ArticleIs there a way to pass username/password via a workflow action GET like you...
Is there a way to pass username/password via a workflow action GET much like you can with curl --user? It can be static or pulled from a passed field. Thanks, -Bob
View ArticleMany GUIDs are registered to the cluster master as a single search head for...
Hello, We have reinstalled Splunk 6.3.3 three times recently on our Splunk search head host and each time we added it as search head to our cluster master, but now we have two ghosts with old GUID:...
View ArticleHow to use a scheduled report in an HTML panel?
All, I have a set of HTML here that is running a search inline and I would rather used a scheduled report. However, when I look at an example of using a scheduled report, it really doesn't add up.The...
View ArticleHow to set up SSO using an Apache Reverse proxy to allow us to PIV enable our...
We are hoping to PIV enable our Search Head using an Apache Reverse proxy ~ I cannot find any existing guidance.
View ArticleSplunk DB Connect 1: ERROR AdminManagerExternal - Received malformed XML from...
I'm using DB Connect 1. When trying to set up a DB Connect Input using the following SQL: select 'RTP' as site, consumer_app, max(to_char((timestamp '1970-01-01 00:00:00' +...
View ArticleSplunk DB Connect: How to add a database connection to monitor Cassandra...
Hi, Can anyone point me to a document or assist me in setting up monitoring of Cassandra database logs? Thanks, Shaik
View ArticleWhy am I unable to find the time difference between two dates with my current...
Hi all. I have one field called **date1** with a timestamp like this: > 5/7/16 16:35 I need the time difference (just for the date) in days against `now()`. I am using this expression: ... | eval...
View ArticleHow to create a dashboard with multiple charts from one statistics table of...
I wrote a search that ends up comparing two cohorts of customers with summary statistics: conversion rate, bounce rate, % that use site search, etc..... I'd like to create a dashboard that creates a...
View ArticleHow to create a timechart on a dashboard to visualize events using two fields...
Hi I need help in creating a timechart for visualization of events with multiple fields of interest in a dashboard. In my events (application server log), I get two fields: **TXN_TYPE** and...
View Article