Microsoft Office 365 Reporting Add-on for Splunk: Data got indexed only .I...
After installing the add-on , i could see the data only once . Not able to see the latest logs .I dont see any errors not sure whats wrong with the add-on . anyone could help here
View ArticleIndexes not visible on searchhead in splunk in non cluster enviornment
Hi Team, I have one Search head(deloyment server) ,two indexer and two forwarder in the network .I created web index on both indexer , when i try to add data from search head into web index .The web...
View ArticleRun a search based on alert result
Hi, i would like to run a search (to collect data in a summary index) triggered by an alert, which is checking for new data. e.g. if the start of a new dataset comes in, i would like to enrich,...
View ArticleOne shot search with Python SDK
I am reading the documentation to create a simple search script: #!/usr/bin/env python import os import sys import json import argparse import datetime from random import choice try: import...
View ArticleNew Index not searchable
Hi everyone, I'm new to Splunk and this is the first Index I created, so hopefully this Question ain't to nooby ;) This is my inputs.conf: [monitor:///var/log/app/retry.log] disabled=false...
View ArticleHow to fix one column in a table when using the scroll bar (moving left to...
I have table having 34 columns, So I need to fix first column while scrolling bar left to right or vice versa.
View ArticleField extraction from XML file
I have one xml file ========================================== 1. 1- 2- -xxx3,25.10742916222947 3- Intexxxon 4- 23333 5- ---------------------------------------- ================================== I...
View ArticleLinux timestamp not parsing
I recently added several servers to our splunk system, and they are all reporting as `sourcetype=linux_audit` (Which I do not believe is overridden from something else) Looking at the logs, I am pretty...
View Articleextract fields at search time through props.conf file
I have w3c format logs. I want to create the fiels through props.conf. I want to use EXTRACT- xxx= for search time field extraction. below is my sample event. 2014-01-02 22:12:37 5209 1x3.xxx2.xx.xxx...
View ArticleSplunk Add-on for Microsoft Windows, ingesting zip files not working
Hallo all, I'm using the "Splunk Add-on for Microsoft Windows" to monitor a blob storage (which is a great feature). It works fine for text files. However it doesn't handle zip files well. If I monitor...
View ArticleQuestion regarding summary index with saved search
Hello, I have created a saved search to populate summary index. I am running saved search for every 5 minutes. What i want is, first time when the saved search runs, it should run with time range as...
View Articleworkflow to update a lookup table
I would like to be able to use a POST action in work flow to update a lookup table. Any direction on how to do this is appreciated.
View ArticleHow to convert a single event into an outputlookup CSV file?
We are receiving a csv file as an event. (The whole csv file as a single event). This is configured correctly eg [custom:csv_event] BREAK_ONLY_BEFORE=NEVER_OCCUR_TAG MAX_EVENTS=100000 DATETIME_CONFIG =...
View ArticleForwarder on AMI in AWS for Auto Scaling groups
I'm setting up an Auto-Scaling group in Amazon using an AMI. I want my logs, specifically apache logs, to be pushed into my Splunk server, but want to make sure I do this properly. So the set-up is...
View ArticleWhy are some of the Linux timestamps not parsing?
I recently added several servers to our splunk system, and they are all reporting as `sourcetype=linux_audit` (Which I do not believe is overridden from something else) Looking at the logs, I am pretty...
View ArticleHow does _TCP_ROUTING work in inputs.conf?
We soon will be required to send our Windows Event Security logs to a separate Splunk sever owned by our organization's Security group. To test this, I installed a test Splunk server (testsplunk in...
View ArticleWhat stanza would I need to only monitor the Notification Packages string...
Hey guys, So I have another request that I can monitor hives without issue so directly below if I were to add anything into this hive it gets picked up. However, when it comes to monitoring a specific...
View ArticleHow to setup volumes for Splunk deployment?
OK basically I think I'm confusing myself. I have a helm deployment on K8 and orig had volumes for etc and var. I want to have separate volumes for hotwarm, cold, frozen and thawed. I created some...
View ArticleSplunk stats count for several search
Hello, I have ~15 the same queries with a little difference: (index=SOME_INDEX sourcetype=SOME_SOURCE source=... | eval API=CASE(searchmatch("xxx"), "yyy", ...) | search API=WebResponse | eval...
View ArticleWhat ports are used as source ports for Splunk Universal forwarder agent?
Let’s say we have Splunk Universal Forwarder agents installed on windows servers. Is it known what ports are being used by windows servers to send data FROM (not sent TO) to splunk deployment server?...
View Article