Upgrade perpetual license to No-enforcement license
We would like to upgrade our current six years old perpetual license to no-enforcement license but our support contract is long expired. Is there any way to do that without buying a support contract?
View ArticleAlerts don't have delete or schedule option in search head
Customer have 3 search heads in cluster environment, they have pushed savedsearches.conf from the deployer. Now they are unable to delete or schedule those alerts via splunk web, it is grayed out
View ArticleProperty to prevent data truncation in TABLE command
Hi All, I have a data truncation problem. I have a long event that is >10,000 characters. I updated the props.conf TRUNCATE field to 100,000 and this works great to view full event. However, when I...
View ArticleIndexing -> Indexing Performance:Instances" is not populating any data.">Regex Processor CPU Profiling per Sourcetype” under "DMC -> Indexing ->...
Regex Processor CPU Profiling per Sourcetype” under "DMC -> Indexing -> Indexing Performance:Instances" is not populating any data.
View ArticleHow can I use blacklist to ignore directories that include "-"
I have a monitor set up in inputs.conf on my UF as follows [monitor:///log/test] blacklist = ppd.*\.log$|prod.*\.log$ sourcetype = service_log index = nptest1 /log/test also contains some...
View Articlexml field extraction
I have one xml file I want to extract (at search time) the fields/values IN BETWEEN and and throw away any of the lines before the very first and after the very last . (In XML, the fields/values are...
View ArticleSplunk Dashboard
Is there a way to see in GUI when dashboards in Splunk were first created and also who edited and viewed the dashboards.
View ArticleTransform.conf Regex Field extraction
Hello everybody I am new to the regex topic. I have events with folowing information: SPIEE-WIRELESS-MIB::**bsnStationMacAddress**.0 = STRING: **a9:12:fa:13:19:8F**...
View ArticleJson Field Extraction
Hi, I have a below event in json format, I want the fields to be created as "key1","key2",etc. I am trying the following code but not working : index="BBB" sourcetype=AAA | spath output=AA...
View ArticleGetting a timeout error when configuring the tenant on the office 365 add on
When I add all the details required on splunk add on for office 365, I click add and then get the following error: HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded...
View ArticleNeed help with time-based search with data from two sources
I'm looking to put together some reports on vulnerability data where I can show a trending value of both fixed and active vulns at any given time. Our vulnerability data is separated where we have...
View Articlehow to index outlook data into splunk enterprise 7.1.2 version
I have a business requirement to index outlook data into the Splunk. I used IMAPmailbox,imap and Microsoft Office 365 apps and provided required inputs like server name,username,password but no result...
View ArticleHow to find diff between a inputlookup and search result?
I've a lookup file which have a mount list with respective servers. Now I have a script which logs the mount available in every 15 min. I want to create an alert if there is any mount missing from what...
View ArticleHow to use environment default tokens in HTML Dashboards?
Hi Splunkers, I'm trying to use $env:user_realname$ in a HTML dashboard, I've searched a lot about It and realize that I could only get this information with a SplunkJs function but I only get this...
View ArticleHELP! KVSTORE is broken
On My search head I cant load the KVSTORE mongod.log says 2018-08-14T14:46:34.831Z W CONTROL No SSL certificate validation can be performed since no CA file has been provided; please specify an...
View ArticleKV Store Failing
I see other questions in the answers site but at this time, i feel mine is unique to the other issues. A rolling message (across search heads). ServerA (or any of the others in the cluster), has the...
View ArticleOlap4j with Splunk DBConnect
Hello Everyone, I am trying to use Olap4j driver with DBConnect towards Olap based database (SAP BW). When I try to load the driver, I get this in logs: "java.lang.NoClassDefFoundError:...
View ArticleSuppress search results
I need help with a very basic search concept. I need a way to suppress search results if a certain condition is met. I have a csv file (file.csv) Maint YES I need the exact search that would follow...
View ArticleSetting up SQS based S3 input!
Hi I am running an splunk instance within my AWS account, and i'm trying to setup an Cloudtrail SQS based S3 imput. The cloud trail logs are stored in a bucket (auditlogs) in separate account, which I...
View ArticleSplunk skips or delays indexing of the log file during the rotation occassionaly
Hello Splunkers, I have an issue where Splunk some times skips to index the log file during the rotation or delays the indexing during the log rotation. This issue is only for specific file.So we can...
View Article