how to connect KNIME with Splunk?
Hello, I am using KNIME to clean data and Splunk for data analytics and visualization. I would like to connect these tools together where KNIMEcan act as a data source for Splunk. I was wondering if...
View ArticleProcess to upload to Splunkbase
Hi, Once the add-on is developed, can we upload it to Splunkbase right away or is there any process it has to pass? I understand the certification is not mandatory but is there any other process?
View ArticleWhile performing the searches getting the warning messages like "usage limit...
While performing the searches getting the "usage limit exceed 500 MB" warning messages , To overcome this error , We increased the default srchdiskquota limit from 500MB to 1000MB for the specifice...
View ArticleCA SiteMinder - How to get audit logs into Splunk?
I need to get the SiteMinder audit logs into Splunk. Currently they we have them going into an Oracle DB. We want to eliminate the Oracle DB and have the audit logs go directly from SiteMinder into...
View ArticleI would like to forward the entire contents of a csv file even if its...
Hello, I'm attempting to forward a set of .csv files for administrator group auditing. However it only forwards, or at least the search only returns changes to the .csv file. For audit reasons, I need...
View ArticleHow to send production events into dev cluster?
We just recently upgraded some of our equipment and decided to move the old equipment into our dev environment to set it up as a separate cluster. What is the best way to route production data over to...
View ArticleHow to combine unique values of the field to one
I am trying to make a report with the unique combination of ID, AVER SRV & ZONE. However, since I am getting lots of duplicate values because I have multiple values for ZONE, is there anyway I can...
View ArticleHow can I get my inputlookup to exclude holidays
Hello I have a search that I use to calculate days between 2 dates. The search is like this: |index=dev_tsv "BO Type"="assessments" | rename "BO ID" as id| convert timeformat="%Y-%m-%d %H:%M:%S.%6N"...
View ArticleWhat regex command to use to to remove the special character after a number?
I want to remove the special character after a number, please help. data: 7.62\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 I want: 7.62. the number is not constant it will keep changing...
View ArticleWhat is the process to upload to Splunkbase once an add-on is developed?
Hi, Once the add-on is developed, can we upload it to Splunkbase right away or is there any process it has to pass? I understand the certification is not mandatory but is there any other process?
View ArticleHow to forward the entire contents of a CSV file even if its unchanged daily?
Hello, I'm attempting to forward a set of .csv files for administrator group auditing. However it only forwards, or at least the search only returns changes to the .csv file. For audit reasons, I need...
View ArticleHow to combine unique values of the field into one?
I am trying to make a report with the unique combination of ID, AVER SRV & ZONE. However, since I am getting lots of duplicate values because I have multiple values for ZONE, is there anyway I can...
View ArticleHow can I get my inputlookup to exclude holidays?
Hello I have a search that I use to calculate days between 2 dates. The search is like this: |index=dev_tsv "BO Type"="assessments" | rename "BO ID" as id| convert timeformat="%Y-%m-%d %H:%M:%S.%6N"...
View Articlesplunk 7.1.2 login and logout option missing
Dears, I'm unable to see my login button in my splunk home page: localhost:8000. Also, unable to see logout button as well. Seeing the below error in messages. Missing or malformed messages.conf stanza...
View ArticleHow many pipelines should I use on a forwarder?
I'm trying to figure out how many pipelines to set on my forwarders to maximize the following: - Throughput - Data distribution to my indexers - Resource utilization What are the things I need to be...
View ArticleSplunk DB connect in SHC
Hi, I have recently installed DB connect app in the search head cluster and the following message is being displayed in the search heads. ```DB Connect is running in SHCluster! Some functions will be...
View ArticleFields on datamodel "ns_waf" doesn't exist
Hi. Fields present on datamodel "ns_waf" doesn't exist. Anyone have these fields extracted? nswaf_action, nswaf_appliance, nswaf_company, etc. This app doesn't have any extraction defined on...
View ArticleMultiple alerts in one query
Please help I want the query with below scenario. Requirement 1: Check occurence of 0 in 10 mins timeframe. If continuously 0 in 5 minutes,set some counter at every occurence of 0 continuously and send...
View ArticleHow we can use multiple AWS acccount in indexer cluster.
I have two AWS accounts (A and B) on both account I have installed two -two instance each . Is there way to connect cross AWS account , if yes how ?
View ArticleHow can I create an alert for RDP logins without CyberArk credential check out
I am looking for a way to capture events where a user did not check out credentials from CyberArk before using them to RDP, so a scenario would be that someone checked out some credentials for 12...
View Article