Anyone have a good alert to fire when data is injected by Splunk with a bad...
All, Say a log comes in dated 10 days older than today's date. I'd like a report or alert on that? Anyone have a good search for that handy?
View ArticleTopology Visualization : Message Format
Hi, In order to achieve the Topology Visualization for my messages/alerts, Is there any specific message/fields that app is looking for? how the graph representing relationships between different...
View Articlecourse expiration
I was finishing up this course, Splunk 7.x Fundamentals Part 1 (eLearning) this morning. It is not to expire until 8/18/2018. I went to a meeting and came back and found I could not launch the course...
View ArticlePalo Alto Networks App for Splunk seems to ignore restrictions in user's role
We use custom-built roles for different groups who use Splunk. Typically the users in their role are restricted to certain indexes, and further restricted to what hosts they can see by using tags...
View ArticleHow to re-index / sync new data from directories which are monitored?
Hi, each day, I download new logs in directories which are monitored. I would like to know how to force Splunk to add these new logs just after their downloading. PS : I don't want to re-index all my...
View ArticleHow to get volume by indexer?
all, Is there a better way to get data by indexer than this search from the search head withouth access to the internal indexes/ index=* | fields _raw, volume, splunk_server | eval volume=len(_raw) |...
View ArticleHow to return full count of field1, and a TRUE/FALSE field if 1 or more of...
eventtype=X | iplocation ClientIP | where Country!="United States" | eval bad=if(match(Country,"Brazil|China|Vietnam|India|Thailand|Nigeria|South\sSudan|Russia|Ukraine|Turkey"), "TRUE","FALSE") | rex...
View Articleindexer configuation problem
Hi Team, I have below machines on AWS running currently in non cluster mode . I am able send data to main index but not able to send data to any newy created index. Please help . 1) Search Head 2)...
View ArticleWhy am I getting "The lookup table does not exist. It is referenced by...
I haven't used any lookup table in my dashboard. But still I am facing "The lookup table XXX does not exist. It is referenced by configuration YYY" error. I have checked the permission settings of XXX...
View Articleforward specified events to reciever
i need only recieve events with action=blocked from farwrders, my logs are : Aug 18 12:56:13 192.168.X.X date=2018-08-18 time=12:50:36 devname="XXX" logid="0001000014" type="traffic" subtype="local"...
View ArticleWhy are lookups loaded for sourcetypes that don't apply?
I noticed in search.log that there are "INFO LookupOperator - Loading lookup table=..." log events that don't apply to the sourcetypes specified in the search. Later there is another event that says...
View ArticleSet Source Type preview blank
When I upload any new data to Splunk to review before index, the preview page is blank and no sample of data is generated Splunk Version: 7.1.2 Lab environment
View ArticleInputlookup and join searches
Hello I want to do an match between a CSV file and my SPLUNK search In the CSV file, i want that the field "host" which correspond to a list of computers name match with my searches It means that for...
View ArticleHiding input panels based on other input panels
As the title says, I am attempting to hide input panels based on the input provided in another input panel. As it stands, the tokens get set correctly, but the panels are still displayed. Been working...
View ArticleFor integrating Splunk into my own web app, what's the difference between...
want to integrate the search and visualization functionalities into my own app, which one should I use?
View Articlecheck if stringa in stingb
how can i make a case condition to check if StingA is in StringB? for example StingA is "xxx.com." StingB is: "a.xxx.com."
View ArticleError while adding search peer to search head
I'm getting the below error when adding a distributed search peer to search head on CLI or GUI. /opt/splunk/bin/splunk add search-server x.x.x.x:8089 -auth admin:password -remoteUsername admin...
View ArticleInputlookup CSV two files, mapp table1 (file1) with table1 (file2) AND show...
Hi i`m new in splunk - i do not find the answer here in > answers as my list_2 do have some other account information, i need to compare two lists the search should be: - show me all identical...
View ArticleIs it possible for a search result to be manually added to a static HTML...
I have a static table on a dashboard-panel. I was hoping someone could help me pass the result from a search into a`` tag. I have a sample code below *(sample only, my working search is much more...
View ArticleBreak XML response in multi-line events
Hello , I am trying to break the XML response in multi line events but not able to do so. In attached URL,Ist highlighted "-1" is version id and 2nd highlighted "-1" is cycle id, and I want to get all...
View Article