Is it possible to get the value of a specific row of $result.$
Given that we have `index=foo sourcetype=bar | table Aaa Bbb Ccc Ddd` in a ``, is it possible to get the (say for example) the 4th row of `$result.Ccc$`? According to Splunk, `$result.Ccc$`only...
View ArticleGetting 404 using axios call to rest api
I am trying to connect to splunk's rest api. In the command line when I curl -k https://localhost:8089/services/auth/login --data-urlencode username=admin --data-urlencode password=pass. I get a...
View ArticleHow to add own IP locations into the GeoLite2-City.mmdb
Hello, I applied successfully the tool at github Customizing-Maxmind-IP-Geo-DB-for-Internal-Networks https://github.com/threatstream/mhn/wiki/Customizing-Maxmind-IP-Geo-DB-for-Internal-Networks] to add...
View ArticleBack end query to pull the active searches running in Search Head
I want to check what are the searches which are running currently or which are finalizing or which is done via our back-end Search head server which is an Unix machine. So Is there any back end command...
View ArticleRegex for String folloed by number ( 1/2/3 digit)
Below are my 3 logs, i want to write a query, to get all the below 3 logs **EXT_CODE*[0-9]** with 1/2/3 digit followed by EXT_CODE...
View Articlecount(var) by "a list of values within a field"
First of all, sorry, if I am missing something really obvious here but after hours of googling I am still stuck with the following problem. Basically I have a list of URLs and a score in the format...
View ArticleWe have observed one error from one forwarder server to indexer.
We have observed one error from one forwarder server to indexer. Error Message:08-20-2018 13:34:39.963 +0200 ERROR TcpInputProc - Message rejected. Received unexpected 842019128 byte message! from...
View ArticleEnable And Disable Rest End Point
Hi Experts I am trying to disable an alert using below rest API example provided in the documentation. It returns back a XML response with all the attributes of the alert but do not disable the alert....
View ArticleSearching strings with accented characters
Hello, I'm having an issue when trying to filter events based on accented characters. For instance if I look at the ingested events, `index=my_index sourcetype=my_source` , I will be able to see the...
View ArticleI need help in pulling report for specific date
Hi Team, Case 1: I want to pull data on daily basis, starting from first week of starting date , but if sat or sun is coming on 1st of week then it should exclude & take of starting as Monday as...
View ArticleHow to Blacklist on UF with a TCP input
I have a UF running on a linux device, with a TCP input. The input is coming from a Graylog forwarder and all the windows events coming with a 'winlogbeat_ preface. I want to black list windows events...
View Articlei have two macros if those values are not macthing(a!=b) then i have to...
i have two macros if those values are not macthing(a!=b) then i have to schedule another search query , how it is possible?? example: macro `a` is 2 (a=2) macro `b` is 3 (b=3) if a!=b then we have to...
View ArticleAdmin Password Change
Is it possible to change the admin account password which we used to login in Splunk Cluster Master, Deployment Master, Search Head & Indexers?
View ArticleFinding the Splunk Instances via Back-End Command
How to find via back-end by logging into a server might be windows or Unix box whether its an Indexer OR Search Head OR Cluster Master OR Heavy Forwarder OR Deployment Master?
View ArticleSplunk License Usage
Recently, I have upgraded my Splunk environment to 7.1.2 from 6.5.3 version. Since I upgrade the version, license has been breaching everyday. So I started digging deep on what is consuming much and...
View ArticleHow can I re-index license-usage.log
Hello Someone prior to me had set the license master to forward logs to the wrong hosts so when I fixed it I have no historical data for license usage. Whats the best way to fix this? Thanks for the...
View ArticleHow to round a number when displaying results in chart ?
I am trying to display the response times of services for the last 7 days in a chart , but I want to round the response time . for example I only want 2 digits to be displayed after decimal . My query...
View ArticleHow to resolve error with bucket in indexer cluster?
This is the error message I saw this morning. When I log into my cluster Master I can see both indexers. CLUSTER_ADD_PEER_FAILED_guid XXX-XXX-XXX server name=SplkIndx1 ip=x.x.x.x:8089_bucket already...
View ArticleWhat is the best practise for monitoring a file directly on the indexer...
I need to monitor a file directly on the indexer. I know I can just define an inputs.conf on the indexer itself and read the file. Later on, if I'm upgrading to an indexer cluster, could this create...
View ArticleBest practice for field extractions
Hi, There is some debate in our group regarding best practices for field extractions. We have a feed that has well defined key-value fields. We also have field extractions setup on the SH, for a number...
View Article