How can I allow users to change permissions of all objects within an app?
I want to create a system where my users can manage an app self-service. I am having trouble finding a way to allow a particular role to edit permissions for objects that they do not own. Example: I...
View ArticleCan the field be displayed dynamically in splunk?
I want to show the data in the last few months. For example, in the combox, when choosing the last a month, there is only one field in the table. When choosing the last two months, there are two fields...
View ArticlePalo Alto stopped logging traffic to Splunk
I am having the same issue as: https://answers.splunk.com/answers/507167/why-are-my-palo-alto-firewall-logs-not-forwarding.html . Palo Alto has stopped logging traffic to Splunk after we performed an...
View ArticleHow to Blacklist on a Universal Forwarder with a TCP input?
I have a UF running on a linux device, with a TCP input. The input is coming from a Graylog forwarder and all the windows events coming with a 'winlogbeat_ preface. I want to black list windows events...
View ArticleHow can I re-index license-usage.log?
Hello Someone prior to me had set the license master to forward logs to the wrong hosts so when I fixed it I have no historical data for license usage. Whats the best way to fix this? Thanks for the...
View ArticleHow to round a number when displaying results in a chart?
I am trying to display the response times of services for the last 7 days in a chart , but I want to round the response time . for example I only want 2 digits to be displayed after decimal . My query...
View ArticleHow to import old log files to splunk
I have a remote server which has 1 week older rolling logs. I wanted to monitor those logs so I have installed UF and set up inputs.conf. The newly created logs are showing up on Splunk search, but I...
View ArticleIs it possible to change the admin account password which we used to login in...
Is it possible to change the admin account password which we used to login in Splunk Cluster Master, Deployment Master, Search Head & Indexers?
View ArticleWhy is the license breaching everyday since the upgrade to 7.1.2 from 6.5.3...
Recently, I have upgraded my Splunk environment to 7.1.2 from 6.5.3 version. Since I upgrade the version, the license has been breaching every day. So I started digging deep on what is consuming much...
View ArticleWhat are some of the best practices for field extractions?
Hi, There is some debate in our group regarding best practices for field extractions. We have a feed that has well defined key-value fields. We also have field extractions setup on the SH, for a number...
View ArticleHardcoded Time Bucketing
Hi guys, I was recently given a new data index that has hardcoded time stamps in the event rather than being based on _time. The events are also re-indexed every night rather than being ingested when...
View ArticleHow can I visualize "table _raw" in the same format as the search result for...
When I search for my events by giving index=myindex, I get my data in the proper format. But when i try to print it out in a table, by using "index=myindex | table _raw" the formatting changes and I...
View ArticleWhat causes the this splunkd Search Head Assertion in Splunk 7.1.1?
Hello, splunkd: /home/build/build-src/nightlight/src/framework/SearchResultsMem.cpp:839: SearchResultsMem::iterator SearchResultsMem::erase(SearchResultsMem::iterator, SearchResultsMem::iterator):...
View ArticleTracking software install/removal
For Windows, I've been trying to track installs/removals. MSI was a breeze. I'm attempting now anything that isn't MSI. I'm tracking changes in the following paths: -...
View ArticleFieldFormat Data Values
Hi, My data set is an integer that I want to show as integer + % in the data labels. When I use the fieldformat command, the data does not show up on a column chart. Is there anyway to add a percent...
View ArticleAdding a date to a string Message
I am trying to create an error message based on a time frame, the last 15 min. and now. So the error message would say, "Client Missed file between 15:15:00 - 15:30:00" The times are calculated at the...
View ArticleOne-Table Combining Different Search Results in Real-Time
My end goal is to show events in one table coming from multiple searches in real time. They all have the same fields. `appendcols` usually works but not in real-time. My ideas were: -Each of the...
View ArticleSA-Eventgen not generating any data.
Hi, Installed SA_Eventgen and configured it for with two different samples(one is a CSV and another a txt file with raw data) but it is not generating any data. In App's UI under "Eventgen Logs" tab I...
View ArticleNot receiving readable logs from Brocade Switches
We have added brocade switches to heavy forwarder via tcp:6514. We are able to receive the logs , but not in a readable format. \x00a\x00\x00]"e8H,W\xCC\xA7az\xB9\xFF\xFB\xFE\x9E\x8C...
View ArticleOfficial Splunk Feature Backlog
Throughout the Answers there are several mentions of feature requests, but all accounts of reporting feature suggestions involve opening a support ticket through the support portal, assumably limiting...
View Article