How do I enable Get-WindowsUpdateLog PowerShell as requested in the docs?
All, Any more guidance here? Is there an input I need to enable I am missing? As they expecting this as a scheduled task? How is there a TA? What interval? Not a windows guy here so I a little confused...
View ArticleInstalling the Splunk App for Windows Infra and getting a error about my TA...
All, Just installed the latest Splunk for WIndows Infra and the latest Splunk_TA_Windows. When I go through the guided setup I get this Update required: v5.0.0 installed. It does not match with v4.8.3...
View ArticleSplunk Add-on for Cisco UCS is not collecting data
Hello Everyone, I have installed the Splunk Add-on for Cisco UCS Manager and configured the managers, template and task as mentioned in the Splunk documentation, however there is no data collecting at...
View ArticlePython SDK: StreamingCommand only returns data in fields where fields are in...
I'm writing a search command using the Splunk Python SDK to pull in data from an external API into search results. The goal is to add fields to each record based on the data returned from the API....
View ArticleTrouble with UTC time
I have some search results that return values in the format %Y-%m-%d %H:%M:%S. For example: ...some search... | table UpdateTime This would yield the following table: UpdateTime ------------------...
View ArticleShow two plots on chart with different values?
Hello All, I have some data coming in from NetApp that shows snapshot name and snapshot volume used. I need to show all the volume names/space used from 48 hours ago on-top of one from 24 hours ago....
View ArticleHow to plot multiple values on single line chart
Hi All. I run the below search sourcetype=dbx3_netapp_vault_utilization it returns the below: (names redacted) ![alt text][1] [1]: /storage/temp/255764-2018-08-21-14-35-04.png I need to create a line...
View ArticleSplunk alert and shutting down a physical port on a switch
Have anyone used Splunk to act upon an alert and shut down a physical port on the switch? This would require running a scrip when an alert is triggered. I just want to reach out to the community and...
View ArticleHow do I Embed Splunk SSL cert in client application?
My program has a variable, a string that contains the Splunk PEM certificate. Every request that is sent to the API includes my program verifying the cert being presented by the Splunk server is the...
View ArticleHow to edit ps.sh to limit process getting in ingest for Splunk Add-on for...
Hello, I'm trying to only get a certain server processes to ingest to splunk index using Splunk Add-on for Unix and Linux script by editing the ps.sh script by adding grep command in there. like below....
View ArticlePerforming Sum Calculation when Field values are combined
First problem: Fields are extracted in Interesting Fields, and I'm trying to combine data with **Account** and **RequestorCode** must be the field with identical data values. I need help to get *sum of...
View ArticleHave Alert Check Three Times before Sending Email
Currently, we are trying to set up an alert for our AWS Instances to report if the CPU is >= 90%. What we want to have happen is once Splunk sees this, it will test two more times (waiting a shorter...
View ArticleWhy does the PDF Exporter work ok on Windows laptop but not while installed...
We are trying to use the Smart PDF Exporter to generate pdf reports from our Splunk instance. When we install the app on Splunk 7.0.4 running on Linux, we are experiencing several issues. 1. When we...
View ArticleDoes Anyone Have Field Definitions for Cisco IOS Technology Add-On?
We have been asked to provide definitions for the following field names for events produced by parsing Cisco switch logs with the Cisco IOS TA. I realize that some field names are self-explanatory but...
View ArticleSplunk ES Incident dashboard not working with Splunk Enterprise 7.1.2
We upgraded our Splunk enterprise to 7.1.2 from 7.0 version in a SH that has Splunk ES version 4.7.2. After the upgrade, we notice that Incident Review dashboard doesn't work as expected. If we upgrade...
View ArticleHow to calculate the difference between two fields from different sources?
Hi All, please. How to get the difference between two fields from different sources? For example, know what is contained in one that is not contained in another. It reads AV (Antivirus). Example:...
View ArticleBMC Remedy API to pull assets information ?
Hi All, Need help to pull the assets information from BMC Remedy , we tried by using REST API Modular Input add-on however no luck yet . If we use postman we are able to pull the assets information....
View Articlehow to use if condition in splunk?
I want to create the below query in splunk to monitor logs, can someone let me know the logic? If “TAG=” and “ABC-??? WHERE ??? IS NOT ” THEN it will trigger email alert...
View ArticleWhy do i get a no value in Country while using iplocation
Hi, With the below query i am able to list the country and request count by response time split. wall_time != NULL client_ipaddress != NULL |iplocation client_ipaddress| eval...
View Articlelookuptable compare with new event
i called all the errors and created to lookup table , iam thinking to create job to which will take the last 5 min of errors and compare with errors in lookuptable , if it doesn't match it will trigger...
View Article