How do I search for low counts of specific user logons per host?
I'm trying to do some least common occurance hunting in our environment, and would like to see if I can make a search that will show me hosts with low counts of user logons (say, less than 5?). So, if...
View ArticleHow do I calculate total time of employees from security card system?
I would like to create a report to verify when and how long each employee is in the building. Splunk indexes data from the Security system that supplies a cvs file nightly. I am running into a problem...
View ArticleIssue while attempting to restore a KVStore collection
Hi Everyone, I am currently trying to achieve a quite simple process: set up a scalable way to backup/restore some KVStore collections from production Splunk servers. Following the appropriate Splunk...
View ArticleHow to search for all the IPs that are located in the domain controller
this is my first time using splunk and I dont know many commands. I am looking for a command where I can get all the IPs in the domain controller and their account name.
View ArticleGetting incorrect host name
We have a server that was cloned to that have a different hostname. the old server was shutdown and the team is now using the new server with different hostname. looking at DS, the name of the host is...
View ArticleJavascript code is not working. The script code is not working.
.accordion { background-color: #002B51; color: white; cursor: pointer; padding: 18px; width: 40%; border: none; text-align: left; outline: none; font-size: 15px; transition: 0.4s; } .active,...
View ArticleHow to concatenate results from same field
Hi , I want to concatenate results from same field into string. How can I do that ? e..g |inputlookup user.csv| table User User ------------ User 1 User 2 User 3 Users = User 1+User2+User3
View ArticleSearch for fields that contain exactly 6 digits
I need to search for fields that contain exactly 6 digits. For example, it should return fields that contain "123456". I'm currently trying regex_raw="\d{6}" but I think I'm missing something or doing...
View ArticleGoogle Apps for Splunk: Gsuite HttpError
We are seeing the following error on Splunk when we configured the Gsuite add-on. Is there some json that I need to change on any of the .py files? "log_level": "ERROR",...
View ArticleChoropleth map: Is there a setting that converts decimal data bin values into...
I am facing a issue where one of my Choropleth map dashboard panel is creating decimal data bin values for sequential color mode. Just wanted to know if we there is any setting to convert that into...
View ArticleAttempting to restore a KVStore collection: has anyone seen or successfully...
Hi Everyone, I am currently trying to achieve a quite simple process: set up a scalable way to backup/restore some KVStore collections from production Splunk servers. Following the appropriate Splunk...
View ArticleHow do I search for all the IPs that are located in the domain controller?
This is my first time using Splunk and I don't know many commands. I am looking for a command where I can get all the IPs in the domain controller and their account name.
View ArticleWhy is our new cloned server reflecting an old hostname?
We have a server that was cloned to that have a different hostname. The old server was shutdown and the team is now using the new server with a different hostname. Looking at DS, the name of the host...
View ArticleWhy is my Javascript code not working?
.accordion { background-color: #002B51; color: white; cursor: pointer; padding: 18px; width: 40%; border: none; text-align: left; outline: none; font-size: 15px; transition: 0.4s; } .active,...
View ArticleWhat regex search could I use to find fields that contain exactly 6 digits?
I need to search for fields that contain exactly 6 digits. For example, it should return fields that contain "123456". I'm currently trying regex_raw="\d{6}" but I think I'm missing something or doing...
View ArticleHow to extract multi-valued fields from XML?
I have a XML file with multi values on a specific tag (below). ![alt text][1] I need to extract the attributes (NAME and CLASSORIGIN) and the VALUE , ignoring the rows without the tag VALUE. I loaded...
View ArticleSeeing all the forwarded data on indexer but universal forwarder is saying...
Hi splunkers , I have forwarded the data using universal forwarder to heavy forwarder and then to indexer , where i am seeing all my data of agent server. But, the problem is I don't know why UF is...
View ArticleAttempting to restore a KVStore collection: has anyone seen or successfully...
Hi Everyone, I am currently trying to achieve a quite simple process: set up a scalable way to backup/restore some KVStore collections from production Splunk servers. Following the appropriate Splunk...
View Articletimechart count for last status=up, each month
So, I've simplified my real problem down to this example with as few variables as possible. I wish I could simply alter the manor which the data is coming in, but, I can not, so I need a solution via...
View ArticleWhy is restarting Splunk messing up my dashboard libraries ?
I have added libraries on my search app like JQuery-UI and Font Awesome icons that I use in my dashboards. But, for some reason, every time I restart Splunk or the search head, the dashboards say they...
View Article