Calculate a number from each entry and present the average of all entries
I have the entries below from different sessions: sessionId="001" data="[{message=timing_stats, data=[{beginF=1550652.855, endF=1550719.130001}, {beginF=1565741, endF=1565787}, {beginF=1574747,...
View ArticleCalculate a number from each entry and present the average of all entries
I have the entries below from different sessions: sessionId="001" data="[{message=timing_stats, data=[{beginF=1550652.855, endF=1550719.130001}, {beginF=1565741, endF=1565787}, {beginF=1574747,...
View ArticleExactly which bytes count as license usage?
I've read various topics on license usage, but I'm still confused about the basic calculation: exactly which bytes count as license usage? A possible answer might be: the number of bytes in the `_raw`...
View ArticleIs there way to group columns of table ?
Hello, I have one requirement in which the data is having grouping on column. I got XSL sheet data as below. During indexing I changed below columns as Prod_Sev1 Prod_Sev2 and so on. But is there way...
View ArticleHow to troubleshoot why Splunk is triggering false alerts?
One of our users says his alert falsely triggered 5 times today. It alerted at 2:15 am, 2:45 am, 3:30 am, 3:45 am and 5:30 am. Alert condition - if number of events is less than 1 Schedule - every 15...
View ArticleI have two Cisco ASAs forwarding logs to Splunk, but why do I not see any...
I've seen similar questions, but the answers are vague or don't seem to apply. I have 2 ASAs forwarding their logs. I can search for one and find log data, but the not the other one. I searched through...
View ArticleWhy is Splunk DB Connect 2 not rotating py_health.log on a Windows Heavy...
Splunk Version: 6.3.3 OS Version: Windows Server 2008 R2 Enterprise 64-Bit DB Connect Version: 2.1.3 It seems when the py_health.log file reaches 10,000KB, it is not rotating out and seems to lock....
View ArticleREST API password
I set the darn thing over 3 years ago and it is not any of my usual passwords. Is there a way to recover the REST API password? I am talking about the one that defaults as "changeme" Also if I can...
View ArticleWinEventLog:Security events got reindexed after a disaster recovery event....
For our office Disaster Recovery plan, we use Hyper-V replication to replicate our servers offsite. Yesterday we had a DR event and brought the replicas online. Two of the many servers decided to...
View ArticleHow to make a drop-down form wider?
Hi, I have a very simple UI question :) The default width of drop-down boxes is too short to display enough information in my use case. Can it be extended? Thanks, John
View ArticleSplunk Forwarding audittrail data to third party system via syslog not working
Attempting to forward audittrail sourcetype data via syslog to our existing SIEM. I have a similar setup already working for non-internal index data, but for some reason, the config does not appear to...
View ArticleWhat is interval -1 in inputs.conf
Input.conf for Template for Citrix XenApp contains interval values of -1. What does the value -1 indicate ?
View ArticleHow to edit my search to exclude results with a value of 0 (zero) for a field?
I want to exclude CompletedConnections with a value of 0 in the below string. sourcetype ______________ | stats count(eval(connStatus=="CLIENT_ACCEPTED")) as ConnectionAttempt,...
View ArticleHow to remove an indexer from the distributed management console?
Hi, I removed some indexers from Splunk, using the `offline` command, but they are all still showing up in my distributed management console, and listed as "unreachable". How do I remove them from the...
View ArticleWhy am I unable to convert a PerfmonMK memory value in bytes to kilobytes...
I am collecting a PerfmonMK dataset that includes a memory value in bytes. I would like to display the value in KB. Normally, I would simply `eval` the value, but that's not returning anything. Is...
View ArticleSplunk Add-on for Microsoft Windows: How to find the cause of missing Windows...
I have searched the Answers site and cannot find an answer to why I get log off events, but intermittently am missing log on events in Splunk. This is a big problem for us and I have opened a ticket...
View ArticleFailed to contact license master: reason='WARN: path=/masterlm/usage: invalid...
We are having an issue with our Splunk installation not being able to run any searches on our Test environment. We see the following message on the search head: Search peer xxxindex01xxx has the...
View ArticleSplunk DB Connect 2.2.0: Why am I getting error "HTTP 402 Payment Required --...
Hi, I'm getting the following error. Could someone help with debugging this? Splunk 6.4.1 DB Connect 2.2.0 [INFO] [mi_base.py], line 187: action=caught_exception_in_modular_input_with_retries...
View ArticleHow to create a new field using eval and display it in a table?
I am struggling to make eval work with table. Check out the screenshot below: ![alt text][1] I would expect this to create a field titled **Event_Detail**, that it would represent the length and that...
View ArticleSplunk Add-on for Nessus: Why am I getting a connection failure to Nessus...
I am trying to connect Splunk Enterprise to Nessus Cloud (scanners automatically upload to Nessus Cloud and are only stored there). After entering the Nessus Cloud URL and the API keys in the add-on...
View Article