Quantcast
Channel: Questions in topic: "splunk-enterprise"
Browsing all 47296 articles
Browse latest View live

Duplicate values but one key

Hi, I am running into an issue where I have keys and values which will show up once; upon expansion however it shows that there are two values for each key. The only fields that have the two values are...

View Article


Why am I getting a "SSL: CERTIFICATE_VERIFY_FAILED" error despite having...

Add-on is configured to obtain data from Tenable nessusd (Nessus) 7.1.3 [build M20120] for Linux Error in logs ``` [SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed. ``` SSL Connection...

View Article


How to use stats as a filtered self join?

I have groups of events that have the same `GroupID` field. For events matching given criteria I need to find another event with predefined `EventName` from the same group and then `table` together...

View Article

Changes to passwd file in Splunk 7

We’ve started testing Splunk 7 and I noticed that when I make changes to the splunk/etc/passwd file and restart splunkd, a number is getting appended to the line each time. ie....

View Article

Search with different MAC formats in dashboard

Hi Splunkers, I've created a dashboard that searches a MAC address and displays L1-L3 information. My only problem is, the search box only accepts aa:aa:aa:aa format. What is the best way to allow...

View Article


JSON Field Extraction and Charting

I have a sample JSON just like this. {"Domain":"DotComMobile","Metrics":"city","Brooklyn":782,"Bronx":450,"New York":411,"Philadelphia":287,"Chicago":254,"Washington":210,"Silver...

View Article

How to use Splunk JMS app UI to provide MQ connection details to connect to...

Splunk JMS app UI is basically showing to enter connection details for connecting solace queues. In case if I have to connect to MQ queue(where wee have host, serverchannel etc), May I know how to...

View Article

Lookup matching question

enter code hereHi I use the code below In a first version code, I used my code began by | inputlookup append=t NZDL.csv And after there was a lot of | join type=outer host [search index The code was...

View Article


Table row highlighting not working using text comparison for cell value

I have gone through all the answers here, and can not find one that was actually answered with details to make this work. All examples from the dashboard app refer to int values, I have been...

View Article


Need help on LINE_BREAKER,TIME_FORMAT and TIME_PREFIX

I have built a props.conf but when I upload the log file manually it works fine but when the app writes the log the line break is not working. Please advise how to make this props.conf working when the...

View Article

Correct configuration of Cisco Firepower eNcore

For those using the Cisco eStreamer eNcore app and Cisco eStreamer eNcore add-on, could you verify which goes where? I think I missed those instructions in the documentation. Add-on -> HF (linux),...

View Article

mcatalog doesn't work (at least not with the Add-On for Microsoft Windows)

The command recommended by the docs to view all metrics in all indexes is: | mcatalog values(metric_name) But with Splunk Enterprise 7.1.2 and the Add-On for Microsoft Windows, this shows nothing. I...

View Article

Splunk DB Connect 3.1.1 - Why database input for MS SQL server query does not...

i have setup a database input to connect to MS SQL server in Splunk DB connect 3.1.1. My database connection is working fine and I just tested a simple query like "select * from " but no data has been...

View Article


Dbxlookup Functioning

When we call a ```dbxlookup``` in a search query, does the lookup search for the matching filed values in the entire database. While creating a dbxlookup , we just mention the matching fields and the...

View Article

Alert suppression

What is the best way to run a search to be alerted/emailed between 4pm-6am M-F, weekend and holidays? Should the search include the times or be adjusted in the cron schedule or lookup table? What would...

View Article


Configuring Splunk to use MSA

I need to monitor a dir/file on a remote server that does not have Splunk. I have had my IT create a MSA that can run Splunk. Unfortunately the msi GUI installation only allows you to enter Domain...

View Article

Can you hide the Splunk Forwarder service?

I recently ran across some exploit kit modules designed to stymie incident responders by attacking endpoint security agents (Splunk included) and wanted to know if I could hide the Splunk service on my...

View Article


How can I configure Splunk to use my MSA?

I need to monitor a dir/file on a remote server that does not have Splunk. I have had my IT create a MSA that can run Splunk. Unfortunately, the msi GUI installation only allows you to enter Domain...

View Article

Can you hide the Splunk Forwarder service to combat exploit kit modules?

I recently ran across some exploit kit modules designed to stymie incident responders by attacking endpoint security agents (Splunk included) and wanted to know if I could hide the Splunk service on my...

View Article

Data Model Acceleration TSTATS where clause NOT working

The following SPL is returning multiple values for nmds_adapter_survey.iccid when the where clause is set to a value. It should only return the specified value. | tstats...

View Article
Browsing all 47296 articles
Browse latest View live


Latest Images

<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>