Duplicate values but one key
Hi, I am running into an issue where I have keys and values which will show up once; upon expansion however it shows that there are two values for each key. The only fields that have the two values are...
View ArticleWhy am I getting a "SSL: CERTIFICATE_VERIFY_FAILED" error despite having...
Add-on is configured to obtain data from Tenable nessusd (Nessus) 7.1.3 [build M20120] for Linux Error in logs ``` [SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed. ``` SSL Connection...
View ArticleHow to use stats as a filtered self join?
I have groups of events that have the same `GroupID` field. For events matching given criteria I need to find another event with predefined `EventName` from the same group and then `table` together...
View ArticleChanges to passwd file in Splunk 7
We’ve started testing Splunk 7 and I noticed that when I make changes to the splunk/etc/passwd file and restart splunkd, a number is getting appended to the line each time. ie....
View ArticleSearch with different MAC formats in dashboard
Hi Splunkers, I've created a dashboard that searches a MAC address and displays L1-L3 information. My only problem is, the search box only accepts aa:aa:aa:aa format. What is the best way to allow...
View ArticleJSON Field Extraction and Charting
I have a sample JSON just like this. {"Domain":"DotComMobile","Metrics":"city","Brooklyn":782,"Bronx":450,"New York":411,"Philadelphia":287,"Chicago":254,"Washington":210,"Silver...
View ArticleHow to use Splunk JMS app UI to provide MQ connection details to connect to...
Splunk JMS app UI is basically showing to enter connection details for connecting solace queues. In case if I have to connect to MQ queue(where wee have host, serverchannel etc), May I know how to...
View ArticleLookup matching question
enter code hereHi I use the code below In a first version code, I used my code began by | inputlookup append=t NZDL.csv And after there was a lot of | join type=outer host [search index The code was...
View ArticleTable row highlighting not working using text comparison for cell value
I have gone through all the answers here, and can not find one that was actually answered with details to make this work. All examples from the dashboard app refer to int values, I have been...
View ArticleNeed help on LINE_BREAKER,TIME_FORMAT and TIME_PREFIX
I have built a props.conf but when I upload the log file manually it works fine but when the app writes the log the line break is not working. Please advise how to make this props.conf working when the...
View ArticleCorrect configuration of Cisco Firepower eNcore
For those using the Cisco eStreamer eNcore app and Cisco eStreamer eNcore add-on, could you verify which goes where? I think I missed those instructions in the documentation. Add-on -> HF (linux),...
View Articlemcatalog doesn't work (at least not with the Add-On for Microsoft Windows)
The command recommended by the docs to view all metrics in all indexes is: | mcatalog values(metric_name) But with Splunk Enterprise 7.1.2 and the Add-On for Microsoft Windows, this shows nothing. I...
View ArticleSplunk DB Connect 3.1.1 - Why database input for MS SQL server query does not...
i have setup a database input to connect to MS SQL server in Splunk DB connect 3.1.1. My database connection is working fine and I just tested a simple query like "select * from " but no data has been...
View ArticleDbxlookup Functioning
When we call a ```dbxlookup``` in a search query, does the lookup search for the matching filed values in the entire database. While creating a dbxlookup , we just mention the matching fields and the...
View ArticleAlert suppression
What is the best way to run a search to be alerted/emailed between 4pm-6am M-F, weekend and holidays? Should the search include the times or be adjusted in the cron schedule or lookup table? What would...
View ArticleConfiguring Splunk to use MSA
I need to monitor a dir/file on a remote server that does not have Splunk. I have had my IT create a MSA that can run Splunk. Unfortunately the msi GUI installation only allows you to enter Domain...
View ArticleCan you hide the Splunk Forwarder service?
I recently ran across some exploit kit modules designed to stymie incident responders by attacking endpoint security agents (Splunk included) and wanted to know if I could hide the Splunk service on my...
View ArticleHow can I configure Splunk to use my MSA?
I need to monitor a dir/file on a remote server that does not have Splunk. I have had my IT create a MSA that can run Splunk. Unfortunately, the msi GUI installation only allows you to enter Domain...
View ArticleCan you hide the Splunk Forwarder service to combat exploit kit modules?
I recently ran across some exploit kit modules designed to stymie incident responders by attacking endpoint security agents (Splunk included) and wanted to know if I could hide the Splunk service on my...
View ArticleData Model Acceleration TSTATS where clause NOT working
The following SPL is returning multiple values for nmds_adapter_survey.iccid when the where clause is set to a value. It should only return the specified value. | tstats...
View Article