Splunk dB connect and HEC will work on same https port ? If so how can we...
I want to test Splunk dB connect app and http event collector both works on same https port ? Any help will be appreciated.
View ArticleDate not parsing correctly.
I have 2 splunk environments a DEV and PROD. I am send events from same syslog source. I have this date parsing: TIME_PREFIX=severity\=\d+\| MAX_TIMESTAMP_LOOKAHEAD=22 TIME_FORMAT=%Y-%b-%d %H:%M:%S TZ...
View ArticleTrack user session from VPN to Windows server(s)
I would like to to be able to track a users login session from VPN and then login to a Windows server(s). User login scenario: VPN login --> Windows Server Login --> Windows Server Login VPN...
View ArticleSearch by user request parameter in Splunk Dashboard
I have a event created which is returning Jason data after search : eventtype="my_new" Data returned after this search : data:...
View ArticleAudit modifications to search head cluster
I need to create a query to reveal who changed which objects on the search head cluster when (excluding modifications to personal items). My query so far is: index=_internal...
View Articlewebsite-monitoring 271 The read operation timed out
When I am trying to add the new URI, I keep getting below error. Encountered the following error while trying to save: `Splunkd daemon is not responding: ("Error connecting to...
View ArticleNeed Report of users using XabAB_TBBBBB_Dashboard in Splunk Report Window :...
Looking for query where we can find users using the dashboards .Since when Iam trying to find by using below query it gives wrong results .Thanks in advance :) index="_internal"...
View ArticleHow to determine sendmail issue
I am getting an error after settign up email alerting The error I get is: 08-29-2018 15:33:19.626 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python...
View ArticleWhy is my Remote File & Directory input not automatically inputting data?
I currently have a Remote File & Directory Data Input on the following log '`C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx`' If I disable...
View ArticleLDAP configuration: cannot login with domain user
i installed my splunk in linux, i have 2 HF and one indexer all of them are linux based. i want to login to my indexer with domain user. I configure LDAP in my indexer and it is ok. My user has...
View ArticleHow to extract multiple values from a multi-value field and use these in a...
I have a multivalue field (custom_4) separated by dollar signs that I have separated in to separate values with the below search. However, that only separate each value to a different line on the same...
View ArticleWhy is date not parsing correctly on my search head cluster?
I have 2 splunk environments a DEV and PROD. I am send events from same syslog source. I have this date parsing: TIME_PREFIX=severity\=\d+\| MAX_TIMESTAMP_LOOKAHEAD=22 TIME_FORMAT=%Y-%b-%d %H:%M:%S TZ...
View ArticleHow do I track a user's login session from VPN to Windows server(s)?
I would like to to be able to track a users login session from VPN and then login to a Windows server(s). User login scenario: VPN login --> Windows Server Login --> Windows Server Login VPN...
View ArticleHow to audit user modifications to search head cluster?
I need to create a query to reveal who changed which objects on the search head cluster when (excluding modifications to personal items). My query so far is: index=_internal...
View ArticleCan you search for users who are using a dashboard between certain dates ?
I'm looking for query where we can find users using the dashboards. The report I need is of users using XabAB_TBBBBB_Dashboard in Splunk Report Window, between the 20th August - Till Date. But when I...
View ArticleSeparate the count of two fields into ranges
Hi - I have a dataset which contains two scan dates fields per server. There are 50000 events in the dataset, one event per server. hostname, days_since_hw_scan, days_since_sw_scan server1,2,3...
View ArticleCalculate average of events and compare from multiple log files
I want to create a query based on below scenario : 1. There is an event "Login" on different source files. Calculate the average of "Login" event from each source file and then calculate average of...
View Articlesed replace command replaces too much
I need some help figuring out why my sed replace command is replacing all of the text to the end of the event in Splunk rather than just the specific text I had it look for. As part of a...
View ArticleSplunk_TA_nix not working
Hi, I'm having troubles with TA_nix application installed in RHEL 7, Splunk version 7.1.1 . I'm getting the data from my server that have TA_nix installed; also my Splunk server (single instance) have...
View ArticleWhat is the maximum length for a field name?
I have a library for creating application event logs formatted as key-value pairs. It allows the caller to create arbitrary keys to include some attribute into the logging event. What is the maximum...
View Article