I had to modify splunklib/binding.py to make...
After calling Just to get the simplest use out of numpy, I had to change in splunklib/binding.py import ssl to from OpenSSL import SSL ...SSL in capitals. Now I don't know if there will be a run-time...
View ArticleHow to configure splunk enterprise in distributed environment
We need to install Splunk Enterprise in one windows machine (server) , which can read all the logs files ( generated inside in machinne itself in directory) and many other windows OS users (clients)...
View ArticleHow to extract the one time header on top of the real header.
Hi, I'm new to splunk and would like some help with tackling my task at hand, - NO INDEX DATE STIME ETIME REP ACTIVITY RESULT ID TYPE PLACE 17892 4/10/2015 14:13:48 14:14:03 15 CYCLE_REP GOOD NONE...
View ArticleSplunk not indexing milli seconds
Hi All, I configured an input in which the timestamp field is in format 20180830112930314 (%Y%m%d%H%M%S%3N). The same has been configured in props.conf on Splunk Indexers but still I am seeing event...
View ArticleStream Metrics to Azure Event Hub to be pulled By HF
I'm using an HF to pull log/metric data from Azure event Hub, I know how to stream Activity log/diagnostic logs to Azure Event Hub, but I don't understand how can I stream Metrics to Azure Event Hub,...
View Articlecommon sql query to have for multiple sites dashboard with same metrices
I have a server in 30 sites which each sites have a same dashboard with same metrics but host will be in different(thats not a prbm and it will be passed from input). if any changes is needed there is...
View ArticleNo Data input following 7.1.2 upgrade on 2008 server
Hello, I have upgraded my Splunk Enterprise 6.5.1 to 7.1.2 on a Windows 2008 R2 (https://answers.splunk.com/answers/672130/splunk-win2008r2-upgrade-65-to-71.html for my last thread). I have enabled the...
View ArticleHow to color one cell in a table BASED on the value of other cell in xml?
I have two fileds: Value and Status Value contains the actual numeric value and Status contains the state (Green,Amber,Red) in textual format. I need to change the color of value field based on the...
View ArticleHow search by unicode value?
Hi, I have the following example record: 30/08/2018 13:30:27.996;VM1;ASH;AccessModule;processPacketBuffer;MSISDN;xxxxxxxxxxxx;;INFO;;;Return Access ;...
View ArticleTenable Python Error
Hi, I've installed splunk-add-on-for-tenable both 5.1.2 & 5.1.4, but neither work. Al I see in the ta_nessus.log is: 2018-08-30 13:20:31,950 INFO pid=6088 tid=MainThread file=nessus.py:main:260 |...
View ArticleOverride sourcetype and redirect to another index
Hi Guys, I want to override sourcetype for all events before being indexed and redirect some of those events (those with ERROR) to another index with the overridden sourcetype. So I need events to be...
View ArticleSplunk Add-on for Cyberark XSL file is faulty?
Can someone explain to me what the idea is behind some of the choices made in the XSL file that is bundled with the Splunk TA for Cyberark? It places the Cyberark "Reason" field in both the cn2 part of...
View ArticleHow to add training-test split line in my forecast chart
Hello Splunkers, I created my forecast chart in Splunk Machine Learning Toolkit and I want to add a training-test split line as I can see in the showcases of "Forecast Time Series". In addition, I...
View ArticleHelp formatting a table - highest CPU users per hour over a day
G'Day I've got some data I'm pulling out of some events with a search: HOUR - Two digit hour of the day PROCESS - Name of a running process CPU_USAGE - The CPU the process used during the hour What I...
View ArticleI am unable to complete splunk 7.1.2 installation on my Mac OS 10.13. I did...
I followed the procedure mentioned in the third module of splunk fundamentals 1 course to install splunk on Mac OS 10.13. all the steps were completed , splunk short cut icon is created on the desktop...
View ArticleDisplaying results of same search over period of time
I have the following search and am looking to display its results over the past 30 days. It currently shows the results but but only the current day is accurate. Any advice would be much appreciated......
View ArticleMath against two searches
I have two searches that use the same index and each return a numerical total, differing only in the period of time of the data they look at. How would perform math on the search results for example...
View ArticleSNMP -- Correcting date/time output and rogue ap mac address
Hello, I just configured an SNMP-Trap on an RHEL box to send to Splunk. Getting the following output: Agent Hostname: (hostname) \N Date: 5 - 8 - 8 - 9 - 6 - 4461316...
View ArticleTimechart trend over the same interval as the search range
Hi! I have a scenario where we have used "| stats count" and gotten the total number for the range that we picked. This has been working fine but now we'd like to use timechart to get trends. However,...
View ArticleIn "host_regex = /export/data/syslog-ng/(.*?)/messages" , what does the...
In our Splunk forwarder, in the path: /opt/splunk/etc/apps/app01/default we have many stanzas such as: [monitor:///export/data/syslog-ng/sentry*/messages] disabled = false host_regex =...
View Article