Proxy Settings in Splunk Add-on for AWS
Hi, I am using the Splunk Add-on for AWS app to ingest data from SQS/S3. One of the requirements is that the traffic is done through a proxy. I noticed from the Splunk Add-on for AWS web UI there are...
View ArticleSQL db input gets auto disabled multiple times.
Hi, one of my db input in DB connect gets auto disabled multiple time even after manually enabling the input. When I check the connection everything seems to be good. Is there a way I can check from...
View ArticleOn Forwarder: WARN AdminHandler:AuthenticationHandler - Denied session token...
I am seeing messages like this: 09-05-2018 13:23:47.416 -0400 WARN AdminHandler:AuthenticationHandler - Denied session token for user: splunk-system-user 09-05-2018 13:23:47.429 -0400 WARN...
View ArticleHow can I parse this JSON with SPATH
Hi can someone help me parse the json below with spath? I haven't been able to get it to work. For example i'd like to get the value for reporter.displayName = "Bob" parsed into a field. {...
View ArticleI need to compare two results based on one part of a field ( and not the...
I have search A which gives out results like field A, field B , field C, where field C is a combination of two halves like part 1.part2. Now, I want to compare/combine the results of this search with...
View ArticleWhy am I unable to read logfiles?
I am trying to read log files from a server. I have made all the configuration in Splunk but data is not coming in Splunk search. When I checked Splunk's internal log, I got a permission denied error...
View ArticleClik here to view.
Can i use job.resultCount in splunk 6.2.14
Hi All, I am new to splunk and facing an issue with assigning token value based on condition. I'm using the following code Image Overlay with iconshost="swaroops-MacBook-Pro.local" "Total Records...
View ArticleRemove excess buckets via REST API
we have some problems with excess buckets from time to time and I am writing a python program to check for excess buckets and then I want to take that list and purge them. In the documentation I see...
View ArticleWhy is the parsingQueue blocking on only one server?
Out of 19 windows servers running the same services, there is one server that keeps on blocking at parsingQueue. I have increased the size to 30MB while the others remain under 10MB, but it keeps on...
View ArticleWeb Activity Dashboard is empty
Running the latest PAN FW App and Add On Splunk 7.02 I followed troubleshooting steps to no avail. URLs are reported by a regular search. After a bit of investigation it looks like there's no event...
View ArticlePalo Alto Networks App: why is our Web Activity Dashboard empty?
Running the latest PAN FW App and Add On Splunk 7.02 I followed troubleshooting steps to no avail. URLs are reported by a regular search. After a bit of investigation it looks like there's no event...
View ArticleHow do we separate Splunk logs from different groups?
Whats the best practice in case of having different groups, where each group doesn't want to see another groups logs, but they have the same assets. All of them have Cisco switches,Linux servers... How...
View ArticleHow do you search for Event Types that return no results?
I have a list of EventTypes I'm searching for based on a standard naming convention. I want to be able to return a list of EventTypes that have not occurred in the given time frame. Right now my search...
View ArticleCisco Nexus 9k Add-on: collect.py ERROR: __init__() got an unexpected keyword...
Hi, I installed and configured Cisco Nexus 9k Add-on. However, I got an error like this: **Nexus Error: Not able to Execute command through NXAPI: __init__() got an unexpected keyword argument...
View ArticleHow do you search for event types that return no results?
I have a list of event types I'm searching for based on a standard naming convention. I want to be able to return a list of event types that have not occurred in the given time frame. Right now, my...
View ArticleEscaping Double Backslash in Rex/Regex Command
I'm having some serious difficulty in figuring out how to escape a double backslash within the REX/regex spl command.. The following regex works on regex101...
View ArticleClik here to view.
Can i use "job.resultCount" in Splunk 6.2.14?
Hi All, I am new to Splunk and am facing an issue with assigning token value based on condition. I'm using the following code: Image Overlay with iconshost="swaroops-MacBook-Pro.local" "Total Records...
View Articlednslookup not working
trying to use "lookup dnslookup clientip as dvc OUTPUT clienthost AS dvc" within a search on a dashboard. Some of the "dvc" entries already show as hostname rather than IP which is causing issues. I...
View Article*.nix app for Unix
Hi all, I have been through the forums and I have made sure sysstat is installed and is working.. I am able to issue all of the .sh commands in bin directory and index=os | head 20 shows up blank.......
View ArticleHow to change two parts of a search query based on input selection?
I have a column chart that needs to update based on the input selection (Hour/Weekday/Month - aka $field4$). I've managed to get it to update one part of the search query, but I need it to update two...
View Article