How to parse Apache access logs in Splunk
Hello All, We have the Apache access.log and am not able to parse it, first i used the "access_combined_wcookie" standard sourcetype but it wont work and am tried the tranforms.conf and props.conf file...
View ArticleHow to filter my search that finds VPN User Session Count by Country to only...
I have this search which shows the user sessions count by Country for the date range specified. I am trying to filter only on those users that have sessions in multiple countries. Any suggestions?...
View ArticleWhy is my Splunk REST API search not working and getting error "curl: (56)...
Hi, I have the following rest call on a new 6.4 environment, and it's coming back with error: curl: (56) Failure when receiving data from the peer Not sure what's wrong... curl -k -u admin:pass -k...
View ArticleHow to troubleshoot error "A script exited...
I get this error every hour at my installation:> msg="A script exited abnormally" input="./bin/scripted_inputs/deploy_splunk_ta_netscaler.py" stanza="default" status="exited with code 1" Any idea on...
View ArticleSplunk Support for Active Directory: How do I populate a drop-down list with...
I am trying to populate dropdown list with ldapsearch. I haven't used ldapsearch yet, so I'm having trouble getting started. First of all, how do I run a search to pull all names in (see screenshot)...
View ArticleWhat is the best way to parse and index Office 365 user logs in Splunk?
What is the best way to integrate O365 users logs with Splunk? Is there an app to do it? I saw few apps for O365, but not sure if any of them would achieve of what I was looking for. I want to ingest...
View ArticleHow to visualize periodic website health check results in a Splunk dashboard?
This seems like a very common use case, to simply visualize results of some health checks against some system (like server, website, service, ...) but I can't figure out how to do it in a Splunk...
View ArticleHow to display the difference between the results from two different searches?
I display two different graphs by using the following strings. "Sending" earliest=-7days | eval gigabytes=((bytes/1024)/1024) | timechart span=1day avg(gigabytes) AS "Gigabytes sent" "Receiving"...
View ArticleIs there a way for me to run as a certain user without having that user's...
All, Our Splunk is Active Directory integrated. I have a user overseas who is stating that he cannot take certain actions (schedule real time searches). Other users with identical groups can. Is there...
View ArticleGet max count for every hour
Hi, I'm trying to get the system with the most number of logs (usage) for every hour. I did a search for `eventtype="centralizedlog" | bin span=1h _time | eval date_string=strftime(_time,"%d/%m/%y...
View ArticleShould the Lookup Table be using the column name "URL" instead of "yourURL"?
If I don't switch this, than the URL panel on the Vote! Dashboard doesn't display properly.
View ArticleExtraction of field multiline ACTION for sourcetype oracle:audit:text problem
Hi Splunkers, I have run into an issue when using Splunk_TA_oracle (v3.3.0 & v3.4.0) to analyse audit log data from Oracle databases (11g & 12c). If the data that should be extracted is over...
View ArticleCustom Macro or Command via Ruby?
All, A vendor just sent me this script to decode their vendor message table. Its not just a simple lookup but a concatenation with several events. I see guides on Python, is that the only supported...
View Articlejms modular input app - mixed key value and json event data
I am using the jms modular input app v1.5, and have configured it to successfully read from the queue. But the events have a mixed format - jms header as key value and jms body as json. I understand...
View Articleis it possible to edit results in table?
hi i want to edit fields after splunk produces results for eg query index=info |table roll_number name result 001 mark storm 002 emma stone now my user should be able to edit results directly from...
View Articlestore/caching stats for long time chart and timechart
Hi Splunkers We have an ever growing pile of dashboards where we like to compare old statistics. is it possible to force bin/chart/timechart to store its older stats so we can just append the delta...
View ArticleIs there max limit for output appended lookup?
we currently scheduled an alert to run a dns lookup and append the results to lookup csv...something weird came up. most data are pushed to the csv..but few of them did not make it. I dont understand...
View ArticleHow can I check for events from a host in a list of "critical hosts"?
I have a list of hosts; I need to see if these hosts appear anywhere in my Splunked events. It is a very long list, so I don't want to type a search like this: host=a.domain.com OR host=b.xyz.com OR...
View Articleremove duplicate on two query with two differents fields but with same data
Hello ! I launch a query with append to put the results of two query together on different field but then i would like to remove the duplicate on these results : First LOG : 24/05/2016 11:33:19,719...
View Articleremove duplicate on two query with two differents fields but with same data
Hello ! I launch a query with append to put the results of two query together on different field but then i would like to remove the duplicate on these results : First LOG : 24/05/2016 11:33:19,719...
View Article