dbinspect VS _bkt
Hello guys, could you let me know the difference in term of buckets between : | dbinspect *search* and *search* | eval bkt=_bkt | table bkt ? It looks like dbinspect returns more results and with wider...
View ArticleSCOM to Splunk
What is the difference between https://splunkbase.splunk.com/app/327/ and https://splunkbase.splunk.com/app/2729/? We are planning to get SCOM data into Splunk, what is the best way to do it?
View ArticleDoes Splunk DBConnect App supports Oracle DB 12.1.0.2.0 database
Does Splunk DBConnect App supports Oracle DB 12.1.0.2.0 database. The database matrix on the user documentation only lists that Oracle DB 11g works with JDBC driver ojdbc6
View ArticleUsing average in maps+ instead of count
While using maps+ the clusters it makes show count of events in it. How can i use average of the values for a particular kpi?
View ArticleSplunk Python SDK - How to call my custom search command only once?
Hi there, I'm developing a custom search command to call a custom rest endpoint using Splunk's Python SDK and the command protocol version 2. The SDK supports the command development pretty well,...
View ArticleHow do I monitor changes to config files?
Hi, brand new user of Splunk here. I'm currently evaluating Splunk enterprise, and need a bit of help understanding why Splunk wont let me monitor a file from IIS called "web.config". I can see the...
View Articlelookup file with multiple fields
I used a lookup file which is configuring like this field1, field2, field3, field4 value1, value2, value3, value4 value10, value2, value3, value4 value11, value2, value3, value4 I would like to obtain...
View ArticleGetting Errors in Splunk 7.1.1 while searching for something
6 errors occurred while the search was executing. Therefore, search results might be incomplete. Hide errors. Error 'Could not find all of the specified lookup fields in the lookup table.' for conf...
View ArticleUnable to start splunkweb or Splunk Service
I have been trying to configure my Splunk instance (on Windows) to be run by an MSA. I was never able to install Splunk and configure it to MSA execution in one single step. The closest I got to this...
View ArticleIs there a way to pull the Sophos Audit Logs as well?
The only way i can view the audit logs is via the console, it would be nice to be able to ship them off with the rest of the event logs
View ArticleHow do you introduce new data inputs into the Splunk Add-on for...
I've recently installed the Splunk Add-on for ServiceNow(SNOW) on my instance and have seen success across all the default settings. The integration with our SNOW instance went off without a hitch, and...
View ArticleWhat is the best way to get System Center Operations Manager (SCOM) data into...
What is the difference between the System Center Operations Manager integration App: https://splunkbase.splunk.com/app/327/ and the Splunk Add-on for Microsoft System Center Operations Manager:...
View ArticleWhy am I getting errors in Splunk 7.1.1 while searching for something?
6 errors occurred while the search was executing. Therefore, search results might be incomplete. Hide errors. Error 'Could not find all of the specified lookup fields in the lookup table.' for conf...
View ArticleWhy am I unable to start Splunk Web or Splunkd Service?
I have been trying to configure my Splunk instance (on Windows) to be run by an MSA. I was never able to install Splunk and configure it to MSA execution in one single step. The closest I got to this...
View ArticleHow would use an internal signed cert with a SH cluster
I have a SH cluster and I would like to import an internal signed cert. Looking for procedures on doing this, I am guessing that I need to import on each SH? I also have a separate ES device that will...
View ArticleHow would you use an internal signed certificate with a Search Head (SH)...
I have a SH cluster and I would like to import an internal signed certificate to it. Looking for procedures on doing this, I am guessing that I need to import it onto each SH? I also have a separate ES...
View ArticleHow can I get state/city when I already have lon/lat in my event?
All, So normally with iplocation and geostat I can lookup State, City etc for heatmaps. How ever with the log I have now I don't have the IP. How ever the log does have long/lat in it already. Anyway...
View ArticleHow to write a search that uses eval to show the difference between two...
I am attempting to write a search which uses eval show the difference between two assignment groups. A number of assignment groups which all begin with ABC. I want to group all of these as 'IDS'.I then...
View ArticleWhy do I see duplicate fields in sourcetype configuration?
Hello Splunkers, I am trying to configure a sourcetype in Advanced section. For example, I create a field alias by creating the key/value: ![alt text][1] [1]: /storage/temp/254920-1.jpg When I perform...
View ArticleIs it possible to edit a sourcetype after its creation?
Hello Splunkers, Is it possible to edit a sourcetype after its creation? Thank you in advance! Afroditi
View Article