Why am I getting the below Error while trying to run .jar file of SPLUNK JAVA...
C:\WINDOWS\system32>cd C:\Users\payal.s\Downloads\splunk-sdk-java-1.6.4\dist\examples C:\Users\payal.s\Downloads\splunk-sdk-java-1.6.4\dist\examples>java -jar explorer.jar Exception in thread...
View ArticleHow do I create an alarm if a value stored in a CSV changes?
Hi, I have a CSV file with the following structure: NAME DiskSerial ProcSerial MachineSerial PC-ID-0007 null BFEBFBFF000306F2 MJ044SGB PC-ID-0088 WD-WX11DC7JHUV0 BFEBFBFF000306F2 MJ044SH9 PC-ID-5177...
View ArticleHow to enable SSL certificate validation using Splunk logging for .net
Splunk logging for .NET can't connect to my Splunk enterprise using Http Event Collector. Other than disable SSL, How to enable SSL certificate validation using Splunk logging for .net.
View Article_TCPRouting and _Syslog Routing to 3rd Party using a HF
Hello, I need to send sourcetypes to my index's as per normal. But I also got to send those same sourcetypes to a 3rd party in Syslog format. I can't seem to get the transforms to send to TCP and to...
View ArticleIs there a way to have Splunk take in data and come up with points based on...
Is there any module or solution within Splunk that can take in any form of data and come up with points based on the data trend all by itself without us trying to tell Splunk what is required? i...
View ArticleUsing an HTTP Event Collector, How do I enable SSL certificate validation...
Splunk logging for .NET can't connect to my Splunk enterprise using Http Event Collector. Other than disable SSL, How do I enable SSL certificate validation using Splunk logging for .net?
View Article_TCPRouting and _Syslog Routing to 3rd Party using a Heavy Forwarder
Hello, I need to send source types to my indexes as per normal. But I also got to send those same source types to a 3rd party in Syslog format. I can't seem to get the transforms to send to TCP and to...
View ArticleWhy am I getting a high Skipped search ratio on f5 networks analytics (new)...
I am getting about a 99% skip ratio for f5 data models that do not complete. The searches take quite some time to summarize the datamodels and I need to adjust the settings most likely. What I am...
View ArticleHow do I match two fields from the same join command?
Splunkers, Search String: `admon-user-lookup-update` | eval src_user = (cn) | fields src_nt_domain, displayName, cn | rename cn as user | join user [ search index=winevents (EventCode=630 OR...
View ArticleWhy is sslRootCAPath required to use CA signed certificates?
I would like help understanding why sslRootCAPath is needed in server.conf. From what I understand, this is just a typical CA bundle that contains all the root CAs that you trust/want to allow Splunk...
View ArticleTA-mailclient ERROR ExecProcessor ... ERROR'NoneType'
I am getting an error message when the TA-mailclient runs, The message is: 10/1/18 11:28:21.682 AM 10-01-2018 11:28:21.682 -0500 ERROR ExecProcessor - message from "python...
View ArticleHow do I count the number of the occurrences / buckets when the given event...
Hello, I am trying to count the time buckets when the specific search returns values and alert on it. My current search looks as follows: index=mlbso sourcetype=BWP_hanatraces "Out of memory for...
View ArticleCan you help me create a service account log-in alert?
Hello all, I have a service account (Account_AB) that should only log into a particular server (Server_A). We are getting AD logs into our Splunk instance. How would I go about setting an alert to...
View ArticleHow do we make a report with the volume of all the logs that are currently...
Hi Team, We need a report with the volume of all the logs in Splunk. for example : how much is log1 consuming every day for the last 30 days? time log1 log2 log3 log4 aug 1 36gb 32gb 39gb 40gb aug 2...
View ArticleHow do I combine multiple sources and source types?
I am trying to get the Instance_ID source IP,source port ,security group ,destintion IP,destination port and its security group of the AWS data, but all of the fields are from different source types...
View ArticleCan anyone help me with the following TA-mailclient "ExecProcessor" ERROR ?
I am getting an error message when the TA-mailclient runs, The message is: 10/1/18 11:28:21.682 AM 10-01-2018 11:28:21.682 -0500 ERROR ExecProcessor - message from "python...
View ArticleHow to find raw events coming to HEC?
I am trying to find the raw data hitting HEC that results in parser issues. These events are supposedly dropped need to know what exactly in the message is causing it. I have tried enabling debug log...
View Articletransforms.conf regex extract strange fields with value $2
my `transforms.conf` has such lines [api-param] REGEX=^(\w+)=(.+?)\n FORMAT=$1::$2 `props.conf` [api] TZ = Europe/Moscow MAX_TIMESTAMP_LOOKAHEAD = 25 BREAK_ONLY_BEFORE = ^\d{4}-\d{2}-\d{2}...
View ArticleWhy are we seeing an issue with an EXTREMELY busy forwarder bogging down our...
Recently, indexing from that particular forwarder has gotten to be even slower, sometimes falling hours behind. I'm curious as to what the recommendation from the community may be: 1. Configure...
View Articlehow do I combine " |stats count by host " and "| stats distinct_count(host)"...
I can search for events and run stats count by host. And I can run a search of distinct number of hosts. I want to combine both in one table. I want count of events by host and a count of hosts. I...
View Article