Find correlation between nearly static data and a data feed.
I'm looking to find a way to match up info from one data source that only changes once per day, and another data source that changes frequently. Each night we map `user_id` to `computer_id` and that...
View ArticleSometime my dbconnect is to disabled.
I have some problem about db connect v2. Sometime my dbconnect is to disabled. We've: Windows server 2008 R2 JRE java version 1.8.091 DBCONNECT 2.2.0 To turn on, I need stop the java.exe then set...
View ArticleHurricane Labs Add-On for Nessus not working
Hi, I downloaded and installed the latest version of this add-on along with my Splunk universal forwarder on a windows server 2012 machine which has a Nessus professional scanner. I followed all the...
View ArticleWhat should the forwarder ulimit -s be?
When bringing up a new forwarder, it says - WARNING: Stack size limit (ulimit -s) is set low (2097152 bytes) Splunk may not work. You may want to run "ulimit -s unlimited" before starting splunk. We...
View ArticleHow to match the values from different rows on a table and fetch another...
I have a table as follows: __col_a | col_b| user_id__ _000-01 | [null] | [null] [null] | 000-01 | uid01 000-02 | [null] | [null] [null] | 000-02 | uid02_ All I want is to match the values of col_a and...
View ArticleSAML Assertion signature verification failed. Unable to get local issuer...
We are trying to configure SAML integration for our Splunk On-Premise instance with our identity provider. Per the document, when we upload IDP Metadata, Splunk automatically creates "idpCert.pem" in...
View ArticleCorrelation between assets and Vulnerabilities
I'm working with Qualys vulnerability data in splunk. Question: How can I show the correlation between assets and vulnerabilities for four quarters. Several assets are using multiple host ID. Can I use...
View ArticleIssue with Splunk logs splitting
Hi Splunk Community, I currently have an issue with McAfee Intrusion Detection System (IDS) logs splitting into two. This is causing reporting issues within Splunk. If anyone has out any suggestions of...
View ArticleIn Netapp Filer, How to give all capabilities mentioned in doc of "Splunk App...
I am using Splunk App for NetAp Data Ontap, I have configured the filers, setup the data collection node. I am receiving data. But I cross-checked whether or not I am receiving data for all...
View ArticleDuplicate events. WatchedFile - File too small to check seekcrc, probably...
I'm getting duplicate events from files within a monitored folder. The splunkd.log has the following repeating entries: 05-30-2016 16:30:02.297 +1000 INFO WatchedFile - Will begin reading at offset=0...
View ArticleService Now: How to get the correct names of cmdb_ci ?
Hello, I set up the app and add-on for ServiceNow but cannot have the right name for the field cmdb_ci, it'es always something like : f97dcb156fdd1140436a5afc5d3ee4cf I activated all the search for the...
View Articleedit email action on schedule search says page not found
Hi All, I have few schedule searches under an app whose permission is set as "not visible" ( visible=NO ) in SPLUNK Search Head and for these schedule searches when I click on edit email action hyper...
View Articleupload app macos
hi i try to upload an app from my mac os to the splunk base but i get an error : hidden file start with . not allowed i try to remove some file but mac os may not remove it how can i resolve that ??
View ArticleCan't add a second input because of error "Parameter name: UDP port 514 is...
I'm sending all the logs via UDP:514 since some devices don't allow to use a different port. So I created multiple inputs all listening to port 514. Each only accepts requests from a single IP. ![alt...
View ArticleHow to index Azure Table storage data without a valid DateTime column?
Hi, Do someone have experience using the Splunk Add-on for Azure app, and retrieving Azure Table storage data? The problem is getting the table data without having a valid DateTime field in the Azure...
View ArticleHow I capture bind result on LDAP?
Hi Splunk Answers Community. I can view LDAP "bind request" on my logs generated by Splunk App. Although, I cannot see the "bind result". I need to know what the server replied, however, I have no idea...
View ArticleWhy I can't see my data in the Web Analytic App?
Hello there! I'm new with the Web Analytics App for Splunk, and I have some issues with it. I followed the configuration steps to see the data samples, and I did it without problems. Then, I have...
View ArticleHow to define a X axis and submit different datasets
Hello I want to Display the `CPU used` from a Server depending on the users are working on that Server for several Servers. It is working fine for the following query for one server: index="User_Index"...
View ArticleSplunk not able to connect to specific tables of databases
I am facing an issue where Splunk is not able to connect to specific tables of some databases. I am getting the below error in Splunk logs. ERROR:Database - Database validation failed for database...
View Articleaccelerations on an indexer cluster
Hi, I have to implement an indexer cluster, and I have a tsidx file. I didn't find any information in the Splunk documentation about the cluster use with tsidx file. Someone could help me to find a...
View Article