How do you join 2 tables while showing whats not in table 1?
This successfully shows a combined table with users that are in Table1 and Table2. However, I want to show all users in table1 that are NOT in table 2? How can i do that? | inputlookup table1.csv |...
View ArticlevCPU Core Count Wrong Single Splunk Enterprise Instances
I have a single splunk instance on an Amazon AMI RHEL box. I upgraded instance type from 2vCPU to 4vCPUs and Splunk for some reason cannot see the additional cpus. However it did pick up the memory...
View ArticleDetected unclean shutdown - /home/dbindex/kvstore/mongo/mongod.lock is not...
Hi, I have several errors related to kvstore as: -Failed to start KV Store process. See mongod.log and splunkd.log for details. -KV Store changed status to failed. KVStore process terminated. -KV Store...
View ArticleHow do you generate self-signed certificate for a Windows universal forwarder?
We have a requirement to enable TLS on traffic from a universal forwarder (UF) to a heavy forwarder. We will be using self-signed certificates for this. From the following Splunk documentation, we...
View ArticleHow can I search on a dashboard for all events related to a specific individual?
How can I search on a dashboard for all events related to a specific individual? I have searched this site and the web, with no luck (so far). Thanks. Mac
View ArticleAfter trying to upgrade a cl-master to version 7.0.1, why am I getting the...
Hi, Have any of you seen the message "Could not find new UI modules directory to install" after doing an upgrade of Splunk? Got it when trying to upgrade a cl-master to version 7.0.1. The install...
View ArticleAfter upgrading a single Splunk Enterprise instance type from 2vCPU to...
I have a single Splunk instance on an Amazon AMI RHEL box. I upgraded instance type from 2vCPU to 4vCPUs, and Splunk for some reason cannot see the additional CPUs. However, it did pick up the memory...
View ArticleCan you help me with the following KV Store error: "Detected unclean shutdown...
Hi, I have several errors related to KV Store as: -Failed to start KV Store process. See mongod.log and splunkd.log for details. -KV Store changed status to failed. KVStore process terminated. -KV...
View ArticleOn a modular input built with JavaScript SDK, how do I set and retrieve a...
Hi, I have a customer modular input built with JavaScript SDK. I am trying to set and retrieve a password that is entered on creation of the input. I am looking for assistance on how this endpoint...
View ArticleHow do I prevent duplicate data being indexed from csv files that is...
i have multiple applications that place login information (Logon Date/Time, Logoff Date/Time, userid, etc.) into existing csv files (one per application). I am monitoring these files but when they are...
View ArticleCalling external Python3 via Script
Splunk still uses Python 2.7 internally but has the ability to call external scripts to generate data via [Scripted...
View ArticleHow to load splunk UF on Citrix non persistant system citrix image.
We have a farm of Citrix servers that are built from a Gold image. The systems act as desktops for users. Each night the system is rebooted and it comes up like the day the Gold image was built. All of...
View ArticleHow to send an alert when a Job does not start within expected time?
If JOB1 doesn't start by 4:00 AM then alert should trigger, If the JOB1 starts before 4;00 AM then no issues. we need to mentioned any case command?
View ArticleWhy is output stopping all outputs routing when a 3rd party server goes down?
Hi, I am getting a weird issue. If the syslog server fails, it stops all data being indexed by the default TCP out, and then Splunk fills its buckets and falls over. Am I missing something to set it to...
View ArticleSplunk Architecture : Between Amazon Web Services(AWS) Accounts & VPC's :...
We are deploying hosting to various organizations in our "company". Each organization in our company may consist of numerous apps (100+ and 5,000+ employees). Our intention is to provide these...
View ArticleHow do I prevent duplicate data being indexed from CSV files that is...
i have multiple applications that place login information (Logon Date/Time, Logoff Date/Time, userid, etc.) into existing CSV files (one per application). I am monitoring these files, but when they are...
View ArticleIn Splunk Enterprise, can you help me call an external Python3 via Script?
Splunk still uses Python 2.7 internally but has the ability to call external scripts to generate data via [Scripted...
View ArticleHow do we load a Splunk universal forwarder (UF) on a Citrix nonpersistent...
We have a farm of Citrix servers that are built from a Gold image. The systems act as desktops for users. Each night the system is rebooted and it comes up like the day the Gold image was built. All of...
View ArticleHi , I need your help to set filter between min and max value.
Hi , I need your help to set filter between min and max value. example : want to print value between range ( value >-2 and value < 5 ) I have created two dropdown box create two filter FILTER...
View ArticleHow do I use the tstats command to count field pairs?
Hello everybody, i want to count how often does a specific pair of src-dest appear... something like src, dest, count 10.10.10.10 11.11.11.11 3 10.10.10.10 11.11.11.12 1 10.10.10.10 11.11.11.13 12 I...
View Article