support for 6.3 and 6.4 for Splunk for Blue Coat ProxySG?
https://splunkbase.splunk.com/app/245/ shows only Splunk 6.0 and 5.0 as supported. What's about 6.3 and 6.4? best regards Ulrich CLARA
View ArticleHow does Splunk on MS Windows 2012 assign permissions to folders, subfolders...
Last Friday we ran a remote PowerShell script that reached out 1000+ universal forwarders to add a new forward-server to each of them. We know of four servers where...
View ArticleIPv6 lookup
I am trying to lookup IPv4 AND IPv6 Subnets using a lookup file This works fine for IPv4 setting match_type = cidr(ip) This does not seem to work for IPv6 addresses and ranges In the search IPv6 seems...
View ArticleStandalone Indexer
Hi, all. I am looking to add an indexer to my existing environment that consists of 1 dedicated indexer and 1 dedicated search head. I do not wish to enable clustering as I simply want to introduce...
View ArticleDifferences in eventcount results and 'real' search counts.
Hi. A site we are on has attemtped to migrate data from one splunk cluster to another. We've come in late to help and have fixed most things up but they are noticing a difference in their eventcount...
View ArticleHow to track memory/cpu usage per search execution (on Search Head/Indexer)?
Hi I am looking for a way to track memory/cpu usage per search execution on search head and indexer. I thought I could use _introspection index to track it, but I can not find process resource...
View ArticleHow to correlate IPS and firewall logs based on source IP and TIme?
I have two different sourcetypes, one is IPS and another is Firewall. The results to be follow below rules. Aim is to retrieve results if outside IP was blocked in IPS,Is it allowed by Firewall or not?...
View ArticleExtract field from a complex multi-lines event from log file
Hi pros, I am new with Splunk and trying to analyze a complex log file from a financial application. I want to figure out the fields from a multilines event, here is my log example: 16.02.10 09:20:53 [...
View ArticleCan I install both cluster master and SHC(Search Head Cluster)-deployer on...
I have deployment server to push apps to forwarders, cluster master to push apps to indexers and SHC deployer to push apps to search heads. But I have shortage of machines/vms. **So can I use single...
View ArticleHow to show the eventName which is not up to the threshold in alert email?
The alert is to monitor the number of some events. Which one in these alert reaches the threshold will send the email. But the email only show the events which reach the threshold. I also want to show...
View Articleis there any possibility to get automated dashboard for Cisco ASA logs ?
is there any possibility to get automated dashboard for Cisco ASA logs ? i am using Splunk 5.0.12 and added ASA logs from my local machine, installed cisco ASA app as well. please let me know if we can...
View ArticleSplunk DB Connect 2: Values are not updating for specified raising column fields
Hi All, I have created new input in splunk_db_connect2 and used raising column with field EVENTID and "Specify Timestamp Column" with EVENT_TIME which is associated with EVENTID and MY...
View ArticleExecute Stored Procedure using dbconnect
I want to call a SQL SP on a periodic intervals and index the data returned by SP in Splunk. I have dbconnect 2 app installed. How can this be possible?
View ArticleCan't display Search/Dashboards/Reports
When I enter my app, I can't see any of them.. I see "500 Internal Server Error" instead. Traceback from _internal index: 2016-05-31 10:45:18,971 DEBUG [574d4f1e897f7ed4762f50] _cplogging:55 -...
View ArticleCan I download UBA OVA file for evaluation purpose with demo license?
I am interested to evaluate UBA solution and trying to find away to test it before moving to the next step of buying the license. Can you please guide me how to get access to demo license?
View ArticleForwarder 6.4.1 with Server 6.2.1
Hi guys! I have two questions: 1) Is it possible to use Forvarder ver 6.4.1 if my indexer and deployment servers have Splunk Entervrise ver 6.2.1 2) Which instalation of Splunk forwarder I can use for...
View ArticleError rendering Clustered Single Value Map Visualization visualization
Hi, What could be the issue of the following error using "Clustered Single Value Map Visualization": Error rendering Clustered Single Value Map Visualization visualization. Thank you
View ArticleBest Sourcetype for KV pair
1- How to define the KV pair and delimitation in the source type ? the extract has this form (with 15 KV) k1="v1", k2="v2", ... 2- What extract form do you recommend (JSON ?) 3- is | extract...
View Articletimechart: average out value over missing time
I have bills that come in at irregular periods. Here is an example for 1 type: {name:building1Water, startDate:2015-12-30, Cost:300} {name:building1Water, startDate:2015-09-30, Cost:100}...
View Article