Quantcast
Channel: Questions in topic: "splunk-enterprise"
Browsing all 47296 articles
Browse latest View live
↧

How to match two values from a lookup table and a search

I have a lookup table with a list of usernames that have logged in to a website last year in 2015, and I'm trying to match logins from another search with any usernames that exist in that lookup table...

View Article


Unable to edit permissions of a Report that I created

I created a report today and tried to share it, I set the shared for Read Only to everyone just to make sure they would be able to view it. But they were unable to view it because the report is...

View Article


job_management page "| (This job cannot be viewed in the UI) "

Which kind of jobs running as splunk-system-user generate this kind of searches? For instance the "| subsearch" are a bit elusive but we can always kick off the job inspector to get the original search...

View Article

change charting.chart.showDataLabels font size

Hi, I'd like to change the font size of data labels of bars/columns. I couldn't find any CSS class id to the element. I'm currently stuck, any suggestion would be appreciated. Thanks.

View Article

I'm trying to generate a list of users whose accounts will expire within 30...

I'm trying to generate a list of users whose accounts will expire within 30 days of today date. I first download the Active Directory users to a csv lookup table using ldapsearch. Then I turn the...

View Article


Splunk not supported in Internet Explorer 11

Hi, strangely, i'm using Internet Explorer 11 and I'm unable to browse Splunk even though the web browser is supported by Splunk. I then click F12 in Internet Explorer to open the inspector and check...

View Article

Splunk KAFKA modular input - does it support kafja 0.9 or above

I need this version of KAFKA for the security features added - specifically client authorisation/authentication to control access to topics

View Article

How to get the rest of values from the search?

I've two search queries. two queries will return common fields Event & UUID. I've to get the results from first search which are not present in the second query. Query 1:...

View Article


I have a question regarding correlation searches

How to find correlational searches that can migrate to data model.

View Article


Extract field multiline event without patterns

Hi, I'm trying to extract some lines from a multiline event, for example: 2016-05-17T19:40:37,022 INFO [00000033] :sassrv - 16 PROC SQL; 2016-05-17T19:40:37,023 INFO [00000033] :sassrv - 17 CREATE...

View Article

Tracking users by IP address for failed login attempts

Hi, We need assistance in finding failed login attempts by IP address, this is because we recieved an alert for failure login attempt for "Admin" user? Is there any way we can track IP address from...

View Article

Event with multiple date strings (_time)

I've an event with multiple datestrings, it looks like this: 2016-06-01 15:31:31 INFO -...

View Article

Splunk app for Exchange does not find data in indexes

Hi My new installation of Splunk app for Exchange in a distributed environment does not find data. if i do a manual search = index=msexchange eventtype="msexchange-mailbox-usage" i do get results, so...

View Article


Modifying Timechart Span Snap

Hello! I've been playing around with the `timechart` command and spanning, however there is an issue I'm having when I'm trying to use it to match a chart I'm defining with the `last 7 days` timespan....

View Article

Server error on installing applications via splunk web

Hi, On attempting to install apps from the browse section in the web front end, the UI model throws a server error. In the backend logs, this is what I see, ==> /opt/splunk/var/log/splunk/python.log...

View Article


No results in correlation search caused by no fields extractions

Hi all, i wrote this query that shows me when certain SSIDs are matched. sourcetype=rogap SSID="*skynet*" OR SSID="*skymobile*" OR SSID="*skyguest*" | table src AP_name MAC SSID channelNumber location...

View Article

Minimum Free Disk Space

Hi, I'm getting the following error message when trying to search: Search not executed: The minimum free disk space (5000MB) reached for /opt/splunk/var/run/dispatch. user=my_user On the searchhead...

View Article


Correlation of events

Hi! Is it possible to create a correlation of fields over several different events? For example, I have to find all users who have 2 definite IPs in different events. So IP2 doesn't relevant and I have...

View Article

How to split props/transforms from standalone to a distributed environment?

I've got a multi-character delimited file, which looks something like this: "27-MAY-16 04.25.26.746000...

View Article

Possible to run Splunk on Windows and Linux in the same environment?

Hi there, I would like to know if it's possible to have Splunk instances running on linux and windows in the same environment. We currently have an environment which runs splunk on x86 linux centOS...

View Article
Browsing all 47296 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>