How to match two values from a lookup table and a search
I have a lookup table with a list of usernames that have logged in to a website last year in 2015, and I'm trying to match logins from another search with any usernames that exist in that lookup table...
View ArticleUnable to edit permissions of a Report that I created
I created a report today and tried to share it, I set the shared for Read Only to everyone just to make sure they would be able to view it. But they were unable to view it because the report is...
View Articlejob_management page "| (This job cannot be viewed in the UI) "
Which kind of jobs running as splunk-system-user generate this kind of searches? For instance the "| subsearch" are a bit elusive but we can always kick off the job inspector to get the original search...
View Articlechange charting.chart.showDataLabels font size
Hi, I'd like to change the font size of data labels of bars/columns. I couldn't find any CSS class id to the element. I'm currently stuck, any suggestion would be appreciated. Thanks.
View ArticleI'm trying to generate a list of users whose accounts will expire within 30...
I'm trying to generate a list of users whose accounts will expire within 30 days of today date. I first download the Active Directory users to a csv lookup table using ldapsearch. Then I turn the...
View ArticleSplunk not supported in Internet Explorer 11
Hi, strangely, i'm using Internet Explorer 11 and I'm unable to browse Splunk even though the web browser is supported by Splunk. I then click F12 in Internet Explorer to open the inspector and check...
View ArticleSplunk KAFKA modular input - does it support kafja 0.9 or above
I need this version of KAFKA for the security features added - specifically client authorisation/authentication to control access to topics
View ArticleHow to get the rest of values from the search?
I've two search queries. two queries will return common fields Event & UUID. I've to get the results from first search which are not present in the second query. Query 1:...
View ArticleI have a question regarding correlation searches
How to find correlational searches that can migrate to data model.
View ArticleExtract field multiline event without patterns
Hi, I'm trying to extract some lines from a multiline event, for example: 2016-05-17T19:40:37,022 INFO [00000033] :sassrv - 16 PROC SQL; 2016-05-17T19:40:37,023 INFO [00000033] :sassrv - 17 CREATE...
View ArticleTracking users by IP address for failed login attempts
Hi, We need assistance in finding failed login attempts by IP address, this is because we recieved an alert for failure login attempt for "Admin" user? Is there any way we can track IP address from...
View ArticleEvent with multiple date strings (_time)
I've an event with multiple datestrings, it looks like this: 2016-06-01 15:31:31 INFO -...
View ArticleSplunk app for Exchange does not find data in indexes
Hi My new installation of Splunk app for Exchange in a distributed environment does not find data. if i do a manual search = index=msexchange eventtype="msexchange-mailbox-usage" i do get results, so...
View ArticleModifying Timechart Span Snap
Hello! I've been playing around with the `timechart` command and spanning, however there is an issue I'm having when I'm trying to use it to match a chart I'm defining with the `last 7 days` timespan....
View ArticleServer error on installing applications via splunk web
Hi, On attempting to install apps from the browse section in the web front end, the UI model throws a server error. In the backend logs, this is what I see, ==> /opt/splunk/var/log/splunk/python.log...
View ArticleNo results in correlation search caused by no fields extractions
Hi all, i wrote this query that shows me when certain SSIDs are matched. sourcetype=rogap SSID="*skynet*" OR SSID="*skymobile*" OR SSID="*skyguest*" | table src AP_name MAC SSID channelNumber location...
View ArticleMinimum Free Disk Space
Hi, I'm getting the following error message when trying to search: Search not executed: The minimum free disk space (5000MB) reached for /opt/splunk/var/run/dispatch. user=my_user On the searchhead...
View ArticleCorrelation of events
Hi! Is it possible to create a correlation of fields over several different events? For example, I have to find all users who have 2 definite IPs in different events. So IP2 doesn't relevant and I have...
View ArticleHow to split props/transforms from standalone to a distributed environment?
I've got a multi-character delimited file, which looks something like this: "27-MAY-16 04.25.26.746000...
View ArticlePossible to run Splunk on Windows and Linux in the same environment?
Hi there, I would like to know if it's possible to have Splunk instances running on linux and windows in the same environment. We currently have an environment which runs splunk on x86 linux centOS...
View Article