How to pull data from SharePoint to Splunk
I needed to pull asset data from SharePoint to Splunk as a lookup table to feed into Splunk Enterprise Security. I looked at the Splunk add-on for SharePoint, but it's more for the integration of the...
View ArticleIs it possible to generate data input files for Splunk (eg, delimimited/CSV)...
In my corporate, enterprise Splunk environment I do not have admin rights. As I am still modeling with many different sources and types of input data (such as transaction, configuration, application,...
View ArticleConfiguration dashboards are empty after upgrading to 6.5.1
I upgraded to 6.5.1 and I the "Configure Streams" "IP Address Filters" and "Distributed Forwarder Manager" dashboards do not populate with anything except static data. Even though it is compatible with...
View ArticleBlacklist a Universal Forwarder
This should be relatively simple but I cannot find discussion or documentation on it. I suspect that Splunk assumes if a UF is installed, the data is wanted. The problem is that there is a UF out of my...
View ArticleWhat _bump do?
I saw an explanation of the "refresh", up the .conf files. And I found the _bump command, but do not know what it is for. Can someone help me? Thank you!!
View ArticleHow to edit my search to calculate time availability based on gaps between logs?
I would like to calculate availability time based on gaps between logs so far I have this: index=servers sourcetype=servers_data HostName=examplehost | streamstats current=f last(_time) as last_time by...
View ArticleCan "Splunk Add-on for OSSEC" and "Reporting and Management for OSSEC" App...
Hi, We are using Splunk to Index OSSEC data by monitoring the alerts.log file which is also on the same server. Till now, we were using the "Reporting and Management for OSSEC" app and thus, sourcetype...
View ArticleSplunk Showing Finalize for a longer time to Finalize searches - SPLUNK 6.2.6
Hi Team. I am using SPLUNK vesion 6.2.6 and when i run my search in search app, i could see its executing for a while and then it pops up " Finalizing job... " message and not finalizing the search...
View ArticleWhy are the wrong search peers being displayed on search heads after we...
I have 2 search heads, one with site=site1 and the other with site=site2 configured in server.conf. But when I view the search peers on each search head, I see the search peers for site 1 appearing as...
View ArticleHow correlations searches work
----- how to check data model fields and correlation searches are same,.? ----instead of data model i can use correlation search ? Thanks.
View ArticleDoes Splunk recognize when buckets are deleted?
I am doing a simple recovery test and deleted some warm buckets, but Splunk doesn't seem to even realize anything is wrong. Is this normal?
View ArticleWhy am I getting python.log error "handshake operation timed out" trying to...
Problem in pdf generation for dashboards. Got the below exception from python.log. Can anyone please help on this? 2016-06-06 09:55:41,303 -0400 ERROR __init__:478 - Socket error communicating with...
View ArticleHow to collect and index data from Windows servers after installing the...
Hi We have installed **Splunk Add-on for Microsoft Windows** on our Splunk 6.3.3 by downloading the **splunk-add-on-for-microsoft-windows_483.tgz** file and installing it from **Install app from file**...
View ArticleHow to pass hostname to a custom alert script?
I have an alert setup that finds an error which indicates that a service must be restarted. When the alert triggers, I would like for a script to run that restarts the service on the specific host that...
View ArticleHow to match a list of URL strings from a CSV file against indexed data if...
Against my events, I am trying to match a long list (2000 records) of malicious URL strings (e.g., hereisavirus.com) stored in a CSV file. One caveat - I do not have a "field" for URL in my events, so...
View ArticleIs there any way to get the drop-down in a dashboard to perform better with a...
I have a drop-down that pulls unique transaction information across an index - it seems with a larger number of items the dashboard seems unresponsive.
View ArticleHow do I add a plain label to an area on a dashboard with Simple XML?
All, I just wanted to add a couple paragraphs to an area in a Simple XML dasbhoard. Doesn't seem to be a visualization for that. Do I have to convert it to HTML and use a DIV or am missing something?
View ArticleIf I initially run a search, I get no results, but why do I get results...
I'm seeing the following error message, Problem replicating config (bundle) to search peer 'SPLUNKNAME:8089',Reading reply to upload: rv=-2, Receive from=https://SPLUNKNAME:8089 timed out; exceeded...
View ArticleUsing Rex to extract string from event for table
Hi, I'm sure this is very simple, but I'm fairly new to regex and rex. I'm trying to use rex to extract a string from the event logs, and then show that sring in a table. Here is a sample event:...
View ArticleWhy is one interesting field not always displayed, and what change do we need...
I am not always getting one interesting field, even though I have selected all fields from the fields bar on the left side. How does Splunk extract interesting fields by default? Where do we need to...
View Article