Is there some sort of list of which CIM area common sourcetypes fit in?
Hello everyone, There is extensive documentation on what fields need to exist in order to a data source to fit into a certain CIM data model, but as far as I know everyone is reinventing the wheel in...
View ArticleConfiguring Splunk Add-on for Microsoft Cloud Services
I downloaded the following Add-on: http://blogs.splunk.com/2016/04/18/announcing-splunk-add-on-for-microsoft-cloud-services/ I went into "Apps" then selected "Install app from file" and directed it to...
View ArticleSplunk Add-on for Microsoft Azure: Is it possible to pull more than 1000 rows?
Is it possible to pull more than 1000 rows? I see in your code you have it limited to 1000 per request. This is a problem if you are attempting to use the app to pull event logs from Azure as you could...
View ArticleHow can I get an Ideal BurnDown line on a chart in Splunk?
I have a requirement to add an ideal Burndown line on a chart that shows a constant decrease in value of Y across a specified time interval. To be more precise: I want to get a BurnDown line in the...
View ArticleHow to do drop-downs for Pivots with multiple lines on the graph?
So I'm trying to do a drop-down bar for a graph. I got it working with multiple drop-downs for one graph, but that graph only has a singular line. Would it be possible to do drop-downs for graphs that...
View ArticleHow do I get data from my Cisco switch into Splunk?
I am new to Splunk. I have set it up on my server, set up an indexer, and set up the logging in my switch, but I have no data. I do not see the option for Cisco:ios. How do you install the technology...
View ArticleHow to connect to a cloud based application to pull logs into Splunk via REST...
What would the steps be to connect to a cloud based application to pull logs via API into Splunk? I am trying to learn how to use this function of Splunk and not sure where to start and the...
View ArticleHow to create a table with number of visits by day in a log file?
Ex: ![alt text][1] I'm trying this, but it's showing number of visits per day and user. index=... | chart count over date_mday by User Data : "datetime","user"... Thanks. [1]:...
View ArticleSplunk DB Connect 2: How to troubleshoot error "Script execution failed for...
Error in 'script': Script execution failed for external search command 'dbxquery' My Setup: I just recently set up a local instance of Splunk Enterprise on my computer. Version: 6.4.1 I also just set...
View ArticleWhy is the Linux Auditd app unable to see all indexes?
Hi, We are trying to set up the Linux Auditd App on one of our Search Heads. Currently, there are two Indexers getting Auditd related data and both have linux-auditd and TA_linux-auditd Apps installed....
View ArticleHow to add an escape \ to a value?
Greetings, I am using a form and the dynamic inputs is a table of usernames. The search results in `Domain\username`. I would like to use the results as a token in the next panel, but in order to do...
View ArticleHow does Livestatus work in the integration of Nagios and Splunk?
I'm running into incomplete documentation or irrelevant situations in trying to understand this, so I need help in straightening my definition of this environment. I have an instance of Nagios, an...
View ArticleHow do I edit my search to make columns display running totals?
My search is: index=4_ip_sql source=CNVIP101 Priority=3 Quality=192 (Message="*full*" OR Message="*stop*" OR Message="*halt*" OR Message="*fault*") date_wday!="Saturday" date_wday!="Sunday" | eval...
View ArticleHow to configure transforms to monitor only (2) EventCodes and filter out...
Using Splunk 6.4.1 I am trying to monitor the WinEventLog://Security; however, I only need to monitor two EventCodes (4732 and 4624). Additionally, we are looking to remove all service accounts from...
View ArticleHow would I go about using Splunk to analyze new builds before we push them?
My team is looking to use Splunk as a way to analyze new builds before we push them to check for any significant changes in total boot time, individual job time, I/O throughput etc. We'd then like to...
View ArticleSplunk Enterprise Security Incident Review: Why am I unable to send a job to...
Hello--- I am looking to generate a search for notables over a long time period. This is a long and an intensive search, so I would like to send the search to background to complete. But when I try to...
View ArticleShould I use Splunk Health Check Overview, Fire Brigade, or the Distributed...
We are building out our new Splunk environment and I wanted to see what everyone else might be using to monitor their health across the environment. We are going to be distributed, so monitoring one...
View ArticleURL Toolbox: What is the most efficient way to map URLs with IPs to...
Using URL Toolbox to parse out ut_domain for varying levels of analysis - I've come up with a couple of different ways to map ut_domain to some meaningful name instead of winding up with a timechart of...
View ArticleSplunk Enterprise Security: How to remove a notable event from the "Security...
I have a notable event seen in Splunk Enterprise Security's _Security Posture_ dashboard. I have reviewed it and determined it to be a false positive. I want to remove it from view on the _Security...
View ArticleWhat is the difference between the "srchJobsQuota" and...
What is the difference between the "srchJobsQuota" and the "cummulativeSrchJobsQuota" setting in the authorize.conf role stanzas? Should one or both be used to set the search quota for the role? Thanks.
View Article