Why am I unable to upload a log file locally in Splunk on my Mac? Getting...
I get the above error on both Splunk Enteprise and Splunk Light versions. Installed locally on my Mac PC. Unable to add data through upload feature.
View ArticleSplunk DB Connect 2: Why am I nnable to see new fields when using DB lookup?
Using DB Lookup with Splunk DB Connect 2 and I've got all the data showing up in the preview window perfectly. We are using automatic lookup. However, when we run a search against the matching source,...
View ArticleWhy am I getting error "Cannot find viewstate with vsid="XXXXXXXXX""? while...
I'm trying to save the search, but getting this error: Saved Search - Cisco - Error - Encountered the following error while trying to update: In handler 'savedsearch': Cannot find viewstate with...
View ArticleHow to show percentage of the total on a bar chart?
For each host I have 4 data represented in a bar chart: - OPERATOR 1 FAULT - OPERATOR 2 FAULT - OPERATOR 1 TOTAL - OPERATOR 2 TOTAL I want to represent the data using bar chart in a way that i print...
View ArticleHow do I write this SQL query as a join search in Splunk?
I will ask my question using online forum as an example. It has Event Log that tracks all user actions from login to logout. Contains the following significant fields: `EventTime`, `UserID`, `IP...
View ArticleWhy is duration not calculating correctly for my transaction search? Is there...
I am trying to find the duration of a beginning and ending event using the transaction command. The search I am using is: "WebService Method Call Received for Level 2 Appeal Number" OR "Succesfully...
View ArticleSplunk Add-on for Micsrosoft Cloud Services: Unable to the auto-generated...
Tried using my own cert, but didn't work so I thought I would try to use the auto-generated option instead. I got the JSON file, but when I went to merge it, and followed the steps to remove the extra...
View ArticleHow to edit my WinEventLog blacklist configuration to exclude AccountNames in...
I am trying to remove generic service account names from the Windows Security log, so that we can focus on indexing only the specific user accounts. Am I missing something in my inputs.conf?...
View ArticleHow to edit my props.conf configuration to extract individual events from a...
Can you please tell us how to extract an individual events from json array during the indexing, Sample input: { "Value": [ { "date": "2016-06-10", "applicationId": "app1", "applicationName": "T NOW",...
View ArticleIs it possible to have drop-down choice value as a link to another dashboard?
I have one drop-down on dashboard 1 and dashboard 2 collects the value and runs a search on that. Is there a way to use a link in the drop-down on dashboard 1? MainPage_Drilldown...
View ArticleHow do you view the search used to generate an alert?
Hello-- I am trying to see the search that was used to create a certain alert. Is there a search or dashboard that can be used in order to view the search used to create an alert? Thank you
View ArticlePowershell output containing Curly braces gets parsed as System.String[]. How...
Hello, I hope one of you here can help me out. I have a PowerShell script which is am running via PS modular input. Some of the output is contained in curly braces, for e.g: DNSServerOrder :...
View ArticleHeavy Forwarder tier queues are full. How to determine which configuration...
All, I am looking at the queues on my heavy forwarder tier which I use to proxy all our Universal Forwarders. The queues are looking full lately, it seemed to creep up on us. Any recommendation on...
View ArticleEmail footer does not change after changing the settings
I have modified the Email Footer under Settings -> Server Settings -> Email Settings. I have also tried updating the C:\Program Files\Splunk\etc\system\local\alert_actions.conf and restarting the...
View ArticleHow do I get these three conditions to work in my search for a field output?
I have search output wherein in field **DB_NotBackedup** has 3 values: 1- null value 2- value greater than 3 3- value less than 3 I need out of Backup_Status output missed if 'DB_NotBackedup' has null,...
View ArticleHow to troubleshoot why the SOC Prime SSL Framework for Splunk app is not...
I'm trying to get the SOC SSL Framework app working, but just nothing is happening. How do I start to debug this?
View ArticleSplunk DB Connect 2: "splunk_app_db_connect\bin\mi_input.py" Degrade mode -...
Hello, I recently set up Splunk DB Connect 2 on Windows to access an MSSQL DB with jtds driver. It looks to work fine, but a lot of ERROR is generated like the one I pasted below: 06-16-2016...
View ArticleSplunk App for VMware: Why have three license files installed on our license...
Hi. We have three license files (1x5GB 2x20GB) for the Splunk App for VMware installed on our license master. I assumed that the VMWare app will sum them to 45GB, but instead I receive only 20GB....
View ArticleIs it possible to give "splunk" users the capability to edit some config...
It's pretty easy to manage access control in Splunk Web. Users can be given roles (such as admin) and the abilities that come with it. However, not everything can be done with Splunk Web and sometimes...
View ArticleWhy am I getting this error trying to add a new license? "In handler...
Hello, We are a Splunk Partner. We had a 5gig license that expired and a new one emailed. When I try and add the new one, I get the following error. Bad Request — In handler 'licenses':...
View Article