Azure AD SAML Group Claims
I am trying to get Splunk Enterprise to use SAML authentication against Azure AD. I have followed the steps outlined in the directions on the Configure SSO with AzureAD or AD FS as your Identity...
View ArticleHow do I get a full listing of indexes and gigabyte ingest?
I've been using the following search to get a count of ingested daily (24hrs) and for 30 days, but I'm only getting the top 10. How can I get the others beyond the top 10? index=_internal...
View ArticleNeed the correct regular expression for my rex command
Here is my raw data: {"line":"level=debug t=\"2019-01-29T19:47:20.971Z\" rt=1 method=GET path=\"/service/health?apikey=DEFAULT\" sc=200 dma=999 apikey=DEFAULT amzn_trace_id=unknown...
View ArticleIs their such a configuration as multiple indexers in an enterprise...
I have an environment with three search heads, three indexers, one license server (also acts as the deployer), and one deployment server (distributing forwarder configurations, inputs.conf). This...
View ArticleCan you help me use regex to extract fields that contain 'ssd'?
Hello Splunk, I have the following raw log lines: 1 2019-01-29T15:44:41.184068+00:00 xxx vpxd 4566 - - Event [5650552] [1-1] [2019-01-29T15:44:41.182223Z] [vim.event.VmMigratedEvent] [info] [] [x - x]...
View ArticleSplunk is not displaying the latest time of lookup updated
Splunk is not displaying the latest time of lookup updated | rest /servicesNS/-/-/data/lookup-table-files | search title=* | table title updated title updated test.csv 1969-12-31T18:00:00-06:00
View ArticleAzure Monitor Metrics in event hub but not appearing in Splunk
We configured the Azure Monitor Metrics input and configured diagnostics to send metrics (and logs) to our event hub. We are only seeing 2 amm_resourceTypes when there should be more (ex. Load...
View ArticleHow do I get a full listing of indexes and gigabyte ingestion?
I've been using the following search to get a count of ingested daily (24hrs) and for 30 days, but I'm only getting the top 10. How can I get the others beyond the top 10? index=_internal...
View ArticleCertificate Transparency Log add-on for Splunk not working as expected
Has anyone been able to get the add-on to work? I'm striking out here. I configured the add-on exactly per the documentation. This is what I'm getting for every input I configure. ![alt text][1] I can...
View ArticleHelp with a pie chart search?
All, I have a relatively simple search but I am tripping over it for some reason. I want a pie chart of all hosts in my company. Any host with package="telnet*" as red and those without in blue. Any...
View ArticleData Not Getting Extracted Correctly as per CSV
We got an requirement to ingest a CSV file from a client machine. And in that CSV file we have headers in place as well. Headers are as mentioned something like that below: Received SenderAddress...
View ArticleWhat does "notracking@example.com" mean in Splunk Add-on for Microsoft Cloud...
Hi, all I am currently collecting the ThreatIntelligence Workload using the Splunk Add-on for Microsoft Cloud Services. While reviewing the collected logs, I saw a log that the UserId field is...
View Articlecreate a macro with token value using js and i can use that macro in...
Hi dudes, I have run a query in one dashboard based on that result created a token. Now i want to create a macro with that token results using java script or jquery. **Note:-** I have to access that...
View ArticleWebsite regex
Is it possible to use regex in configuration of the websites. Special, if my logs are on multiple servers. So can I use something like this : vlp05([4-5]+). This shown example doesn't work so I am...
View ArticleSNMP Splunk MA App for Netcool is not sending traps
We have installed "SNMP Splunk MA App for Netcool" on a new search head and linked the search head to the indexers. An alert with the trigger action "Netcool Custom Modular Alert"has been created and...
View ArticleCustom Alert Action UI
Hello! I'm trying to append to the Alert ui the query itself (the search from which the user create the alert), in order to send it to another dashboard via link from the UI. What i mean is that after...
View ArticleSplunk Instrumentation error
Hi all, I keep on getting the following error in my logs: `message from "python /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py"...
View Articleforwarding logs to third party system
Hello All , I want to check that whether Splunk forwarder agent (UF) can be use to forward collected raw data to another analytics tool other than splunk , I mean third party analytics tools . I have...
View Articleis Splunk convert the time from UTC to GMT?
Hi Splunker; I have kaspersky logs this logs send logs to splunk by use CEF format, when changed format to syslog format was there issue. this issue is: We are receiving now syslog from Kaspersky in...
View Articleset earliest and latest time stamp
Hi All, I want to set fix value on the earliest and latest, earliest should be 6PM and the latest should be 7AM the next day how can I do this? TIA
View Article