How to write the regex to extract this field?
Hi , Can someone please suggest the regex for this field extraction? We need to extract `de` from below context with field as **Name**: csc-3.0.1/r1_de_ *:1012 Thanks
View ArticleHow to create an alert to trigger when a user visits 5 blocked websites in 1...
Hello, I'm trying to create an alert that will go out every time a single user visits 5 blocked websites in 1 minute, but I'm having some trouble with it. I've included a sample event. Jul 20 11:09:04...
View ArticleHow to use an addcoltotals result for eval?
Hello dear Splunk experts :-) I have this in my search: addcoltotals labelfield=fieldtosum label=TOTAL However I would like to reuse the result of it like fieldtosum/TOTAL, how to do? Example attached....
View ArticleHow to autozoom maps to a dynamic long lat
I have a dashboard that I would like to open a map and use the mapping.map.center option with dynamic numbers. This map can only show one location and I would like to zoom in on that location. Here is...
View ArticleWhat happens when Universal Forwarder loses its filesystem?
Has anyone seen what happens to a Universal Forwarder when the filesystem it is running from goes away? I just found out about some weekend maintenance to our network storage that will cause...
View ArticleHow to edit my WinRegMon configuration to filter out certain Windows registry...
Hello! I need some help filtering Windows registry events in Splunk. Here is my inputs.conf file [WinRegMon://default] disabled = 0 hive = .* proc = .(?!symantec|google)([a-z0-9*]+)$ type =...
View ArticleHow to update custom JavaScript and CSS in a search head clustering environment?
Hi, I have an app that was created via "create app" on our search head cluster, and the customer wants to apply some custom css and js. How would I do that in an shc environment?
View ArticleSplunk App and Add-on for Okta: Why are we not seeing our production Okta...
Hello - I am using the Splunk App and Add-on for Okta. Works pretty great so far, EXCEPT: The production Okta data is not being returned by the Splunk app, but all of the non-production data is (dev,...
View ArticleHow do I remove certain IP addresses with only 3 octets in the Search app?
I have a file that contains a list of IP addresses (Some that are full IPv4 and some that only have an IP with the first 3 octets). I was able to upload the file into Splunk as a lookup file and search...
View ArticleAfter upgrading from 5.0 to 6.4, getting a regex error issue at startup...
`Bad regex value: '(?i) .*? (?P\[a-f0-9]+\-[a-f0-9]+\-[a-f0-9]+\-[a-f0-9]+\-[a-f0-9]+)(?= )', of param: props.conf / [wsp-prod] / EXTRACT-foo-bar; why: unrecognized character after (?P` Bad regex...
View ArticleSplunk Distributed Peer error on 6.2.6 a week after extending the certs
Posting a question after an year, so bear with me. We're on Splunk 6.2.6 and recently 2 weeks back updated the default Splunk certs using the script provided by Splunk. This was done in 3 environments....
View ArticleSplunk DB Connect 2: How to get one search as input to another search in the...
All my data for this query is using DBX and one table. I have to select Field A from DBname where Field B=open connection information Then I need to match the Field A for the following (I only want the...
View ArticleIn Advanced XML, can a search output to a collect?
I have this code which is intended to just write one event to a tracking index when a user clicks a button:TrueOk | rest /my_custom_endpoint| fields field1,field2| join [search ...| stats count ] |...
View ArticleChanging tokens from JavaScript doesn't update existing elements
I'm using Luke Murphey's `tab.js` and `tab.css` from [http://blogs.splunk.com/2015/03/30/making-a-dashboard-with-tabs-and-searches-that-run-when-clicked/][1] to create a dashboard with tabs. Each tab...
View ArticleIs there a way to rename CSV column headers prior to indexing the data?
I've got a data source with a header like this IP Address,Internal Domain,External Domain,Internal Dns,External Dns,Known,Target,Open Ports,Closed Ports,Mixed Ports,Error Ports,**Confidence**,Match...
View ArticleAfter 6.4.1 upgrade, why are icons getting cut off by the title for each...
Hi, We recently upgraded to 6.4.1 and one of dashboards has icons that are getting cutoff by the title for each panel. Has anyone run into this, and any suggestions on how to eliminate it? ![alt...
View ArticleHow to edit my search to find if a service is down, then trigger an alert...
Hi , We have search that runs for every minute, and if in case it found any Service is down, it triggers an alert. However, we are thinking to enhance the search in a way that search should run for...
View ArticleWhy is my table drilldown selecting the first column by default, regardless...
Hi, I have a table with 5 headings.. each heading has a list of things underneath it.. I want to create drilldowns each time someone clicks on a cell. The issue I'm facing is that every time I click on...
View ArticleHow to install Splunk for Excel Export?
Hi, I am not able to install the Splunk App for Excel Export. Could any one provide the steps for installing? Thanks.
View ArticleI have an HTML dashboard that contains a JavaScript function where I have a...
hi I have a dashboard html that contains javascript function where I have a json object. I want to save the json object in a text file. How can I do that? I need to know the method to use in...
View Article