Can you help me figure out how to use UDP to transmit data from one heavy...
I'm trying to set up a test environment to be used in production. Will be taking data from another Splunk heavy forwarder (HF) and sending it to our HF. Must use UDP to transmit the data. I have played...
View ArticleCan you help me with input lookup, tstats, and visualization?
Hello, I have a lookup table for all the source types. I'm trying to use stats or tstats to show all the source types, and if they have no data coming, I want to show 0 for those source types. I'm...
View ArticleSplunk Cisco Networks App not displaying results
I have installed the Cisco network app version 2.5.6 and the additional Cisco add-on in splunk, and it's failing to show any results. I am receiving syslogs from the cisco switches via the results...
View ArticleIs sourcetype alias a thing?
As my program isn't great at planning for the future, or doing anything involving industry standards, we are indexing our Liferay Tomcat logs in Splunk, but had not used the typical "access_combined"...
View ArticleCan queued searches from users/roles be prioritized?
If searches are queuing, can searches from particular roles/users be prioritized over others to run next, regardless of when the searches were started. UserA runs a search at 12:00:00PM that is queued....
View Articledeployment server in distributed environment?
Hi all i have the following environment 1-universal forwarder 2- indexer cluster that have 3 indexers and one master-node 3-search head cluster that have 3 SHs and the master-node above as the deployer...
View ArticleSupport for Splunk Enterprise 7.2
When do you suppose Splunk Stream will be fully supported on 7.2, as designated in Splunkbase as compatible? It hasn't been updated in close to a year.
View ArticleHow do you fix a python path issue?
I have the splunk_app_db_connect installed and it works correctly until I install TA-Proofpoint-TAP. When The DB Connect UI is started it generates this errorTraceback (most recent call last): File...
View ArticleEmail alert action not sending in 7.2.4 (dev/test license)
I just did a fresh install of 7.2.4 and installed my dev/test license. I am trying to test email alert functionality, which worked on this system when a previous version was installed. The search fires...
View ArticleHow to reference a SQL server database with an XML field containing...
I'm a Splunk newbie, so feel free to challenge any of my assumptions. I'm tasked with integrating our proprietary product's event/alert database. I believe the correct approach (in a simple case) is to...
View ArticleWhat to do about NGFW logs via syslog
I've looked at a few apps for Cisco Firepower and it's still not clear to me what I need. We have the NGFW which are managed via FTD. We get eStreamer events which are parsed via eNcore. That all seems...
View Article[MACRO SOLUTION] mvexpand multiple multi-value fields
There are already several Splunk Answers around mvexpand multiple multi-value fields. https://answers.splunk.com/answers/25653/mvexpand-multiple-multi-value-fields.html...
View ArticleSplunk to search and analyse it in logs after one hour
I have a requirement to search and analyse result of searches in same log file after one hour. For example , Search a keyword payment with ID at 12:00 PM in log X Search the same payment ID at 1:00 PM...
View Articlemvexpand multiple multi-value fields [MACRO BASED SOLUTION]
There are already several Splunk Answers around mvexpand multiple multi-value fields. https://answers.splunk.com/answers/25653/mvexpand-multiple-multi-value-fields.html...
View ArticleGetting server metrics from Splunk Infrastructure Servers
We are just beginning to use iTSI and I would like to create some KPI's that are splunk servers, cpu, memory and disk space. This data seems to already be in the splunk internal indices, I just dont...
View ArticleSupport ticket raised outside of business hours
I have a support ticket system where people can submit their support tickets. The system is running 24 hours but the workers only work **from 8am to 8pm**,**Monday to Friday**. I have a create_time...
View ArticleView the parameters, e.g. from limits.conf using the search
Hello, Is it possible to view the configuration files / parameters, e.g. limits.conf using the search? I do not have access to the OS but still would like to research on the parameters to advise my...
View ArticleLookup command returning incorrect null values
I encountered a very weird behaviour. I kind of found a way around it, but I want to make sure that I didn't misunderstand anything and I want to isolate/define the issue as good as possible. Maybe...
View Articleexplanation of the concurrency in the limits.conf needed
Hello, My alert gets sporadically skipped with the following log entry: 02-09-2019 08:48:53.968 +0100 INFO SavedSplunker - savedsearch_id="nobody;mlbso;Anomaly Detection", search_type="scheduled",...
View ArticleGet entity list of just splunk infrastructure servers
I would like to know the query I can use to get JUST the splunk infra servers, and not the UF's. I want to use this in iTSI for entities. Thanks!
View Article