How to display certain background colors for single value visualizations...
I am trying to make my search have 3 different background colors: Green if healthy, Yellow if warning, Red if critical. Right now all the code displays is the correct information without any colors. I...
View ArticleAre there recommendations on teaching users how to get current data from...
A ticket has come across my desk today where a customer is getting different results from different search heads for a report. After looking at the report, I see that there are easily 15 windows that...
View ArticleSplunk Add-on for Check Point OPSEC LEA: Why are we seeing fewer events...
Hello All I am working with our CheckPoint FW admin to figure out why their tool shows 17 million events for the past 8 hrs, and Splunk is only showing roughly 5500 events. I have looked at the errors...
View ArticleSplunk indexer cluster nodes internal indexes do not properly inherit...
Some additional information about the environment: All indexers are running Splunk 6.3.5. The indexers are all cluster peers receiving slave-apps from the cluster master. I set up some global index...
View ArticleHow to display only matching names from a CSV file with 2 fields?
Hi, I'd like to have Splunk display only matching names from my .csv data source which has 2 fields. I'd like to display only the names that are common from either field. This is what I have and I am...
View ArticleTA-juniper "Bad regex value" error after upgrade from Splunk 6.2.6 to 6.3.5
Hello, After we upgraded Splunk to 6.3.5, our **TA-juniper** started producing a bad regex error: **btool.log** Bad regex value: '\s+([.-\w]+)\s+RT_FLOW', of param: transforms.conf / [dvc_for_junos_fw]...
View ArticleWhat is the best practice for implementing a use-case that requires an...
I want to leverage a huge lookup which will likely have a size in the range of 50GB. The size of target data (to which this lookup will be applied) is over a few tera bytes, and the number of nodes in...
View ArticleHow to generate multiple tokens in one panel, and append rows to another panel?
I'd like to do the following in a dashboard using Simple XML (I don't believe I can use advanced XML + post process in my version of Splunk): 1. Run a search that produces a table in panel 1 2....
View ArticleDoes the Splunk App for ServiceNow make a secure DB connection?
I'm in the process of evaluating the Splunk App for ServiceNow. One of our main concerns is that the connection to the ServiceNow database needs to be secure. Can anyone tell me if this connection is...
View ArticleHow to create a role with limited admin capabilities to put a cluster in...
Basically I need to make a Splunk account with limited admin capabilities, one of them being able to put the cluster in maintenance mode.
View ArticleWe created new roles and assigned capabilities, but why are users sometimes...
Hi, We are seeing a weird issue with our roles. We have created new roles and assigned capabilities for our new APP. Although all the roles and capabilities look good, users with that role are unable...
View ArticleCatchpoint Search: How to find the Test ID?
I am new to Splunk and Catchpoint. I followed the setup steps below. How can I find the test ID on catchpoint? Is it in Splunk? or does it already exist somewhere in Catchpoint? Navigate to Settings...
View ArticleHow do I add this regex string to my search?
Hello - I have the search running below. How do I add `"AAA*Y**80*"` to the search? Search: index=hdx_payer sourcetype=hdx_payer_receive_logs | regex "AAA*Y**42*" Thanks
View ArticleHow to use multiple interfaces (NICs) for data replication on slave in an...
Hi, A little background regarding my question: I have a cluster of three indexers with 4 NICs each. I have a working stable indexer cluster with just 1 interface doing everything by default (input from...
View ArticleCustom Cluster Map Visualization: Why am I getting "Invalid key in stanza...
Hello. I downloaded this app and the default/savedsearches.conf is # clustermap viz defaults display.visualizations.custom.viz_clustermap.clustermap.lat = 25.799891182088334...
View ArticleSplunk Enterprise Security setup: Why am I seeing error "unable to distribute...
I've been trying to set up the Splunk Enterprise Security app, but I came across an issue that I can't find references to online. Unable to distribute to peer named indexer1_hostname at uri...
View ArticleSplunk MINT & Splunk Add-on for Cyberark: Cyberark syslogs hitting interface,...
Updated Splunk, new installation of Cyberark, using SplunkCIM.xls for translation file and cyberark:epv:cef for sourcetype. Add on for Cyberark is installed, but unsure how to use it. Thanks in advance
View ArticleHow to resolve "SSL23_GET_CLIENT_HELLO:unknown protocol" error on our indexer?
I'm setting up a Splunk Indexer (Splunk Enterprise 6.4.1) on CentOS 6.8 64-bit. I do have the Splunk Add-on for Microsoft Windows installed on the indexer. My (/opt/splunk/etc/system/local/)inputs.conf...
View ArticleWhy is SA-Eventgen taking over my app's interface?
I've installed [SA-Eventgen](https://github.com/splunk/eventgen/) alongside an app I'm working on, on a pure development Splunk Enterprise instance that I have set up. For some reason, the navigation...
View Articleinputlookup returning 0 fields
Hello all, I've done this a million times, but for some reason, it's not working for me today, and I suspect it's something really silly that just needs some fresh eyes on it. I have a .csv file:...
View Article