What does the capability extra_x509_validation provide for a role?
There is very little description on what extra_x509_validation provides in the URLs below, which appears to be a new capability. Is there a better explanation elsewhere?...
View ArticleSplunk Java SDK: How do I search logs generated only within the last 20 minutes?
I would like to only search logs generated within the last hour. My search right now is: search index="webops_webprod" "Invalid" earliest=-20m However, when I run this search through Splunk's Java SDK,...
View ArticleSplunkJS search manager that uses a MultiSelectInput object for returned...
We are on 6.4.2 Splunk Enterprise with a SplunkJS defined search manager that uses a MultiSelectInput object for the returned values. When the pages loads and the search kicks off, when you select the...
View ArticleWhy is "host=OptionalProperties" appearing as a field=value pair when we...
Why is this value appearing as a field value? It only shows a count of 3. There is no host by this name and no results appear if host=OptionalProperties is added to the search.
View Article"No search query provided" when using base search in a dashboard
OK, so I've been working away on this one for a little while now and can't see what I've missed. I've created a base search, but it doesn't return any results. Rather, it reads "No search query...
View ArticleWhy are we missing data in Splunk after rsyslog?
Hello, I am missing data in my current setup (about 20 to 30%). 1. Instance A is sending data to Instance B on port 514 2. Instance B uses rsyslog to get the data and log it into a file called...
View ArticleHow can I parse events in transforms.conf and props.conf?
I'm writing transforms.conf and props.conf in /splunk/home/etc/system/local to parse events before a certain string(CERTIFICATE [^0]) and on newlines. This is what I have in props.conf so far:...
View ArticleHow to create a drilldown to display a specific data log in a panel based on...
I wanted to open data logs on the same dashboard as my table, so if you click on a attribute on the table, it would display that specific data log below. I created an "events" panel and drilldown to...
View ArticleHow to rename a field that was recently extracted?
I recently extracted a few fields such as **GBPS** and now I would like to rename this particular field **Bps**. Thank You, Anthony
View ArticleHow do I configure Splunk to read events by timestamp?
Hello All our logging events start with a time stamp that looks like this: `00:00:23,746` The data in between the event can have carriage returns, along with different delimiters. For example data can...
View ArticleHow to search for failed login attempts?
I hate to say it, but I am a Splunk-newb. I plan on taking a Splunk course, but for now, I am just trying to get my feet wet. As an introductory project, I am trying to search for failed log-on...
View ArticleIs there any method to import graphs from Splunk in a Java application?
I am making a UI that will plot graphs using the top search. This search will be executed in Splunk and the graph generated has to be imported in a Java application. How can I do this?
View ArticleHow to write a search to display a Notable Event Timeline Review showing...
Hello everyone Can anyone suggest me a search where I can get the notable Event time review between various phases of a ticket like Unassigned, in Progress, pending, resolved, and closed? It should be...
View ArticleIs it possible to embed actions in an email alert?
Hi Fellow splunkers, I have a simple search that will alert an IDS event. My question is, is there a possibility to embed actions on the email alert? I have been digging on the tokens, but it seems...
View ArticleDoes Splunk have an app or add-on for Pulse Secure?
Does Splunk have an app and/or add-on for Pulse Secure? I see that there's an app for Juniper. Thanks.
View ArticleIs there a way to use eventstats and have the data persist for other people...
Is there a way to persist an eventstats in a search? For example I'm doing this in my search: index=blah | eventstats earliest(_time) by uuid I have to do this every time in my search, but is there a...
View ArticleWhy does clicking on "Set up" for the Splunk Add-on for Cisco Identity...
Hi Because I don't have enough karma points, I cannot add an attachment file to show a screenshot of the error. I'm using Splunk Enterprise 6.4.1 for free on Windows 7 Enterprise 32bit VM. I'm trying...
View ArticleHow to use summary indexing in dashboards?
Hi, I am new to Summary Indexing. Can you please let me know how to use summary indexing in dashboards? From documentation, we can enable this for reports or alerts, but how can we enable this for...
View ArticleLost data after indexers had to rebuilt in an indexer cluster. Is there a way...
I had to rebuild my two slave indexers, but the master is still intact. However, I lost all data prior to the rebuild. Does the master not maintain a copy of the data? If not, had I rebuilt one, and...
View ArticleHow to add a column of averages to a timechart?
Similar to how `timechart sum() by ip | addtotals` which adds a "Totals" Column to a timechart, how can you add an averages column?
View Article