What is crc_Salt = means and in which case its used?
What is crc_Salt = means and in which case its used? Please provide some scenarios where it will be used.
View ArticleHow to give edit access for the dashboards/alerts based on the user ID...
I need to give edit access for the dashboards/alerts based on the user ID instead of roles through Splunk search head GUI ?
View ArticleChanging from RHEL to CoreOS for Splunk
we are planning to change from RHEL to CoreOS. I don't have any experience on CoreOS. I need some inputs on this. Please let me know if anyone have experience on CoreOS for Splunk. Thanks.
View ArticleSplunk automatically splits a event into two, because of two dates
Hi All I tried a solution suggested online for a similar issue, but it didn't fix the problem The below extract from the log is a single event 2019-03-26 12:03:28.753 +0000 INFO  [zzz] [yyy] [] []...
View ArticleSplunk Alert With Cron Triggering when it shouldn't
Hello, Recently we got Splunk upgraded to version 7.2.5.1 and one of my alerts have been triggering not following it's cron schedule expression. I wrote this cron expression for an alert which only...
View ArticleSplunk ServiceNow app: how to Selectively remove Display value from indexing?
hi After recently upgrading to new version of ServiceNow app, we have found that the display value (dv_*) field have automatically been enabled. This makes each event/payload quite huge and makes them...
View ArticleSplunk App for Windows Infrastructure and Windows add-on version 6
Fresh install (not in production yet) so I can reconfigure as necessary. Distributed deployment, all Splunk servers are Linux; 1 search head, 3 indexer cluster, 1 deployment server Getting an error...
View ArticleHow to use local outlier factor alogrithm in ML toolkit ?
Is there a way i can use local outlier factor algorithm in my splunk just like i can use oneclassSVM. If yes can you tell me what the complete command for it, I am not able to find it anywhere.
View ArticleLost dashboard after free trial ends
I'm sure this will have been asked before but I can't find it anywhere... My trial has come to an end so i switched to the free version. Is there anyway to find the dashboards? They were created by a...
View ArticleFile Name Parts Extraction Rex
I need to break down a source file name into it's meaningful parts with a regex, however the convention of the file changes a little depending on what type of log it is. I've pulled the field "file"...
View ArticleProxySSO authentication failed to process groups header
Hello, I'm trying to configure Proxy SSO authentication, with PingAccess, for Splunk Enterprise v7.2.5.1. But whatever I try and configure on Splunk side, I obtain this message in the splunkd logs :...
View ArticleHow to troubleshoot why no SCM data is ingesting in splunk for tripwire addon?
I am using Tripwire Enterprise Add-on for Splunk. to retrieve data using either SOAP or REST. I have tried both the methods. I see data coming in for te_FIM_csv and te_assets.csv. I see the file...
View ArticleSearch head had bad DNS entry - Now can't delete it from the cluster
There was an extra incorrect A record in DNS for one of my search heads that I am building. As a result when I tried to elect a captain the wrong name was coming back. I have had the network team...
View ArticleHow to handle search query when json data has host field?
I'm working on a corporate Splunk instance where we do not have access to rename fields when indexing, or make any similar modifications due to security and compliance requirements. I'm trying to...
View ArticleIs there a way to have forwarders restart after a random time interval after...
I'm encountering an issue where, after changing or creating a new script-based app that runs periodically (e.g. once per hour), the forwarders check-in, deploy the app, then all, perhaps 1000's,...
View Articleissue : want to hide/encrypted text password
Hi , i have AD server configuration GUI page in my app where i am setting user_id , password, Group in data input . so after setting text password and saving page, i can see GUI is showing text...
View ArticleCheck if a measurement is between startTime and endTime of an incident
Hi, I have 2 indexes. measurements - list of all measurements ( _time, transactionId, transTime, resultStatus) incidents - list of incidents ( _time, transactionId, incidentId, startTime, endTime,...
View ArticleSplit a nested json array with key/value pairs at index time
I am searching for a way to split an json array at index time with key value pairs. Raw Data:...
View ArticleHow can I change the layout of JS submit buttons
Hi there, I have 2 buttons next to each other in a dash ( JS created) .. how can I set the spacing between them ? Right now they are kinda on top of each other and right next to the "hide filters" tab....
View ArticleHow to create multiple reports/pdf output from a single search?
hi folks, we got a requirement to create xx number of reports based on a filter. For example the lookup file has filter of team TeamName,sourcetype Windows,windows:* Unix,syslog Oracle,oracle* We have...
View Article