How to find the number of times a specific field value has been present over...
I'm trying to find the average time (in weeks) it takes to patch specific network vulnerabilities. I take in data from network scans which include the hostname and the name of the plugin that are...
View ArticleHow to match match IP addresses with a lookup table that only contains IP...
Dear Team, What i am trying to achieve is like this: I have a lookup table with many subnets. I am trying to match the destination host IP with the suitable subnet from the table. | index dhcp | lookup...
View ArticleSplunk Add-on for Microsoft Cloud Services: "Invalid Inputs - Error Code...
I just installed the Add-on for Microsoft Cloud Services by following the installation guide and using Splunk Web. I was able to get the certificate uploaded and have gotten "Auto-generated and...
View ArticleHow do I create a field that contains only specific values to disregards...
I am trying to create new fields to search across multiple sources. I have two problems: 1. When searching for data of source1, and selecting "create new field", I create a field using regex (I...
View ArticleWhen can we expect splunk to support 2Factor Authentication for "Siteminder"
When can we expect splunk to support 2Factor Authentication for "Siteminder" using SAML.... Is it going to be in 6.4.x?? or 6.5?
View ArticleApp for OSX on Apple to input data for Splunk monitoring
Anyone have a link for an App so that ports and data sources such as SMTP and data traffic can be directed to my Splunk Enterprise for monitoring and diagnostics? I am new to this and working out of a...
View ArticleHow can I do timechart (or something similar) starting from a specific minute?
I have an alert that runs every hour at the half hour mark. So at 1:30, 2:30, etc... When I run the timechart command, "| timechart count span=1h", it brings back the count of events for each hour, but...
View ArticleSplunk DB Connect 2: Why are events getting indexed with a timestamp...
I'm using Splunk DB Connect in a Splunk Forwarder to collect data from a MySQL database. My Splunk version is 6.3. The indexed data date refers to current date instead of the date from the...
View ArticleHow to get Office 365 integrated as my SMTP server for Splunk alerting?
Hi all, I have an issue with trying to get Office 365 integrated as my SMTP server for Splunk alerting. I’m putting in all the right details in the email settings page, smtp server, port, user/pass etc...
View Articlebroken hosts app... how to configure?
Just noticed the broken hosts app... looks very interesting. However, it does not appear in my app pull-down list, and when I click "launch app" from the app page, it simply takes me to the app with a...
View ArticleDeployment configuration on indexers - DC:DeploymentClient -...
I am troubleshooting an inherited env whose core includes : 3 x SH, 2 x PN, 1 x MN, 1 x DS I am seeing the following errors on both my PN's : INFO DC:DeploymentClient - channel=tenantService/handshake...
View ArticleServiceNow - Clean Index and Download Data Again - Missing tables
I am stumped and not able to find a good solution. I would like to clean our index and download data again from ServiceNow. I don't care about any history that Splunk would have collected over the last...
View ArticleHow do I ingest Nessus Compliance scan results
Splunk will ingest the scan reports but it only reports the plugin data not that actual compliance scans. The compliance scans can be exported in .nessus .html .csv formats but the App does not appear...
View ArticleCannot create Modular Input for Java SDK
I have been following the steps mentioned in http://dev.splunk.com/view/java-sdk/SP-CAAAER2 and I'm stuck at step 1d. jar cmf MANIFEST.MF myinput.jar com java -jar myinput.jar --scheme I run these...
View ArticleHow to configure the forwarder to monitor logs on a different machine that...
Hi, I have installed Splunk Enterprise Server and forwarder on two different Windows machines. I would like to configure my forwarder to monitor the logs on a Linux machine without installing the...
View ArticleSplunk Add-on for Nessus; How to get certificate information from Nessus?
Does anyone know of a good way to get the certificate information from Nessus? We we log in to Nessus and we can see the certificate information like expiry and common name. We would like to get this...
View ArticleHow to extract a string from a field to use in another search?
So I am new to Splunk, but cannot seem to find the answer to this likely simple search question. So I need to search for a string, then use that value in a second search. Assuming this will just be a...
View ArticleHow to set a default timezone for an entire multisite Splunk deployment?
Hi, I'm creating a multisite Splunk deployment with timezone differences. Since most users do not change their timezone perf and it's set to default, it could change depending on which search head and...
View ArticleHow to troubleshoot why we are getting sendemail error "Connection closed...
I have 1 working Splunk box with SMTP. It is SSL Bound ( I did not set this box up). I have 1 more Splunk Box that isn't SSL bound and the SMTP isn't working ( I set this one up). When I try to send a...
View ArticleHow to configure the JMS Messaging Modular Input to monitor and parse...
Hello - I have successfully installed the JMS Messaging Modular Input with the intention of monitoring Websphere MQ *statistics*. (e.g. Queue Depth, Oldest Message Age, etc...). I am able to...
View Article