How do you average count values in certain timeslots?
Dear Community, I got a use case I seem to be too inexperienced with to complete on my own. Since I just started delving into splunk I still lack alot knowledge, so I would be glad for your advice. I...
View ArticleNew install of UF windows, splunkd.log says "sock_error = 10054. SSL Error =...
I just installed a new UF on a Windows VM, and I'm getting an error that connection to the host failed, with "sock_error = 10054. SSL Error = No error" The indexers I'm trying to connect to can talk to...
View ArticleDropbox for Business - Configuration Error - Error in Posting to Rest API
Hi I am attempting to install the Dropbox for Business app but am getting the following error: Encountered the following error while trying to update: Error while posting to...
View ArticleSPLUNK SEARCH QUERIES HELP…NOW
I’m working on a school project to provide efficient results concerning security audit events through Splunk. So far, I’ve installed forwarders on Windows and Linux systems and added the applicable...
View ArticleDashboard: Filter lookupfile: field=Var1 OR (Var2 in any field)
I have a dashboard with a drop-down selector and a free text field, and an inputlookup file. I want results of a panel query to show items from the lookup file if some SPECIFIC fields match temp...
View ArticleNeed SEDCMD Help.
I have a csv that is coming in and we want to replace anything in the name section with "XXXX" Sample events "2019-04-16 15:02:42",,22290412_163115_00725.pdf,111111,,,,,--------Please Select Member...
View Articlekvmode=json and field aliases
When using kvmode=json to carve fields, when I try to create a field alias to make the fields CIM compliant, they don't appear to take. I assume there is a precedence here. Is there a way to accomplish...
View ArticleAccidently deleted the shcluster/apps directories on my Search Head Cluster...
Accidently deleted the entire shcluster/apps directories on my Search Head Cluster Deployer. Is there a way to get the directory back? I thought about pull over the directory from the search head...
View ArticleFresh install of Splunk 7.2.6 "setup wizard ended prematurely" - Windows 10...
The installation stops immediately even when attempted from the cli. This seems to be the most asked question here with no clear solution. Any insights? Thanks.
View ArticleLimited output for multivalue field
Hi Splunkers, we have JSON logs with multiple values for a single field - list of identities - up to 1000. I need to extract all values from the list, e.g. using mvexpand. But the number is always less...
View ArticleHelp with DB Connect confguration
I have 12 DB servers from which i need to collect data and make it available for dashboards. My questions are below 1. Is DB connect the best solution? 2. Planning to use 12 universal forwarders on...
View ArticleHelp with DB Connect plugin
I have 12 DB servers from which I need to collect data and make it available for dashboards. My questions are below 1. Is DB connect the best solution? 2. Planning to use 12 universal forwarders on...
View ArticleSplunk DB Connect Doesn't index data
Hello world, I'm running Splunk 6.4.0 build f2c836328108 and I'm trying to install Splunk DB Connect v.3.1.3. When i'm configuring the inputs, i get results from the query but it doesn't index the data...
View ArticleKV Store share among 2 SearchHeads and a Heavy fowarder
I have DB_Connect running only on the Heavy Forwarder. (Got that working) I want to get a single value from a database (A Date Value), store it in the KV-Store on the Heavy Forwarder (I know how to do...
View ArticleSplunk Add On for Windows v4.8.4
Running an older server and was wondering if there was any place to download Splunk Add On for Microsoft Windows version 4.8.4?
View ArticleSplunk Add on for Google Cloud,Splunk Integration Google Cloud
Hi, We are building the architecture of Splunk with Google Cloud. As per the information, I have received so far, Splunk Add on for Google can only integrate Splunk Heavy Forward to the PUB/SUB and...
View ArticleCan a PDF table be more than 1000 rows?
I'm in the process of building some high-priority dashboards for my management (time critical), and I'm having a problem when I schedule the PDF for delivery. One of my tables has 1370 rows, but the...
View ArticleUploading files with python-sdk
I am working on a python script to upload logs to an index on the local splunk server. I use splunk-sdk for python for this. Connection and some splunk-sdk example runs fine but I am having trouble...
View ArticleI am not seeing the detention option from the Search Head Clustering page for...
I am not seeing the detention option from the Search Head Clustering page for Splunk 7.05 Is this feature not available at this release? Thanks in advance.
View ArticleManipulating data in a Values() output
Is there any sort of syntax for me to be able to manipulate or get data on data that exists in the Values() field. So lets say that I do a | stats values(dest_port) by src_ip I then want to order the...
View Article