Monitor files perfomance
Hello, I need to monitor some Oracle Database agent logs with Splunk Universal Forwarder. The base directory for finding the logs is $ORACLE_HOME. We´re using this configuration to monitor these logs...
View ArticleHow to use Report Acceleration in a Dashboard
I have a base report "Hourly Checkpoint Blocks" for a time span of 1 hour that I have accelerated for 1 month. I.E. index=checkpoint action=block | timechart count by action I have created a dashboard...
View Articlefor a data set with a common request ID but data is scattered in different...
I have a data like I am searching with a request ID and I get below data like time 1: request id=1 account details and elapsed time time 2 request id=1 account codes time 3 request id= 1 viewname and...
View ArticleOptimising redirection of an index
I am redirecting an index however, I would like to possibly increase performance. My props.conf looks like this: [host::MM[0-9]{6}-PC] TRANSFORMS-index = overrideIndexoldIndex transforms.conf looks...
View ArticleRegex ignore adding underscore if there is a dash
Hey everyone. So what I need to do is complete the filename in one of my fields in an event. Example is this: attachment = Filename ABC - 2019 111 CT.pdf I am using the command: **| rex mode=sed...
View ArticleHow to merge a lookuptable with a index
I'm trying to make a join using a lookuptable and a query from a index ![alt text][1] With lookup table ![alt text][2] And the SPL are don't bring the information correct The commnad that I'm trying to...
View ArticleProper way to mount configs in Splunk Docker Container
Hello, currently working on Spinning up Splunk Containers using the splunk latest image. Works great when using all defaults but when I try and bind mount some of my existing configs that I wish to...
View ArticleFind a results between two dates (initial date and limit date) .
Hi Splunkers , I've tried this query to return events between two specific dates. Here is the query: index="db_rsa_archer" | eval Data Identificada=strptime('Step Due Date', "%d/%m/%Y/") | eval days =...
View ArticleUpgraded Splunk Enterprise to 7.2 from 6.6. Received error with KV Store but...
Tried to migrate KV store using the **splunk migrate migrate-kvstore** cmd and got another error when looking at the migration.log.(date).log and it states "Cannot open file=D:\Program...
View ArticleHow to resolve authentication issue with virtual provider/index?
I'm working on making a connection to a virtual provider with a virtual index I have confirmed with some test data. I've enabled debug for the provider and executed some searches. The search just...
View ArticleHow to Reduce disk space in data model summary?
We are trying to reduce the data model summary disk usage, for this we modified the acceleration from 3 months days to 1 day and rebuild the data model, but i still the old tsidx files and not helping...
View ArticleIntegrity Check for Unauthorized Log Deletion
Is there a query that I can use that will check for unauthorized deletion of event and security logs?
View ArticleDB Connect runs every query multiple times
When running any query against SQL Server using "Splunk DB Connect" I see that the query always executed 4 times instead of just one. Only result of the 3rd execution is returned and displayed to the...
View ArticleHow to index .evt(x) files exported from a Windows system for Forensics/Root...
Problem statement: Windows .evt(x) files need to be indexed but the system the files originated from is no longer operational and the normal methods for gathering Windows event logs will not work;...
View ArticleHow to show the difference in data values on timechart?
I have a time chart showing counts over a period of time using a bar chart. How to show the difference between the values on a bar? I want to display a hike(+/-) of the current count over the last...
View ArticleSuricata/Bro Data Models
So I am getting data ingested from Bro/Zeek and Suricata via the TA's for said applications. I want to build data models for them and wanted to see if anyone has anything built for Bro/Zeek or...
View ArticleProgram to connect to multiple splunk machines ?
Hi, I have 10 windows machines ,now I want to create a conf file with content in all 10 machines through program.how to write this using python
View ArticleHow to set up splunk Indexer
Hi Could you please give me clarification the below point? I have gone through the splunk videos and understand the splunk components. As per my understanding Forwarder: Which installed on Application...
View ArticleQuestion on comparing 2 columns
i have 2 columns as below. Please see if you have a way to do this .. thanks.. Requirement is if col1 = col2 , col1 record stays. if col1 is not equal to col2, then col2 record stays , col1 record to...
View Article