Compare one field from the search with a field in the lookup table, and list...
Hey everyone, I have a list that contains usernames and Countries. The name of the list is user1.csv and its added in the lookup table files. Cisco_ASA_user,Country user1,United States user2,United...
View ArticleHow do show two recent scan result.
![alt text][1] How do i filter table , just show last 2 days . And compare Fixed Event by host. Thanks for your help. [1]: /storage/temp/271101-splunk-eventlist.png
View Articlesyslog-ng to HEC data persistence
How would we ensure data persistence/queuing when using Ryan Faircloth's (or a similar script) method to batch the syslog messages using a script rather than the default one message per POST of...
View ArticleDeployedApplication - Failed to install ... reason=Application does not...
We are managing our Index Cluster Apps by deploying them to the Cluster Master's "master-apps" directory. Here is the CM's deploymentclient.conf: [deployment-client] repositoryLocation =...
View ArticleHow to change ownership of a KO from a person to a group ?
When I create a dashboard , even after sharing it within the app, It's me (the owner) of the dashboard who has the ability to 'edit permission' of that dashboard. Is it possible to change the ownership...
View ArticlePerfmon to metrics in 7.0
what happens to perfmon data if we switch to use the new metrics feature in 7.0 (statsD, collectD, mstats)? What happens to the dashboards and alerts? Can they work hand in hand or not?
View ArticleSplunk ES - Troubleshooting Web Data Model
We have ES up and running and I'm starting to review the various Security Domains and relevant dashboards/reports. For Security Domain -- Network -- Web Center there is a widget of 'Events Over Time By...
View ArticleSplunk indexing delays showing as negative.
We have a server running in Japan timezone. Recently when we did not find logs during a live testing. Next day we ran the query to calculate delta between indextime and event time --- "eval...
View ArticleCheckbox in table
Hello, I have a drop-down menu where based on the selected filter I produce results in a table. I would like to add a checkbox by line where you can select "N" results and pass them to another table....
View ArticleHow we can run splunk python sdk code in splunk as scripted input?
In this case ,I have Index "A" with Two fields "Latitude" and "Longitude" ,now I want my python script fetch these two fields from Index"A" and calculated distance (using internal logic) and then...
View ArticleHow to snooze or temporarily disable scheduled searches?
Sometimes (like on holidays), I want to disable an alert for a period of time so that it doesn't fire and cause operators to panic. Usually, we do one of two things: 1. Manually disable the alert on...
View ArticleIP ranges in server class
I have multiple IP ranges that need range specific apps deployed to them but not the others. here is an example of my IP's Usable Host IP Range: 172.24.128.1 - 172.24.191.254 Usable Host IP Range:...
View ArticleSplunk ES Adaptive Response Actions not populating.
while Editing the correlation search Adaptive Response Actions dropdown is not populating which has notable event actions associated with it.
View Article'where propertyname In (propertyvalue1, propertyvalue2, etc...)' int vs...
Hello, I am having difficulty using the 'where property in (x,y,z,...)' type search filter in Splunk. Specifically, when the property values are strings. This works for me: index=indexName | where...
View ArticleSplunk forwarder delays only Concurrently generated logs
After reviewing splund.log, metrics.log in several attempts and adding check on storage etc. on splunk servers, we have received one pattern. The only logs getting delayed by forwarder are the one's...
View ArticleConfiguring Splunk SSL for forwarder/indexer communication
Hey Splunkers, This maybe less of a question and more of a comment. The "Configure Splunk forwarding to use signed certificates" documentation states you should configure: sslPassword = The password...
View ArticleCharting with Indexed time fields
I have a date field in this format Y-M-D. I want to chart everything that is two years older than that field. Not sure how to do that. I have look at many of the time related commands but can't think...
View ArticleMulti Event Rows in a Table from a Single Event
Hi, I have data in One event listed as TestName1, TestValue1, TestName2, TestValue2, TestName3, TestValue3. I want to have them show up on separate rows in a table as: TestName 1 TestValue 1 TestName 2...
View ArticleHi , I am looking for to automate jobs for splunk , i want to build an alert...
Hi , I am looking for to automate jobs for splunk , i want to build an alert that will trigger if any server has issue as well as do a automatic restart of the server through the splunk alert without...
View Article./splunk cmd python fill_summary_index.py -app splunkdotcom -name "*" -et...
Hi , Currently we have infrastructure with one search head deployer , one indexer cluster , one deployment server with 3 sh , 6 idx. we are trying to backfill the data through summary indexing , when i...
View Article