How to Sum Latest and Previous Field1 from multiple Field2.
Hi All, I have a problem to form the logic for sorting Latest and Previous Data to compare. Looking Field1=Status , and Field2=ID and sort by Latest compare with Previous. Search and Filter Data as...
View ArticleCISCO ASA add on is not extracting fields
We recently upgraded the environment from 6.5 to 7.2 and ever since there is an upgradation in the environment we see that the rule fields are not getting extracted properly for Cisco message id 106100...
View ArticleAm I using modular regular expressions wrong?
Hey, I need to route my data to a different index and append something to the host field if a certain regex matches, following the well know method using props.conf and transforms.conf, for example...
View ArticleHow to fix problem with attribute errors due to split in ldapgroup.py
Hi, I'm using the ldapgroup command from SA-ldapsearch (Splunk Supporting Add-on for Active Directory). It allows me to get obtain nested users in AD groups. However, there is a problem with the...
View ArticleServer Availability query from Incident data
I have a lookup table with fields Application name and host, and i have a realtime Incident data with index, sourcetype and ServerName. I have two things to be retrieved. 1. If there is a incident...
View Article'Configure Splunk forwarding to use your own certificates' possible...
Hi, I'm trying to configure Splunk forwarders and indexers to use our own certificates and while checking the documentation...
View Articlehow Independent stream forwarder app on Linux machine, forwards netflow data...
Hi! The Splunk environment has 2 Indexers (Clustered) and 1 Search Head. There is a dedicated Linux machine which is forwarding the NetFlow data received on port 9998, to the indexers. The...
View ArticleBootstrapping a secure management configuration with company certificates
Distributing certificates to forwarders for the indexer configuration works fine in Splunk. But what about the management communication? It seems to be a chicken and egg problem. Can this be done via...
View ArticleProblem with map command - Using search from lookup
Hi all, I am trying to run a map command that will run searches from a lookup one by one as follows : | inputlookup "Correlation_searches.csv" | head 1 | map search="$check_search$" The head 1 is just...
View Articlecount number of serialnumber with dc takes lots of time
hello i have this query : index = amer_pj | `SerialNumber` | `Region` | stats dc(SerialNumber) as SerialNumber by Region | table SerialNumber which supposed to count the number of uniqe SerialNumbers...
View Articlelinebreak on expression passed into log
Trying to do a linebreak on **"CIB"** being passed into log. (I know, these logs are awful) Having problems breaking on the **CIB** expression though. Any suggestions? Splunk wants to break on OFX...
View ArticleEstimated date/release for end of support of Linux kernel 2.6
Hello, I see that Linux kernel 2.6 is deprecated since 1 year (on April 2018, with Splunk 7.1.0). https://docs.splunk.com/Documentation/Splunk/7.1.0/ReleaseNotes/Deprecatedfeatures#Platform_support I...
View ArticleAddon approval procedure
Hello everyone, Now we don't need to request for Addon approval any more? It is done automatically by AppInspect instead? Thanks,
View ArticleHow to get rid of blank space in my linechart result when using timechart...
I am trying to read cpu usage from PC and trying to present it using timechart. It adds blank (the chart has gaps inbetween) when machine is offline and no data to populate during that time. How can I...
View ArticleConnecting IBM MQ to splunk
Does anyone know how to load the MQ queue data to Splunk? I mean I have a series of events constantly coming to IBM MQ and I want to load that data to Splunk automatically and create dashboards for the...
View ArticleSplunk Enterprise deployment on AWS fails.
I followed the Splunk Enterprise Deployment guide and created a stack on my existing AWS VPC. I was in the middle of configuration when the CF process did a rollback due to some "Failed to receive 1...
View Articlenslookup TXT queries with Splunk
I am trying to see if its possible to run nslookup -q=TXT domain 8.8.8.8 so i can compare the results of the output to an existing lookup csv file.
View ArticleJboss server running on linux - Check whether it is running or not?
Hi, I want to create a server status dashboard. I want to check whether the jboss server running on linux os is up or not. I cannot use any add-ons. It needs to be achieved using the simple splunk...
View ArticleHow to restrict access to indexed fields
I would like to restrict access to a specific indexed field. Here's my scenario: - events contain usernames - I use INGEST_EVAL to: create the user field (user), create a hashed version of the user...
View ArticleHow can I add a percentage sign to the radial gauge number that is displayed ?
Hi splunkers! I got this query and I would like to display the percentage symbol in a radial gauge , but it doenst display the number with "%" inside of the gauge. What do I have to do for get this...
View Article