Create correlation search from multiple host or device logs based on the...
Hi all, I want to create the correlation search in order to further enhance our current security alert from splunk by correlating the search from multiple host and device logs and then merge the...
View ArticleSparkline not working in 7.2.6
Hi I am on version 7.1.6 and want to move to 7.2.6 but i have noticed that spark-lines don't work in the new version. Or am i missing something? This is the SPL index=mlc_live | table host _time| chart...
View Articlesystemd journald logs not being read by TA_NIX
Why doesn't the Unix / Linux add on have default support for picking up logs from the systemd logs into journald? I realize journald is a binary format, I don't think it makes sense to ignore that data...
View Articleperfmon Accurate Memory Utilization Percentage
We are starting to use the Splunk App for Infrastructure to ingest Windows metrics. One of the KPIs we want to measure is percentage of memory used on servers. It appears that is not an available...
View Articleuser request in splunk servers
Hi , i have more that 22 SH and 18 indexers i want to know the how may request are coming to each search head and indexer Can someone help me with basic query for this
View ArticleData not readable on receiver
Hello All, I have a question. It seems that I am unable to correctly configure a relationship from a server which has the Universal Forwarder installed (and acts like it is forwarding data) On the...
View ArticleIs there a roadmap to provide a Cloud data model for the CIM app
Hello, I was wondering if there is an enhancement request from Splunk to define a data model specifically for Cloud service providers? There are some TAs for AWS, Azure, and Google out on the...
View ArticleProblems to collect logs from checkpoint OP SEC
Hello! We have a problem with OP SEC LEA, the splunk restarted for a problem of storage because is over a Centos7, since there we cant collect logs from checkpoint and we have the next message....
View ArticleCompare a field date with current date for alert
I have a simple windows script that collects CRL expiration dates and runs as a task every 24 hours `echo | set /P = "%date:~4,10% %time:~1,7% " >> c:\crl_expiration.log echo | set /P = "crl1.crl...
View ArticleNeed to Calculate Response Time matching Index ID between 2 lines in the search
![alt text][1] [1]: /storage/temp/272686-splunk.jpg If look the below screen shot due to multiple calls in same time some time response takes a while and we need to match the ID and calculate...
View ArticleSplunk OVA for VMware - when updating to CentOS 7?
Does anyone have information on when the OVA's will be built on CentOS 7? CentOS 6 is EOL 11/30/2020... our UNIX team strongly prefers CentOS 7 at this point. I am aware we can build our own DCNs on...
View ArticleAvecto Log Ingestion
Hi, I'm trying to get Avecto data to my splunk indexer. The current environment is I have a splunk app that sends WinEvent:Application logs to indexer with some event codes whitelisted. What I want is...
View ArticleSplunk HTTP Event Collector
Hi , i am running currently 2 issues. My all Http event collector tokens are disabled and it says enable global settings when i click and enable global settings it says unable to write to...
View ArticleHow to add hyperlink to column value in Splunk dashboard?
Hi, Can someone please advise how to add a hyperlink to the column fields in a table? E.g. How can I make NewField value a hyperlink to Field1 values (e.g. ID01 and ID02 ) in the table below instead of...
View Articlemap command returns main index even searching _internal only
I tried to test map command on Splunk 7.1.3 with following search: index=_internal earliest=-60m | map maxsearches=1 search="search index=_internal earliest=-6m latest=-1m | head 1" Theoretically, this...
View ArticlePhantom app for Splunk
There was an error adding the server configuration. Verify server's 'Allowed IPs' and authorization configuration. Status: 403 Text: Forbidden Getting this error trying both SSL and Non SSL...
View Articlehel p for calculating an interval in seconds between now date and a timestamp...
hello I need to monitore events included in a now() date and the event creation date So I need to calculate the interval between these 2 dates in seconds I have no error when I execute my code but the...
View Articlehelp on tostring function
hello I am doing the distinct count below in my search | stats dc(host) AS OnlineCount by Code | where Code = "Online" | fields OnlineCount | appendpipe [ stats count | where count=0] But I also need...
View ArticleKey Error in Python Splunk SDK while accessing KV store
Hi, I'm getting Key Error while accessing splunk kv store using splunk python sdk. Python Version: 2.7 Splunk sdk version : 1.6.6 OS: Windows 7 & 10 Code: import sys, json from splunklib.client...
View ArticleSplunk for desktop environment
Can splunk be used to collect and manage win10 event traces / performance data ? Are there any use cases where splunk for used to manage enduser environement (Desktop/Laptop) ? Any help will be...
View Article
