Will the HTTP Event Collector respond with any error if it can't keep up with...
I am planning to use HEC on heavy forwarder(s) which will forward to the indexer(s). My question: Is HEC designed to return any error(s) to the sender if it can't keep up with volume of input? Does...
View ArticleHow to modify the behaviour of Workflow Action to show modal box when clicked?
Hi everyone, I am trying to modify the behaviour of my custom workflow action, I would like it to show a modal box for some user input before sending it to an url. I've seen similar behaviour in...
View ArticleWhat is a search that i can use to show any scheduled search jobs that may...
We have a problem with scheduled searches where they will sometimes be delayed due to heavy load on our search heads/indexers. I want to know what jobs have been delayed and how long in minutes if...
View ArticleHow to disable indexing feature on search head cluster (members)
Hi, I recently deployed search head cluster and indexer cluster and integrated. How i can disable indexing feature on searchhead cluster members? is there any workaround without making entry in...
View ArticleHow to edit my stats search to display certain fields based on a resulting...
I have some data that looks like: Status Rec_Cnt Message OK 723 File produced 723 records ERROR 123 Directory does not exist What I want is for `Status = "OK"` to only display the **Status** and...
View ArticleHow to edit my transaction search to exclude events between a certain daily...
Hi, I defined a NIC state change on a PC to go from wired to wireless, which identifies an error for our team. However, the PCs reboot daily. I need to exclude a daily period from 4am to 5am. This is...
View ArticleHow to search for events that are in one index, but not in another without...
I have 3 indexes containing events with IP addresses, index1, index2, and index3. My goal is to return a list of all IP addresses that are present in index1, but are not present in index2 or index3. My...
View ArticleWhy is our Windows Splunk forwarder displaying passwords in clear text in the...
On the Windows side, the Splunk forwarder file displays clear text passwords. Can they be encrypted, and how? Thanks
View ArticleWhy am I unable to add custom navigation menus to the Cisto eStreamer for...
In the past I've successfully added custom navigation menus to a variety of Splunkbase and custom apps with no problem, but when I attempt to do the same in the Cisco eStreamer for Splunk app, the XML...
View ArticleHost name incorrect for Cherwell input. How do we configure Splunk to use the...
Hello, We have configured a number of our Cherwell servers to send data to Splunk on our Management port 89 ( default 8089 ). Issue is we have a few servers with the same name in different domains, so...
View ArticleHow to extract kv from a variable format field?
I need to extract some keys/values from a certain field, however it doesn't have a fixed format. Actually this field can contain multiple sub-fields and assume different lengths according to the data's...
View ArticleHow filter results from the outer search in join subsearches?
I'm trying to monitor a set of hosts that run a batch process, and I want to produce output that dynamically identifies the hosts according to filter key words, then join that list of hosts with...
View ArticleIs there any session timeout for accessing Splunk through the Java SDK?...
When I try to read results from a saved job using sid through the Java SDK,, it's throwing a 401 error. I want to know, is there any default session timeout for accessing Splunk through an api?
View ArticleHow to remove columns from search results when they are empty?
I am trying to remove columns from my search when they return null. Previously, my entire panel would just result with "no results found", but I wanted to display something here instead of that...
View ArticleHow to manage Splunk forwarders from a Splunk deployment server installed on...
So, I have Splunk Enterprise installed on a VM and it runs fine, but so far I have been upgrading the Splunk forwarders manually. I want to install Splunk on a different VM and manage the forwarders...
View ArticleUnable to bootstrap a shcluster node as master
Here is a log: [root@hostname local]# splunk bootstrap shcluster-captain -servers_list "http://101.0.7.65:8089,http://101.0.77.7:8089,http://101.0.67.8:8089" -auth admin:D01TBuildingTh3Future! In...
View ArticleHas anyone been able to get Splunk Web with TLS1.2 and Firefox?
**Has anyone been able to get Splunk Web to work with TLS1.2 AND Firefox?** I know the web.conf needs to have enableSplunkWebSSL = true sslVersions = tls1.2 and I need to remove the supportSSLV3Only...
View ArticleHow to resolve error "BTree::Exception: Node::readLE failure" on a Splunk...
One of our Splunk forwarders has stopped forwarding anything to the Indexer. End of /opt/splunkforwarder/var/log/splunk/splunkd.log looks like this (after restart): ... 08-17-2016 16:25:09.384 -0700...
View Articlehttpd.conf configuration for logging recommendation?
All, We have legacy servers going years back and newer ones etc. Basically, we have ended up with about 30 different settings in httpd.conf for logging. They asked me what I want the standard to be for...
View ArticleCreate user and grant him search privilege on a specific index with cURL
Hi guys, I'm trying to create a user and only grant him search privilege on a specific index using cURL. So far I used these two commands: Index creation: curl -k -u admin:password...
View Article