Is it possible to preserve sourcetype, host and source in the collect
We have index with access logs from multiple hosts and systems with different sourcetype. When i trying to add information from dynamic lookup to events and save them in summary-index with **collect**...
View ArticleDropbox is deprecating the V1 API. How does this affect the Splunk App for...
Is this app using anything of the V1 API for Dropbox? If so, it looks like we have a year to get that cleaned up. Any comments?
View ArticleHow to search which are the device not sending logs
Hi Team, How to search which are the host and Source not sending logs. the below metadata search shows only host. How can i add source . I need to column of source,Host,lasttime and duration. |metadata...
View ArticleUse cases for Mailbox
Hi Team, How can i write search script for the below use case? We have Financial Audit Department, If any one access Financial Audit Department mailbox or sharepoint sites apart from the Financial...
View ArticleHow do I filter out results of a search AFTER the search?
Basically I have a search from multiple different sources with lots of raw rex field extractions and transactions and evals. Is it possible to filter out the results after all of those? E.g. Only show...
View ArticleEvents with RSYSLOG_ForwardFormat time not parsing and normalizing to UTC
Hello I have some rsyslog data coming from an rsyslog server configured with RSYSLOG_ForwardFormat to tcp port 5140 on one of the indexer cluster hosts. The data looks like this in Splunk:...
View ArticleExtract Json string from log event
I have below log format using search query I want to extract json string starting from category field and want automatically make key value pair attributes. Here twist is I dont have access to change...
View Articledb connect connection closed by peer error in splunkd log .
When i am trying to fetch data using db connect app in batch mode i am getting an error " connection closed by peer" This error is only in batch mode . Found this error in the splunkd log file.
View Articlecreate summary index in transforms.conf
Hi all, I currently have a scheduled search that runs every minute and filters certain events for the previous minute and then creates a summary index. However, I got to wondering whether this would be...
View ArticleFind out the role of a Splunk server
Hello, I have 2 servers on which Splunk is installed. I am able to access the Splunk console using splunk2 server. In the DMC, only splunk2 shows up in the standalone mode with the following server...
View ArticleCan I select specified fields with the Python SDK?
I'd like to write a python script to select only certain fields such as the UI does (example below) and load them into a pandas dataframe. ![alt text][1] [1]: /storage/temp/155195-splunkquestion.jpg
View ArticleJoin two fields within the same index
From one single index, there contains the following four fields, *Source, Name, EquivalentName* (part of the records under *EquivalentName* having the same data as the field, *Name*) and *Result*....
View ArticleSplunk Indexer hardware uplift: How to make best use of low end servers and...
Currently our Indexers are quite old and have 32GB RAM and 12 Cores. The new servers have 256GB RAM and 32 cores. So its about 3x times powerful than the old hardware. But unfortunately, its just...
View ArticleExtracting fields from snmp traps
Hi all, I'm trying to extract key/value data from SNMP trap data logged to my splunk server. I have snmptrapd running in the background and logging to a file, which splunk is monitoring. All that is...
View ArticleHow do I solve adding data inputs into DB Connect?
I have successfully made an identity and connection. And have successfully validated that I am able to connect. ATM I am now attempting to add in a data input, however when I execute the query in...
View ArticleHow to save the output of 'dump' command in remote hdfs?
The manual (https://docs.splunk.com/Documentation/Splunk/6.4.2/SearchReference/Dump) talks about using "_dstpath", I tried _dstpath='hdfs://:port/testdir' but it didn't work. Any idea if this is...
View ArticleCan you query external systems with the curl command in JKats Toolkit?
Hi, Is it possible to query external systems (non-Splunk) with the curl command provided in the JKats toolkit? What is the "data" option for" Posting?
View ArticleHow do you set up user name information in the Splunk App for AWS?
I have Splunk App for AWS in Splunk. I'm having issues with Configuration Updates in the app. I can see change events when a user creates, updates, or deletes something in AWS. What I can't see is who...
View ArticleHow to pull mail delivery tracking logs from Google's API and index it in...
Hello fellow Splunkers, I am trying to investigate if there is a way to interact with Google's API and pull out periodically via their API the mail delivery tracking logs. I can see that these logs can...
View ArticleHow do I get splunk to forward logs from a docker file?
Hi, I currently was testing my splunk forwarder through a RedHat Centos7 virtualbox. It was originally reading from a excel file, but now I am trying to get it to read from our dockerfile. I downloaded...
View Article