How do I get the 8 standard alert action script parameters AND custom...
I've been able to successfully access the 8 command line parameters passed into a regular alert action shell script just fine. Now I've graduated to building a custom alert action patterned after the...
View ArticleIs it possible to derive the server's time using SplunkJS or by other means...
Using `Math.floor(new Date()/1000);` results in the browser's epoch time. Is it possible using the JS libraries provided by Splunk to return the current server-side time? For example I can use...
View ArticleIs it possible to run a query on a log file that would pull the log lines...
it's possible to run a query on a log file that would pull the log lines above and below the returned result.Look in the Directory for people called Alex, plus 100 names above them and 100 names below...
View ArticleGetting request timed out error when I launch the splunk console in browser...
I started Splunk on a Linux VM on virtual box. I am trying to browse the Splunk console using http://:8000 after the daemon is started and it gives the request timed out error in the browser. What...
View ArticleHow to Prevent Old RDS Instance Data From Displaying in Splunk App for AWS?
**Splunk Version 6.3.0 Splunk Build aa7d4b1ccb80 Splunk App for AWS App Version 4.2.1 App Build 34** I have a weird situation where old RDS instance information displays in **Usage -> Relational...
View ArticleNeed help to capture TCP events.
Hello Team, Would be great to know how do I capture the following alerts in Splunk. 1) TCP Connect Request 2) TCP Disconnect Request 3) TCP Connect Confirm 4) TCP Disconnect Confirm I need to sniff the...
View ArticleI want to assign a value which comes under xml to a variable that I need to...
I want to assign a value which comes under xml to a variable that I need to us under javascript. or to put it better, I want to assign the value of output of a query to a variable that i need to use...
View Articlehow use a datepicker in fieldset in dashboard ?
hi, i'm using html dashboard and i try to add a datepicker for some input fields. i found the code on another [link (splunk answer)][1] but how can i hide the calendar when i selected date? [1]:...
View ArticleProps.conf extractions
Any reason why my statement for props.conf isn't showing up as an extracted field? EXTRACT-kls_error = (?(kls_error_*)\w+) When I use just the rex in a search it gets the exact info that I need but...
View Articlecan't figure out line breaks on a particular file I have
Hi There, I have a log file that looks like this (where it says "blank line" is a blank line, not the words "blank line.") blank line Thu Aug 11 06:05PM paging-script.sh args: An Incident 11111111...
View ArticleHow to use a MapR cluster for frozen/archival storage in Splunk?
Hello, Let me first preface this by saying that I am very new to Splunk, MapR, NFS, and big data in general. I tried researching, but a lot of documentation / forum Answers go over my head or require...
View ArticleWhy isn't the Cisco eStreamer for Splunk app not polling Connection/RNA data?
We have the FMC set to send connection events, and they are turned on in the Access Policies (set to just send to the FMC, not syslog) and when we first started up eStreamer, we got a large burst of...
View ArticleWhy do I get error "This site can't provide a secure connection" when trying...
I get this error when trying to download modular inputs for Meraki.... This site can’t provide a secure connection www.dropbox.com sent an invalid response. Try: • Reloading the page • Learn more about...
View ArticleWhy am I unable to add hosts with more than one Splunk instance to the...
Hi. I'm wondering if I'm missing something here, but it seems like I can't manage a server that has more than one Splunk instance on it using the Distributed Management Console (Splunk 6.4+). I noticed...
View ArticleHow can I do search count by DN here?
How can I do search count by dn here? tag=101 means search. I have already used transaction conn to separate based on connection number![alt text][1] [1]:...
View Article"AND" and "OR" operations in text panel (splunk dashboard)
I made a text panel in splunk dash board. I want to use "AND" and "OR" operations in the text panel for searching contents. but the "AND" and "OR" operation results are different with my expectation....
View ArticleHow to roll all hot buckets from hot to warm?
There is a command which can roll an index from hot to warm - splunk _internal call /data/indexes//roll-hot-buckets –auth (admin_username):(admin_password) Is there a way we can roll all the index...
View ArticleSelecting log entry having smallest field value
Suppose I have log data like this:2016-08-24 03:46:15 GMT vehicle_id="1075" vehicle_distance=145 stop_tag="5687" ... 2016-08-24 03:46:52 GMT vehicle_id="1075" vehicle_distance=19 stop_tag="5687" ......
View ArticleQuery for Results count making performance worse
In the view, we have one table. We want to know the total results found for that particular search. So we used one more search on button click with the same query to get the count of the results using...
View ArticleRegex pattern for "Add Data" / custom sourcetype
Hello guys, please let me know the regex pattern format for this screen : /en-US/manager/search/adddata/datapreview Is it raw regex pattern like /^(\S+) \S+ \S+ \[([^\]]+)\] "([A-Z]+)[^"]*" \d+ \d+...
View Article