How to get the token value inside my javascript code to use it for if and...
// Access the "submitted" token model var tokens = mvc.Components.get("submitted"); // Retrieve the value of a token $mytoken$ var tokenValue = tokens.get("mytoken"); I am using the above code inside
View ArticleDNS look up set up in splunk 6.4.2 on windows
Hi Team, I was trying to achieve the DNS lookup concept in splunk 6.4.2 in window server but its not working ,can someone pls help me on this. I have gone through an article and did the set up as it is...
View ArticleMac OS client logs into splunk
I'm tasked with getting our Mac OS clients (desktops and laptops) to log the following to splunk: Authentication success Authentication failures Invalid login Adding/removing user accounts User Account...
View ArticleWMI LocalAdmin returning data for all domain servers
I have configured my UF WMI.conf file as below [WMI:LocalAdmins] interval = 3600 index = myindex wql = SELECT * FROM Win32_GroupUser disabled = 0 On Splunk 6.2.3 version, I am getting details of...
View Articlecacert.pem - Why does Splunk need it to start?
Quick details: We are running Splunk 6.4.2 on Windows 2k8 as a standalone deployment. We are using third part certs with the root and intermediary certs in the cert chain. I have specified web.conf to...
View Articlecompare results of two searches
i have to searches : 1) index=symantec_sep sourcetype="symantec:ep:scan:file" | dedup dest |table dest | sort dest 2) index=os_windows Workstation_Name="*"| dedup Workstation_Name | table...
View ArticleWhy is clustered indexers duplicating non-load balanced data?
When I run a simple query "index=syslog update sourcetype=fgt_event devname=xxxxx", it returns duplicate (2) events with the only difference being the splunk_server field. The device is sending syslog...
View ArticleNeed to love all internal and external clustered indexes to new mount point
I just built a shiny new 6.4 Index and SH Cluster and need to put all clustered indexes on a larger faster 3TB drive. The cluster is up and running, how is this accomplished? I have read many articles...
View ArticleTableView using splunkjs can show events but not tabular results. What am I...
Tableview will only show events but I can not get it to show any table ie. "results" instead of "events". For example: "index = _internal | head 10" works, but "index = _internal | head 10 | table *"...
View ArticleHow do I change sourcetype but also keep previous sourcetype?
Hi all, I realized then Splunk hasn't been correctly auto-setting the sourcetypes for my incoming logs, resulting in lots of sourcetypes. Now, when I want to do field extractions, I'm unable to do so...
View ArticleUniversal forwarder connecting to heavy forwarder but not sending windows...
Hello, I have a client with a Windows 2008r2 server running a universal forwarder and set to forward Windows Event, Application, and Security logs to a heavy forwarder. From there the client is using...
View ArticleI want to delete duplicates from the splunk index which have same _raw and...
Tried using the already answered question on splunk answer on the same topic they say do it using lookup or sub search. like this Error on using delete on stream stats:- index=idx1...
View ArticleCompare two search results' differences over time
First timer here - hi all and thanks for this amazing ressource. I am trying to timechart the counts for unique and shared values of 2 different lists. My events: `"2016-08-08 10:46:09"...
View ArticleREST Modular Input - Cron Schedule not working. Known Issues?
Are there any known issues or gotchas with this? I tried to use this and could not get it to work. Cron Schedule was `0 4 * * *` so I expected it to run at 4 in the morning, which it did not. So I also...
View ArticleRenaming column at runtime without knowing at coding time their names.
Hi. I have the following query BASE QUERY earliest=-7d latest=now | bucket _time span=7d | stats count as events by source _time |chart sum(events) by source, _time this query gives me the column...
View ArticleChoropleth Sequential Normalisation
Hey Guys, I have a choropleth map which returns the amount of hits on security data from ip's attacking from different countries search : index=... | iplocation SRC_IP | stats count by Country | eval...
View ArticleHow to install the Website Monitoring Splunk app ?,How to install the website...
Hello, I m struggling to install this app. I've downloaded the tgz file but can't find the setup they are referring to in the details page nowhere. Besides the installation process is not mentioned...
View Articlehow log monitoring used and whether it is secure?
how log monitoring used and whether it is secure?.Please reply to my question in brief
View ArticleMake splunk return latest results first
Hi, I have a dashboard with search queries which take tens of seconds to run. The results are displayed as charts, and they tend to come in random order (i.e. we see the line grow randomly across the X...
View ArticleMultiple where count > in the same string
We always see some failures in our logs. But when we have an issue, the number of failures goes thru the roof. I'm trying to combine all the failures types and the threshold we've specified into a...
View Article