Running into errors while disabling the legacy ciphers in splunk 7.2
I am trying to follow the document to disable the legacy ciphers in the Splunk 7.2, and I notice that the cluster master is been disconnected with the indexers and also the web interface of the Cluster...
View ArticleWhat is the best practice to send logging from mobile devices to Splunk?
Hi everyone, currently i'm investigating what the best practice is to send logging from mobile devices (Android) to Splunk. The android devices are logging in the syslog RFC5425 format and are using...
View ArticleIs it possible to use the panels of one Dashboard in another dashboard like a...
hi All, We are looking to create a dashboard with Panels containing OS metrics info and some Application status info of specific set of servers. We came to know that our infra team already has a...
View Articlefeed Splunk App for Windows Infrastructure without forwarders?
I have a situation where management wants to see server status of some remote deployed servers, but due mostly to politics, installing forwarders on these machines to push metrics back to our Indexer...
View ArticleHow to parse JSON with multiple array ?
Hi, Here is a sample : { columnNames: [ usersession.city Browser name count(duration) median(duration) ] extrapolationLevel: 1 values: [ [ City1 Browser1 URL1 1 4795 ] [ City2 Browser2 URL2 1 9761 ] ]...
View ArticleHow to upgrade Search head pooling in upgrading Splunk from 6.0.1 to 7.2.3
Hi, I need urgent assistance on upgrading Search head pooling. Mine is distributed environment(6.0.1) with below details Two indexers(Clustered) Two search heads(SHP) One Cluster master As per the...
View ArticleUpload CSV but CSV data shows as hexadecimal
Please see the attached screenshot. I have a CSV with valid data but when I upload the CSV, the GUI displays all of my column / rows as hex code.... Havent had an issue with any other CSV uploads.![alt...
View ArticleHow do I get cumulative moving average?
Hi guys, I am trying to compute and chart the cumulative moving average (ref. of what is it:https://en.wikipedia.org/wiki/Moving_average#Cumulative_moving_average) The point is that I am doing the...
View ArticleAlert when sum of values is greater than 25% of sum of other values
I would like to make an alert that is triggered when the sum of some values is greater than 25% of the sum of another set of values. Basically, I would like to alert the user when the quantity of scrap...
View ArticleDrilldown using chart clicks but also need all values
Hi, Something eiher I forgot or not getting right. I have a chart. See attached. When I click on the EVENTYPE value in chart, my additional stats table picks up search based off of the value clicked in...
View Articleconditional execution of search
Hello, I have a parts of the search, which I would like to execute conditionally. In the below example I am trying to trigger a database dump based on the decision variable set before. It all works...
View ArticleTwo Queries That Return Results Do not Return Results After Join
I have written two individual queries that both return the expected results. A. tag=*tag name* location="*location name*" message="*error message*" status=400 | rex field=_raw "*string from log*...
View ArticleWhat timezone does collect use?
There is something wrong (or not obvious from the documentation) with how `collect` takes timezones. `_time` fields should be stored in unixtime, right? I have a report which does a long search and I...
View ArticleDoes this app need to be installed on the licensing server?
Hello Vlad, Does this app need to be installed on the licensing server? It appears to show local rest searches so I just need to understand where the app is expected to be placed in the Splunk...
View ArticleError parsing dashboard XML: The URI to be decoded is not a valid encoding....
Windows Overview Dashboard error. Error parsing dashboard XML: The URI to be decoded is not a valid encoding. Go to "Edit Source" to fix Source: Windows Overview - v2.4 General Information System...
View ArticleWhy is CSV data showing up as hexadecimal?
Please see the attached screenshot. I have a uploaded CSV with valid data but when I upload the CSV, the GUI displays all of my column/rows as hex code. Haven't had an issue with any other CSV...
View ArticleDocker Splunk logging driver URL change
We are in the process of changing our Splunk web dns name and securing it with https. We are using Splunk logging driver for Docker to receive logs. Would we need to change the Splunk url on the...
View ArticlePossible to strip domain from src_user/user field?
For Palo logs, the username is being extracted with the domain in front of it, i.e., `domain\user` To be CIM compliant, shouldn't the domain\ be removed so only the user is listed as a value? Is there...
View Articlefile modified during boot not indexed
Hi Everyone, I have a problem with Splunk not indexing an XML file, modified during the windows boot process. Windows 10 creates an encrypted file during bootup which our powershell script parses and...
View ArticleHow to extract a list of quoted key value pairs when some values have spaces?
Hello, I am attempting to figure out how to extract the following example event for all fields (the real event has ~30 fields but these show all use cases). {'start_time': '2019-07-30 15:19:20',...
View Article