Is the current version (1.0.7) comaptible with Splunk 6.5?
I currently have Azure Event Hubs Capture Log Integrator v1.0.4 installed in our environment but it is no longer available. Can you please advise if Azure Event Hubs Capture Log Integrator v1.0.7 is...
View ArticleCan anyone help me how to configure heavy forwarder?
I installed the Splunk enterprise on Linux, I used universal forwarder and I could get my logs using it on my Splunk instance, now I want to parse my logs using a heavy forwarder, can anyone help me...
View ArticleReplace random string in a field
Hi team, I've 1 field named - 'URI' coming in micro service log dump. Example Values of URI field is like below - /mobile/login /desktop/login /account/100123445/details /account/100123999/details...
View ArticleHow to add the timestamp in all panels in my dashboard
Hi, I would like to add the time in my panels for my dashboard. I have written the below xml code for it. Do i need to change it. How to call the token for other panels. I have gone through the...
View ArticleIs Async.sleep() available to Javascript
I have some JS that is iterating a result set with on('data'). Inside that loop, I am setting up a new search with SearchManager and executing that search. I need to wait for that search to finish...
View ArticleREST Inputs failing to run
Our REST API modular inptuts are failing to retrieve data. We are seeing the below error in splunkd for REST Modular Inputs. ERROR ExecProcessor - message from "python...
View ArticleAS400 third-party agent for forwarding data to splunk
Hello, I need to forwards logs from AS400 into splunk instance. The best option to do that is through the third-party agent, as I investigated on internet and other questions in splunkbase. My question...
View ArticleFalse alert received
Am Gopinath. I have one small question. If am receiving a false alert from splunk. For an example- the data has to be transferred at 3am-4am and as per the cron it was transferred but still am getting...
View ArticleSelf-signed certificate without warnings?
Has anybody figured out how to use a self-signed certificate without getting a warning that it's invalid? I can access Splunk anyway and it does in fact use my certificate, but for the long haul I...
View Articlei want to create the field of error :
![alt text][1] [1]: /storage/temp/273328-annotation.png create the field "DM Call errors #" , then count this number. I tried to use case, but I dont have the field as title to match
View ArticleHow to pass search name to savedsearch
Hello, I have the following search, which works fine and returns the proper result "RCA_MEMORY": |makeresults | eval mysearch = [ |dbxquery query="call...
View Articleis there a way for Splunk forwarder to merge difference lines to one event?
Hello, I just getting into Splunk and wondering if I can set the forwarder (maybe heavy forwarder) to merge different lines into one event. The lines are not necessarily one after the other. I want to...
View Articleanyone else have an error when upgrading from ES 5.30 to 5.31 fails on sa-utils
testing out the july 24 2019 release of Enterprise Security. Consistently fails on enabling the application (Fails on sa-utils) anyone have the same problem?
View ArticleHow to delete an Orphaned Scheduled Searches in Cluster Environment
Hi, I am planning to delete the orphan scheduled search in Splunk Clustered Search Head. is there any best way to remove it from one Search Head member to see changes in all member. Probably a Rest API...
View ArticleScript error in Splunk cause/solution?
All, I am getting this error in a clean install of Splunk on my search head. Curious why this script reaches out to the internet and what it does? How can I disabled it? Should I get my firewall guy to...
View ArticleSplunk Linux Infra resource monitoring not using the monitoring console
Good morning I have been tasked with creating a Dashboard that will be visible by another team to show the Splunk Linux infra resource status and all the data that entails, but they won't be an admin...
View ArticleWhich default certificate should I use to certify my HTTP Event Collector
I am running some C# code that sends a POST request to my Splunk HTTP Event Collector at the following URL - https://localhost:8088/services/collector/raw to submit a log I am getting the following...
View ArticleHelp In writing Regex for a dashboard
I have may entries under the event field. I wanted a regex that separates extra out such as anything after GBP ,AMP Eg - events 1 LOG-NOTIFYCMD-dce-<1SS4C413----> LOG-NOTIFYCMD-dce 2...
View ArticleMatching values from a subsearch using append
I'm having an issue with matching results between two searches utilizing the append command. I realize I could use the join command but my goal is to create a new field labeled Match. index=type1...
View ArticleWhy Splunkd stops running but the splunkd.pid file remains
I have a Daily Splunk report that lets me know when it hasn't heard from a server for a while. Sometimes when I get to the server I use my restartsplunk script and get one of these: --------------...
View Article