Troubleshoot a MonitorNoHandle input
I have a UF (7.3.1) configured with the Splunk TA for Windows Inf. 6.0. It is a Domain Controller and has about 16 different inputs configured. The DC is running Windows Server 2016 Core. This morning...
View ArticleSplunk DB Connect wont return results from Views
Hi All, I have successfully connected to the SQL server and try to run a query using views but it doesn't return results. Unlike when i'm running a query using tables, it successfully return results....
View ArticleHow to use token in javascript file
I have a multiselect panel on my dashboard and js file attached to the dashboard as well. How do i pass the token value from the multiselect into the javascript file? e.g.: xyzabcabcabcindex="index" |...
View ArticleHover on an image inside the number viz customization panel
how to hover on an image to display a text over on it in a single value visualisation . ![alt text][1] [1]: /storage/temp/274552-dig.jpg Below is the screenshot for my panel . I want to display text on...
View ArticleView Indexer config with only access to the cluster master & search head GUI
I have administrator access to the GUI of the search head cluster master and search head, but not the indexers. I am troubleshooting why data isn't coming into Splunk and need to see the following...
View ArticleSplunk cluster indexers are consuming high memory
Splunk cluster indexers are consuming high memory. Memory usage on indexer server is always at 99% used, after restarting splunk it's coming down but within one minute again reaching at 99%. Nothing...
View Article300 events are seen with the same Source IP and different Destination IP in 1...
Translating Qradar rules to SPL and stocked with setting thresholds 300 events are seen with the same Source IP and different Destination IP in 1 hour no idea which parameters to use ? any hints ?
View Articlehelp to transform an original search with fields in csv file to the same...
hello I need to transform the search below because now the fields of tutu.csv and toto.csv are in the index "tata" So I want to do a identical search based on the fields in the index "tata" It means...
View Articlehelp on a field renaming in a subsearch
hello in my csv file I have a field called "host" and in my index a field called "HOSTNAME" its the same field and I have to rename it in order to be able to match the events but i dont understand why...
View ArticleLicense Pool Violation - After Search is disabled on a license pool due to 5...
Hello, I had an issue with one of our applications which generate too many events => I have been in 5 days of license violation. Searches are disabled as I am in a pre 6.5 Splunk Enterprise license...
View Articleeval command help
Hi All, Need help to get the values from multi field value. We have a field name "properties.targetResources{}.displayName" which has the multiple field value. Now when we have the field...
View ArticleSplunk HEC - AWS VPC Flow Logs - Timeout
Hi, I've been trying, unsuccessfully, to configure a Splunk HEC endpoint to consume AWS VPC Flow Logs via Firehose. Having slowly worked through various errors, including HEC acknowledgement being...
View ArticleHow can I use btool to find where a specific index was created?
I've been tasked with using btool (in debug mode) to find where the settings for the “onboarding” index was written by the GUI, and can't seem to figure out exactly how to do so. Any help is much...
View ArticleHow to calculate the average duration of each steps within a transaction?
Hi, I have events indexed in the following format: type=a transactionID=xxxxxxxxxxx status=Created lastUpdateTime=_time type=a transactionID=xxxxxxxxxxx status=Processing lastUpdateTime=_time type=a...
View ArticleUse a Python module in a custom alert action
I have a custom alert action that I wrote using the manual on the documentation: https://docs.splunk.com/Documentation/Splunk/7.3.1/AdvancedDev/ModAlertsIntro I need to import a Python module (boto3)...
View ArticleRegex not working as expected
For one of the Security usecase, we need to extract Group Memberships from the Domain\. The trickier part is some of the Group Memberships doesnt have domain name in front of it. I am attaching the...
View ArticleExtract multiple values from a single field into multiple unique fields
Hello, Is there a way to split out the unique values of a field into separate fields that are returned after a search? For example, my search returns the following syslog messages Login Success from...
View ArticleHow to write throttle alert?
Hi,all I have a question about how to write throttle alert. I want to specify two fields. But, I can not find document. my field is "name" and "region". I think name AND region OR name, region If you...
View ArticleCustom audit path with rlog.sh
Hi, I have audit data coming from a port (UDP) to Heavy Forwarder[via syslog] and have to apply rlog.sh on the same. Just to start, I tried to monitor a custom path rather than the...
View Articleunable to get pdf of a splunk dashboard after hitting curl command via splunk...
Hi All, I am trying to get dashboard screenshot/pdf via hitting curl to splunk rest api as below:- curl -u usr:pwd -sk...
View Article