SSO SAML using ADFS
I've tried for the past few days using every article and resource I can to get Splunk to work with SSO, but am ending up short. We currently have an instance installed on a windows server that works...
View ArticleStash graph with time intervals.
{"dtm":"2019-09-04 07:17:39.129 PDT", "logger":".WEB_ORDER_RELEASE",...
View ArticleNeed to sort macOS versions
I imported data from jamf cloud into splunk and one of the fields being returned is the operating system version. It seems to be in a x.y.z format. I am removing the last two characters to get a count...
View ArticleAfter Splunk forwarder upgrade to version 7.3.0 from 6.6.x - splunk forwarder...
Hi All, After upgrading my splunk forwarder to version 7.3.0 from 6.6.x. my splunk forwarder didnt start. it is shwoing the below error. A Splunk installation already exists. This will upgrade the...
View Articlehow to transform a search into a csv file in order to query the csv instead...
hello I have done a saved search scheduled one time per day from the query below index=toto sourcetype="tutu" host=3154 | outputlookup test.csv I have done an `outputlookup test.csv` because I need to...
View ArticleMonitor alerts (alarm if alerts do not work)
Hello together, i want to monitor existing alerts in splunk. For the case that an alarm doesn't work proper and doesn't find anything I want to get a notice or an alarm for that. I do not know how to...
View ArticleCalculate the average of count per day
I am fetching production data like the number of completed for the last 7 days for different procustion customer and I want to find the average order per production customer per day, I have used the...
View ArticleSum of a multivalue field inside a row
Sum of a multivalue field inside a row Hi below is how my processed data look like ![alt text][1] And the expected output is to have aggregated values of Field A, field B, field C and Total, the...
View ArticleSystem failures
Hello Everyone, I am trying to identify the system failure based on the below sample data :- ABCD AB1234 USERID SYSTEM ABCD AB1234 XXXXX ABCD AB1234 YYYYY ABCD AB1234 ZZZZZZ ABCD AB1234 FAILD ABCD...
View ArticleSAP Solman Integration using RestAPI
Hi All, Would like to understand did someone tries integrating Solman with Splunk using REST API to just get the alerts in Splunk. Regards, Shweta
View ArticleMonitor URL and Validate if Login Successful?
Hey Splunkers, I am montoring URL connectivity in splunk, monitoring as in the response_code of the URLs. With that, i want to also check, when the URL s up, user enter the credentials, then the Login...
View Articleusing output from a query as the query for another query
I am using the Custom Radar add on visualization. It requires using |makeresults to generate the data needed to create the graph. I have worked out how to run a query that produces the |makeresults...
View Articlesearch show results not existing in logs.
Hi Splunker; I have the below search: index=winevents host=prdaddc02 OR host=PRDADDC01 OR host=DZITHQ-DC3 sourcetype="WinEventLog:Security" signature="An account was successfully logged on" OR...
View Articleorphaned searches
Hello , How can i solve this message : Search peer SRV-P-INDEXER has the following message: Splunk has found 3 orphaned searches owned by 2 unique disabled users. PS : all the users can't connect to...
View ArticleIndex Vs Apps
Is there a way to determine where all an index is being used. can we at least identify the app/dashboard using a particular index. is it possible in splunk, or we have a write a custom code...
View ArticlePolling not working, the rest addon is just showing the only the initial few.
Polling not working, the rest addon is just showing the only the initial few. The only data that i see is from the day that i set it up. At that time I did not knew how to set polling. When I did it,...
View ArticleHow can i convert negative values to positiv
I have a field with negative values, I want to convert these values into positive values. How can I do this?
View Articlehow do i use the variable name1 in the table command later?
... |rename General.SetupViews as Modes|eval mode=split(Modes," ")|eval name1=mvindex(mode,0) | eval name2=mvindex(mode,1) | eval name3=mvindex(mode,2) | eval name4=mvindex(mode,3) | spath | table...
View ArticleWhat should a stream metric regex look like for AWS Addon CloudWatchLogs
Hello I need to stream access_logs from aws from different directories such as /directory/subdirectory1/subdirectory2/subdirectory3/**various cryptic numbers**/var/log/apache2/access.log. I would need...
View ArticleDbconnect with windows based SQL Server
I am attempting to ingest data from Windows based SQL Server from Dbconnect on linux HF. We are not allowed to use jtdc driver since it is not SSL encrypted. What is the alternative to connect to...
View Article