Automatic Role Removal
Hi, I wonder if someone can help me please. We allocate user roles via the authroize.conf file with all the settings needed for each role. By default, we don't allocate the 'export' function, but where...
View ArticleI want to use an 'or' argument in my search is this possible?
So I have a search query which returns registrations for a website called CXI. See below: sourcetype=applog Successfully created account for ROW member CXI Ideally I want the same query to look for two...
View ArticleHow to optimize rex to avoid the error message: Error in 'rex' command:...
Hi. Can you help me, please, to optimize the regular expression. The problem is, when I search in longer time, I receive the error message: Error in 'rex' command: regex= has exceeded configured...
View ArticleBest way to copy the $Splunk_Home/etc/apps/xx/local/ directories from...
Can Some one suggest the best approach to follow while migrating the Knowledge Objects from a existing Search head cluster running on 7.0.x version to a new Search head cluster running on 7.3.0 version...
View ArticleWhich is Splunk Enterprise latest stable version?
Hi everyone! we are going to updgrade our splunk (our current version 7.0.5). which is the most recent stable version? Thanks!
View ArticleMulti site cluster (3 sites) with a site separated from the other ones
Hello, please I would like to know if the following one is a possible/valid Splunk architecture. Multiste cluster, with sites A, B and C. 200 Forwarders. - site A and B communicating each other and...
View ArticleUsing Splunk Phantom post data to send data from Phantom back into Splunk
Hi I am new to Splunk Phantom and have so far far - Triggered an alert in Splunk - This send the data into Phantom - Phantom then runs a playbook which queries some Carbon Black stuff - I then want to...
View ArticleSSL certificates on each search heads in cluster
Hello, The SSl certs for search heads are expiring but the cert is valid on our F5 load balance for those search head. we are using third party certs and we tried to add the new certs to web.conf and...
View Articlecollect index="based on values"
Hi everybody, is it possible to create several summary index within one search? Example: "**Index A**" has a **field** "**OS**" with **values** "**Windows**", "**Linux**"... Is there a way to tell...
View ArticleTable time field using transaction
Hey all, I am working on a dashboard to do a basic email search through Proofpoint logs and am using the transaction command to stitch together the events with the same message_session_id. The query...
View ArticleDocumentation of sendalert's payload
Hello, I'm in need of clarification regarding custom alert actions and, in particular, the payload generated by the sendalert command. Sadly, I was unable to find these points adressed in the...
View ArticleMultiple fields in one chart
Hi, I struggling to create chart, which will be with multiple field values (max,avg and min pauses) + need to see months (January, February, March etc.) in X-Axis What I need to change here? `| eval...
View Articlemetrics - if field not present in raw data how to add it with default value?
In the data source I am ingesting it can happen that one of the fields is not present from time to time. The issue is when I am running a search on it and if I add that dimension to the query that...
View Articleudp data packets lost at Heavy Forwarder
I am observing packet loss on Heavy forwarder due to which I am missing the important messages which we are being sent using snmp traps. I have already increased the rmem buffer size to the suggested...
View ArticleReboots required after app/add-on update
I am preparing to upgrade numerous apps and add-ons. I will be using deployment server for all changes. The changes will affect searchheads, indexers, and forwarders. How do I determine if the target...
View ArticleDoes btool list disabled apps?
When using btool to see configurations, are diasbled apps listed? Or just enabled apps?
View ArticleHow to reset sorting when using column header to sort table in dashboard
How to reset sorting when using column header to sort table in dashboard?? I have a dashboard with submit button. When I sort the table on my first search and run another search, the new search acquire...
View ArticleHelp with if else condition search
I have field called suggested_IOPS, allocated iops and throughput avg.What I am looking is if suggested IOPS is less than Allocated IOPS (AND) throughput avg is greater than 80%, display "CHANGE...
View ArticleHow to reset sorting when using column header to sort table in dashboard
How to reset sorting when using column header to sort table in dashboard?? I have a dashboard with submit button. When I sort the table on my first search and run another search, the new search acquire...
View Articleepoch time difference between first and last.
Hello All, I am trying to find the difference between first time and last time in epoch time. and i want the difference epoch time to be in human readable . for example.: the difference should tell me...
View Article