find inactive alerts/reports
We have around 500 alerts and reports cnfigured to our application. I want to know list of alerts/reports which are active and which are not in use. I am not a Splunk admin so i can't get permission to...
View ArticleHow to anonymize the client ip in ms:iis log files?
Hello, I has to anonymize the client ip in ms:iis log files at indexing time, so it must not be possible to determine the original client ip address. It's not so easy, because it's not allowed to...
View ArticleUpgrade from 7.0.1 to 7.3.x and add-on compatibility
Hello, I want to make upgrade my Splunk Enterprise version to newest but I see that aws add-on is not compatible. Current compatibility version from extension page: Splunk Versions: 7.2, 7.1, 7.0, 6.6,...
View Articlehow to execute a search everyday and every 8 hours
I have three teams in industrial company, the first starts work at 6am, the second at 2pm, and the third at 10pm, the working time of each team is 8 hours, I wanted to count the amount carried out each...
View ArticleAny way to access data in rows of table and then search further using each of...
Suppose I have logged data with certain fields like id, level, message etc. Ex: id:123 level:warn Message:xyz task is being performed(msg1) I need to find all logs which have the above message logged...
View Articlecan I collect Azure application insight logs without using and Add-on on splunk
I would like to collect Azure function app (app services) logs into application insight, then to stream them to splunk, is there a way to accomplish that without using splunk add on? if yes, How can I...
View ArticleTcpInputProc - Encountered S2S Exception=Invalid _meta atom: for key="Caption":
Hi I get al lot of the following messages on my IX: TcpInputProc - Encountered S2S Exception=Invalid _meta atom: for key="Caption": Can anyone explain what this error messages indicate?
View ArticleUniversal Forwarder to report 2 Indexer
What is the best way to route security events to Security Indexers and rest of the sourcetypes to operational indexers? And Can we manage universal forwarder with 2 deployment servers?
View ArticleExport a search result automatically to my local c:\
Hi Experts, I want to insert a Splunk URL into a right click function in my app to open a set of results and save down to the local c:\ I tried the following transid123 sourcetype="blah" |reverse...
View ArticleSplunk App for Win Infra Group Audit Using Wrong Credentials
Splunk 7.3.1, WinInfra 1.5.2, Windows_TA 6.0.0, Supporting Add-on for AD 2.2.1 The Group Audit / Full Group Membership (and possibly other areas pieces of the app?) uses credentials defined in...
View ArticleRemote Script execution crontab ?
Looked through existing questions and nothing seems to flat out answer it ... so I'm asking :) If there a crontab like feature in Splunk for running scripts on remote systems ? Not looking for...
View ArticleHow do I determine if a user group is not used ?
Hi all, Here is my problem : on the one hand I have a lookup which is a list of group names. On the other hand, I have logs generated when someone establishes a connexion to my bastion, and the logs...
View ArticleUniversal Forwarder - Tag or add identifier to data to distinguish environment
Hey everyone, Summary of the long post: On universal forwarders, I need to add some kind of identifier like a tag or metadata value to all data before it is sent to distinguish the environment it is...
View ArticleHow to convert hexadecimal IP to decimal
Hello all , Below is the sample event.How can we convert that to regular IP .I tried using the below query but its not converting correctly | rex...
View ArticleExcel export problems in Splunk for Excel.
Hello, I am new to this App in Splunk. I am figuring out how this work. One of the problems I am coming across is that I can't save any search into excel form. I don't know what is happening when I...
View ArticleHelp with dur2sec function not displaying
Hi I am having an issue with the result of my dur2sec function not displaying. Here is the SPL. I am still new to splunk so have put what I believe I am doing alongside the query. |eval...
View ArticleHow to color code one column based on another (Dynamic)column when using...
I have 700 sites, I am running a chart command to get some value for each site per day. | bin span=1d _time | eval _time=strftime(_time,"%Y-%m-%d") | chart avg() as Value by Site,_time Output looks...
View ArticleSplunk test environment
I need to set up an splunk test environment to test out apps before adding them to production environment, also to test out adding new data into new indexes before adding it to production. We run an...
View ArticleA-Z on freezing & recovering older files in an index.
I am fairly new to splunk and have been trying to piece together my understanding of things via the numerous answers in the splunk knowledge base. However at this point in time I'm honestly clueless on...
View ArticleGetting Error while fetching apps baseline on target=https://###.###.###.##.8089
I have verified that the shcluster (for the SH IP it lists) does have the same pass4symkey password yet I still get the error. The server mentioned was recently added to an existing search head...
View Article