Not seeing data in Splunk form REST API add-on
Hello @Damien Dallimore We have REST API add-on 1.5.3 version .We are running Splunk on version 7.1.1. .We are not seeing data for a long time and when checked the logs I found out that the activation...
View ArticleHow can I use a value returned from a search as the source criteria for...
I am working on a search that needs to reference two unique CSV sources which are ingested from a UF; let's call these sources foo.csv and bar.csv. The general idea is to create a table which reflects...
View ArticleObtaining Vulnerability Count, Host Count, and Vulnerability Count per Host...
My employer recently stood up the Tenable connector to Splunk and are looking to take full advantage of it. My experience in Splunk is very limited but here are the main points. 1. We have 10,000...
View ArticleTime stamp configuration in props.conf
Hi Splunker; How can set (TIME_PREFIX, TIME_FORMAT, and MAX_TIMESTAMP_LOOKAHEAD) in props.conf if there change of timestamp location in each events? you can see the sample logs in the attachment about...
View ArticleHow to split a GC log using eval funciton?
Below is the sample GC log. Let me know how to split it using eval function? 2019-09-11T02:27:50.180-0400: 660007.803: [GC (Allocation Failure) [PSYoungGen: 21216K->224K(20992K)]...
View ArticleHow to align events returned by two separate searches in a table
I have a search that references CSV sources which are ingested from a UF; let's call these sources foo.csv and bar.csv. The general idea is to create a table which reflects fields from both CSV sources...
View ArticleAvoid double indexing from HTTP event collector and file
I have an application which send event to HTTP event collector and writes a backup log to disk. Can I somehow configure Splunk to index a log file in case HTTP endpoint will be unavailable? How could I...
View ArticleWhy does my Splunk is not indexing all the files that pass thru inputs.conf?
Hello Everyone! I created an inputs.conf for index different files, but after a few files indexed it stop indexing new incoming files. For the record the files are historical. What could be going...
View ArticleHow to monitor Application in OpenShift Cluster with Splunk?
Hi, My application is running on OpenShift pods. The application accepts API calls on port 9443. In front of the pods, we have ELB which is the public entry point into the application. The ELB accepts...
View Articleedit file server.conf
i changed file server.conf as per this document "https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Serverconf" The goal is to optimized the load per index to increase performance. However I got...
View ArticlePing request timeouts ICPM_SEQ when i try to ping some indexers in my...
When i ping my indexer, i recieve the following: It pings correctly, but after few stops it gives this error: **request timeout for icmp_seq** what could be the reason? how to troubleshoot?
View ArticleWhat are the search tools available in the Search App?
I'm new to Splunk. What are some basics I need to know about the search tools in the Search App before I start?
View ArticleField extraction.
I have a raw event like this for each order, if a user buys two products of different units how can I tie each product to a specific quantity. Items: [ [-] { [-] commitCode: 2 deliveryType: partNumber:...
View Article[quick help on approach] migrating from 6.6.1 to 7.1.2
Hello Splunkers I am trying to migrate the following items from a windows 2008 r2 non-cluster to Linux Rhel7 cluster • Users • Reports • Rules • Lookups • Dashboards I have seen few docs especially the...
View ArticleCalculate last 3 months count average and compare the result with last month...
I want to calculate last 3months count and take its average and need to compare with last month total count. For example: last Month, August = 350 July = 320 June = 347 May = 300 Need to apply...
View ArticleWhat are knowledge objects, and what do I need to know about them?
What are knowledge objects, what do they do, and what do I need to know about them?
View ArticleFind the LAST instance of an extracted field
I have event data which looks like this: Sep 12 11:33:23 hostname AUDIT "2019-09-12 11:33:23.677 GMT+1000" 192.168.19.36 hostname:1812 0 1912 17771 "text=Access CHALLENGED 0x0: Success ,reason=0"...
View ArticleEffect of restarting splunk service on indexers when the indexing...
On my 3 indexers(which are in a cluster), sometimes the **typing queue** and **indexing queue** go almost full ( >90% or 100%) - and those indexers indexing rate will go down(e.g. 300KB/sec | normal...
View ArticleCan I use gMSA to run splunk
Hi, can I use gMSA instead of MSA to run splunk Entreprise ? http://www.out-null.eu/2014/06/30/msa-managed-service-account-and-its-younger-brother-gmsa/ regards
View ArticleRun data model acceleration search as user instead of nobody
We have a accelerated data model on Splunk Enterprise for which the scheduled searches are getting skipped. On checking scheduler logs through search query we can see that the search is getting skipped...
View Article