How to pick latest updated file from today
I have a file, which will be updated multiple times in a single day and the it will be indexed into splunk multiples times in a day, but i want to display the very latest/recently updated file. how do...
View ArticleCan someone explain the triggers stanza in props.conf?
All, I noticed a [triggers] stanza in an app I Just made with the AppBuilder in props.conf. Anyone have some documentation on this config?
View ArticleSame query run multiple times returns different results
I got a different result count when I executed this query a week before, and when I executed it today. The first time, the query returned 16 records, today, it returned 21! How is this possible? I ran...
View ArticleEventgen - ERROR ExecProcessor - message from "python...
Hi all, For some reason i have this error in splunkd.log and there are no logs being generated from other applications which have eventgen.conf and samples dir. Did anyone now how to solve this...
View ArticleFailed to receive logs from Docker with Splunk Logging Driver
Hi all, I followed the instruction in https://github.com/splunk/docker-logging-plugin to install the log driver, and also setup the HEC in Splunk. Tried following: 1. docker run --publish 4000:80...
View ArticleManually create a notable event with a pre-determined timestamp
I am trying to manually create 500 new notable events that all have the same timestamp. I have not been able to find a way to do this, even though I read the Splunk manual for manually creating notable...
View ArticlePython SDK [list of inputs in input.conf]
Hi, i have 40 inputs [type: monitor] configured in one inputs.conf. Let's call them 001, 002, 003, .... 040 i'm using python sdk to list all available inputs which are configured in inputs.conf file....
View ArticleData input configuration for UDP syslogs from sonicwall firewall
Hi there, I need your support to configure Splunk for our network security environment. I have installed Splunk in our Windows 2012 Server. Splunk web was working fine. We need to add our Sonicwall...
View ArticleSplunk 7.3.1, Windows 10 - "AfterGlow was not able to generate a graph" Issue
Hi everyone, I'm wondering if anyone has had issues generating graphs within Splunk, using AfterGlow, using the following versions of software: Windows 10 Splunk Enterprise 7.3.1 GraphViz 2.38...
View ArticleMonitor all remaining files not specifically matched
We have several syslog-ng collectors with UFs on them. The UF monitors the paths and files that syslog-ng generates that we point it to, but I know there are probably several systems sending syslog...
View ArticleExtract selected fields from .txt
Hi All, I Need to extract " CURDEPTH(553)" and "MAXDEPTH(15000)" as two seperate fields from the below .txt file (below is the sample stanza). Can you please help. Thanks in advance. 1 : dis...
View ArticleO365 and Azure AD - estimation of volume of data
I've been asked to estimate how much license is needed to ingest Office 365 (and Azure AD) logs. Not sure what variables are in place - but there are about 1200 users. Does anyone have a ballpark...
View ArticleReplicated scheduled search not removed
Hi, I keep receiving the warning message related "Search peer xxxxxx03 has the following message: Dispatch Command: The number of search artifacts in the dispatch directory is higher than recommended...
View ArticleConditional searches in the same search
Hello ! Is there a way to do conditonal searches depending of the result of a first search ? I mean, here is an exemple : - A search command returns a table with a field containing an interesting...
View ArticleCan Multisite SHC be integrated with Individual Indexers?
We do not have Multisite SH and Indexer Cluster in our environment. We have like really huge no of Hosts ( Indexers & SH) and many deployments, like 110 Indexers with 22 SHC , 25 Indexers with 12...
View ArticleHow to disable search run in js on page load?
Hi, I created a html-dashboard in which the user can choose a work station and then can click buttons for several machine faults. If a button is pressed, a search is started in js to write the fault,...
View ArticleREST API JSON output only with "result" field (without offset, etc.)
Hey guys, could you please help! I use curl -k -u 'myUser:myPwd' https://localhost:8089/services/search/jobs/export -d search="search index=myIndex | head 2 | table _time, CLIENT_ID, EVENT_TYPE_NAME "...
View ArticleWhy is the "default times.conf label" showing up in TimeRangePicker after...
We are upgrading our Splunk distributed deployment to 7.3.0. After upgrade we noticed that the time range picker module inside our app shows the value "default times.conf label" as one of the options....
View Articleorder result High to Low
I have a simple query, listing event codes by host: index=wineventlog sourcetype=WinEventLog:Security Stats count by EventCode, host I'd like to order the results so that it shows either the top 10...
View ArticleConvert string to command, for dynamic union search
TL;DR - **Is there a way (without custom scripts or commands) to run a command from a string in the format of a `union` that contains a dynamic number of subsearches?** I have quite a few heavy...
View Article