How to monitor Rabbitmq topic and queue via JMS message Modular Input
hi All I am relatively new to RabbitMQ and JMS. I have tried reading all the documentation (https://www.rabbitmq.com/jms-client.html#jms-connection-factory) and...
View ArticleExecute javascript after a search
Hi, I've copied the Search & Reporting app folder as my own app in /etc/apps, now I want to add some JS to be executed after a search has finished. Everything I've tried hasn't worked, anyone ever...
View ArticleIn a generic S3 input for the Splunk add-on for AWS, can a key-prefix contain...
Trying to use a key-prefix when setting up a Generic S3 input that utilizes a wildcard in the path, but it doesn't look to be working. S3 key prefix = /AWSLogs/*/vpcflowlogs/ Has anyone had any luck in...
View ArticleIs it possible to reuse a field regex in multiple alerts?
We have a large number of alerts which extract data from nginx logs and ping under certain conditions. In each of these alerts we do an identical field regular expression extraction to break the log...
View ArticleHow to execute javascript after a search
Hi, I've copied the Search & Reporting app folder as my own app in /etc/apps, now I want to add some JS to be executed after a search has finished. Everything I've tried hasn't worked, anyone ever...
View ArticleSplunk add-on for AWS: In a generic S3 input, can a key-prefix contain a...
Trying to use a key-prefix when setting up a Generic S3 input that utilizes a wildcard in the path, but it doesn't look to be working. S3 key prefix = /AWSLogs/*/vpcflowlogs/ Has anyone had any luck in...
View ArticleApprove & Reject Buttons for workflows to selectively index data
I have a form which accepts inputs from users and saves into a lookup file on submit button (using the outlookup command). Now, I would like to have a form which displays these entries row by row in a...
View ArticleHow to 'join' two data sets but neither left join or inner join are suitable?
Hi everyone, I've tried to answer this myself but no luck. I fear it might be so simple i'm overlooking it. I'm comfortable with left & inner join, however i'm trying to 'join' two data sets that...
View ArticleHow to extract from multiline events using regular expressions with variables?
Hi, I have a rather large multiline event which I am trying to extract data from. The problem is that the format is along the lines of: key0 = "bob" key1 = "foo" key2 = "bar" bob = blah $value0 blah...
View ArticleAdd "for" attribute to a label in a splunk form version 6.6+
Hi guys, Need a quick help. I want to add "for" attribute to labels within a splunk form . It is needed in the DOM as there is dependency over that value in javascript. At present : `` Endpoint ``...
View ArticleOutput Results to Lookup Truncating Results
Hello, Hoping for some guidance. I have a scheduled report that has been running weekly for several months now without any issues. I am outputting the results to a lookup file and replacing the results...
View ArticleHow to create a custom field at Heavy Forwarder for all sourcetypes ?
Hi All, Thanks upfront for your time. I have a task that I am trying to create 2 fields for any sourcetype that visits my Heavy Forwarders on the way to my indexer cluster. I had created following...
View ArticleWarning in email notification in splunk
Dear Team, We have configured the email notification in splunk but we are getting the below warning message. How can i remove this? "WARNING - This email originated outside of abcd(company name). Do...
View ArticleHow to search with "IN" to produce same results as "OR"?
I have a search with a bunch of OR's and I wanted to replace it with "IN" however I do not get the same results. My working search is : index="mimecast" (Sender="*gmail.com" OR Sender="*@outlook.com"...
View Articlednslookup filtered null-value event
HELLO, I installed dnslookup app, I search with dnslookup command such as (|dnslookup forward domain ip ), But some null-value field event was filtered. Can anyone explain why ? Thanks
View ArticleTA_Azure_Monitor - script running failed (exited with code 1).
Hi everyone, An HF node in our env started getting this message all of a sudden. Unable to initialize modular input "azure_monitor_metrics" defined inside the app "TA_Azure_Monitor": Introspecting...
View ArticleMultiple sources in event
Hi. We are ingesting log from a HEC input where in the stanza we are setting a source. In the events there is a field called Source that is extracted into an other source (in search time) Meaning all...
View ArticleLast Chance Index setup issues
hello, we are trying to configure a lastchanceindex to capture events being sent to a non-existing index, however it doesnt seem to be working. I've added to the indexes.conf "lastChanceIndex =...
View ArticleShould we use deployment server for forwarders with index clustering?
Hi, Suppose we have index clustering implemented so can we use deployment server for forwarders? Regards, Sachin
View ArticleIndex a CSV with different data types
Hi all - bit of a weird one! I've run out of ideas. **Help please!** I'm trying to index some CSV files. However, the first line does **not** contain headers, it contains CSV info about the file itself...
View Article