Splunk Fundamentals 1 - Module 3 Lab - adding a new power user
Greetings, In the pop-up window where I can add a new user, I can select username, name and then email address. After that, if I click the Tab key, the selector does not move to the "password" and...
View Articlehow to add same values totals in the field
Status Count Failed 2 Passed 16 Skipped 22 Failed 66 Passed 7 Skipped 8 Please help me out on how to add the values of same fields in splunk as the output should be Failed as 68, passed as 23, Skipped...
View ArticleGet kvstore values with command rest
Hi all, I'm currently retrieving lookups from another SH in this way: | rest splunk_server=server_name splunk_server_group=* /services/search/jobs/export search=" | inputlookup my_lookup.csv"...
View ArticleHow to Split the below json file into multi events
Hi Folks, Kindly help me to figure out dividing the below logs into each events. { "SecurityGroups": [ { "Description": "default VPC security group", "GroupId": "abcd", "GroupName": "default",...
View ArticleLogging of DNS Audit events
Hey guys, i want to log dns audit events such as the deletion/creation of dns entries. I've installed Splunk app for Windows Infrastructure and Splunk supporting addon for Active Directory. Everything...
View Articlesoftware uninstalled
Dear All, how can I know that if someone uninstall anti virus solution on windows server or client. can we get that logs with windows TA ?
View ArticleRestrict search term not working on a new created role inheriting the admin role
Hi there, I have created an automatic lookup to separate events for different teams so that each events would be assigned a new field "team". Then I would like to use this field as the restrict search...
View Articlenot receiving logs from auditd enabled linux server
Hi everyone, to collect auditd logs from /var/log/audit.log, I just add TA-auditd and removed standard unix TA. the default TA-auditd does not have any inputs.conf file. there are no logs i check with...
View ArticleHow to configure the universal forwarder to Heavy forwarder then Indexer
Hi, Can someone help what are the step I need to do if I have below flow : Universal Forwarder ------- Heavy forwarder ------- Indexer And need help how to parse the traffic when the log will at heavy...
View ArticleIndexers SSL Problem
Hi guys. I'm trying to configure my two indexers to receive data with SSL. My inputs.conf configuration is: # BASE SETTINGS # [Splunktcp: // 9997] [Splunktcp-ssl: // 9997] # SSL SETTINGS [SSL] rootCA =...
View Articlehelp for doing a count on the latest event only
hi I want to do a count the last event of a subsearch I am doing "stats count last" but it doesnt works what I have to do please? Something with _time? `test` [| inputlookup host.csv | table host |...
View ArticleHow to get zabbix data into Splunk
Hi , I am trying to get zabbix data into splunk from quite some time and little stuck . I have a python script in local that gets teh zabbix data. Unfortunately , I am unable to get the output of the...
View ArticleHow to get Lookups into an Index?
I would like to get my lookups (both CSV and KV Store) into an index, perhaps maybe once a day. This way I can view changes over view and would have an easy backup, not to mention it would be easier to...
View ArticleIssue with crcsalt not reindexing files
A newbie splunker here. I got a doubt about crcsalt as for some reason it's not working for me. I got a task to monitor .conf files for some apps and I made the inputs.conf & props.conf in a server...
View ArticleStats table to Time chart
I want to create a drill down that will go from a value on a stats table a time chart for the clicked pool name in a new tab, I've been at this for a few hours now and I can't seem to get it to work....
View ArticleStats table drilldown help
I want to create a drill down that will go from a value on a stats table a time chart for the clicked pool name in a new tab, I've been at this for a few hours now and I can't seem to get it to work....
View ArticleDynamic dropdown select All from dropdown list only
I currently have a dropdown that is working properly but I want to add an All selection and make it default. The problem I am running into is either it will select all items in the inputlookup or it...
View ArticleBasic log parsing setup for VMware
There are a lot of pieces to the VMware App, but I am only interested in parsing logs for now. What pieces do I need to just do basic syslog parsing for vCenter and ESXi? Splunk_TA_esxilogs and...
View ArticleFind missing PC from two indexes same field heading /name
Trying to create a report using two indexes on same field "Pcname". Different datatype one of from **Active Directory** and other one is from **SCCM**. Same computer are present in both indexes see...
View ArticleNeed help extracting results from two indexes same field heading /name
Trying to create a report using two indexes on same field "Pcname" . Different datatype one of from Active Directory and other one is from SCCM. - If missing form for either Index or not reported back...
View Article