Custom App icons not showing
Hi, I am running an on prem installation of splunk enterprise 7.3.0. On this instance I've built an app and would now like to add icons to it. I've followed various guides where I was told to create a...
View Articleset source from directory monitor filepath inputs.conf
I have a directory monitor setup like below: [monitor://some/path/to/my/DATA/*] disabled = false host_regex = (\w+)-\w+\.log\..*$ index = this_data_index sourcetype = some_sourcetype The log files that...
View ArticleDBX Inputs from HF are Getting "Read Timeouts" Exceptions and data is not...
I need help to determine what is causing dbx inputs feed timeouts. Basically, we have HF Enterprise box setup for dbx inputs and sent to splunk cloud. Recently we started getting Read Timeouts...
View ArticleAdd a Custom Air-gapped Map service for maps+
Currenlty have an instance inside an air-gapped environment where we have our own map service provider. We are looking to use this as the map in maps+. We have not been able to get the override to...
View Articlehow to show start ,end time , duration in a table
Hi Experts , I know this can be easily achievable but some how I am not able to get this with stats command I have data like below name,status,date erp,200,2019-10-01 08:28:33 erp,200,2019-10-01...
View ArticleHow to set source from directory monitor filepath inputs.conf
I have a directory monitor setup like below: [monitor://some/path/to/my/DATA/*] disabled = false host_regex = (\w+)-\w+\.log\..*$ index = this_data_index sourcetype = some_sourcetype The log files that...
View ArticleDBX Inputs from heavy forwarder are getting "Read Timeouts" exceptions and...
I need help to determine what is causing dbx inputs feed timeouts. Basically, we have HF Enterprise box setup for dbx inputs and sent to splunk cloud. Recently we started getting Read Timeouts...
View ArticleConnection Timeout
Timeout(ConnectTimeoutError(, 'Connection to timed out. (connect timeout=10)'),) When i try to run this through chrome i get this message This site can’t be reachedThe webpage at might be temporarily...
View ArticleHow to migrate two linux indexers into one
I am looking into simplifying my Splunk architecture. I currently have two Linux indexers in different regions. They are currently setup identical - same indexes, same everything. They are collecting...
View ArticleObelisk Threat Intel: Error in app
I have errors in the app Obelisk Threat Intel and the app doesn't work that well anymore. I have removed the app according to the step below: Stop Splunk Remove the app from the directory structure on...
View ArticleHow to route to null queue without losing the extracted fields?
So I'm indexing the security log entries from my ADs but they are pretty big. I figured out how to route the entries I want to the null queue (entries for successful login and logoff are very noisy:...
View ArticleAccidentally deleted main index - Need help
I am new to splunk and while exploring tried the command index=main | delete. Is there a way I can have the main index back without re-installing. I have a Free license and don't want to end up losing...
View ArticleSending mCollect and Collect data to different indexers selectively?
All, Is there a way to selectively send data to differnt indexer groups? In my case I have a search head reading from local indexers and I need to send certain metrics and summary logs to a Cloud...
View ArticleTime Picker Doesn't Always Work in Dashboard
Hello, I have a time picker in my dashboard. It works only some of the time. If I select a preset like **Today** or **Last 24 hours**, it works. earliest=@d AND latest=now earliest=-24h@h AND...
View ArticleApp for REST Lookup: Connection Timeout
Timeout(ConnectTimeoutError(, 'Connection to timed out. (connect timeout=10)'),) When I try to run this through chrome I get this message: This site can’t be reachedThe webpage at might be temporarily...
View Articleextract url and product.
mess.url= /ae-business/shop/question/answer/product/HHRM2M/B?furl=bd2b75a1e85553a64aa4df2c47c93e049ccfe0d07f5dc518f9559717d83908ab6ff115411b3efea9d64cb1a097af5b6907eb6207f809449562d6003fa594d6f3...
View Articledisplay results that happened in a 5 minute period during a 24hr search
Hi, I have a failed logon search which includes: | stats count by user, ComputerName |search count >3 earliest=now() latest=-5m Which shows me when a user has tried to log onto a particular box more...
View ArticleCan you index a certain sourcetype and forward the remaining?
Hi I am new to Splunk and am trying to forward a specific sourcetype of data out. That part is successful but now I am having trouble with the next part; indexing the remaining sourcetypes. I am using...
View ArticleHow to use two different search time ranges in one splunk rule?
I have the following scenario: I have to find events with certain specifications in the last 15 minutes, and the search result have to be compared (in the same rule) with the result of another search,...
View Articleextracting value from complex JSON
Hi, need help on how to extract dat from this JSON. i have used spath to extract a part of my JSON to get this data structure: {<"app name1">: { "reason": "all ok", "upstreams": 1, "dialouts": {...
View Article