HEC ignores json timestampt
Hi, I have this json event I put in trough HEC: { "time": "2019-10-01T11:29:53.817", "eventType": "Computer Room Temp Monitoring", "location": { "dataCenter": "PDC1", "hostname": "PELLE", "temp": {...
View ArticleSplunk 7.3.1 DBX Oracle driver not recognized
SPLUNK_HOME=/appl/splunk Driver is in $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers per https://docs.splunk.com/Documentation/DBX/3.1.4/DeployDBX/ConfigureDBConnectsettings [wamsplunk@ bin]$ cd...
View ArticleApplication is missing Lookups,Missing lookups
The application is missing the lookups folder and the csv files. I was getting lookup errors.,Hi, The application is missing the lookups folder and the csv files. Best regards Tiago
View Articlemap command maxsearches unexpected behavior
I have the query below: index=stats_summary dest_ip=172.* | dedup src_ip dest_ip| map maxsearches=100 search="| inputlookup networks.csv | eval dip=$dest_ip$ | eval sip=$src_ip$ | eval...
View ArticleCan HF act as indexer and can be queried using search head
I have this use case were i cannot transfer the client data from country due to their policy and my Whole splunk infra reside in different geo location . So my question is what are the options do i...
View Articlefield extraction
Same sourcetype have two different patterns in that case how can I define field extractions? Because field extractions can work on the host, source or sourcetype only.
View ArticleHow to: compare timely fake event with real generated event
Hello all, how do I create a timely dummy event to compare with the real generated events to show as a chart. **These logs are generated every 3 hours** _raw event example: 2017-09-04 02:07:00,630 LOG...
View ArticleSpirion: Unable to fetch data and receiving error message
I am trying to integrate Spirion with Splunk but getting below errors: 10-02-2019 15:55:53.539 -0500 ERROR ExecProcessor - message from "python...
View ArticleTA-pfsense: Application is missing lookups and CVS files
The application is missing the lookups folder and the csv files. I was getting lookup errors. Best regards Tiago
View ArticleMap command maxsearches unexpected behavior
I have the search below: index=stats_summary dest_ip=172.* | dedup src_ip dest_ip| map maxsearches=100 search="| inputlookup networks.csv | eval dip=$dest_ip$ | eval sip=$src_ip$ | eval...
View ArticleCan heavy forwarders act as indexer and can be searched using search head?
I have this use case were I cannot transfer the client data from country due to their policy and my whole Splunk infra reside in different geolocation. So my question is, what are the options do I have...
View ArticleHow to generate timely fake event and compare with real event
Hello all, how do I create a timely dummy event (without using "|lookup" external file) to compare with the real generated events to show as a chart. **These logs are generated every 3 hours** _raw...
View ArticleNessus Data Importer: Can it pull compliance results?
Came across this and played with it a bit. Still works in Splunk 7. However, it only pulls vulnerability results, can it be configure to pull compliance results such as those found from a STIG...
View ArticleSplunk Add-On Builder Pre-Request Script
In order to hit the endpoint needed to get data from an external API, I need to make a call to get a valid access token from the external API. I use that access token to make subsequent calls to the...
View ArticleHow do you combine info from multiple events but for one customer in one table.
How do you combine info from multiple events but for one customer in one table or dashboard? For example: Event1: Customer = 123456 State=”” Status=”200” Event2: Customer = 123456 State=”NJ”...
View ArticleHow to setup alert for x% decrease in count by market?
hi All, We are receiving web traffic to one index from multiple markets like below query. Now we have been asked to setup an alert if there is any decrease in 50% of volume in any market over a time...
View ArticleStatus Indicator Icon
I'm using Splunk 7.2.6 and I've installed the Status Indicator app. The problem is I cannot get any icons to how up. The value appears just fine, but no icons? TIA Mark
View ArticleVisualize event with start and stop time fields
Hello! We are trying to determine the best visualization to show scheduling data in Splunk. We have data that provides a Actual Start and Stop and Schedule Start and Stop in epoch time as fields as...
View ArticleLookup csv file not producing correct results
Hello, I have a lookup file called fs_src_mac_tg.csv has two columns: src_mac and exists src_mac = a list of mac addresses exists = yes search: index=myindex | stats count by src_mac signature | lookup...
View ArticleHow to compare values from 2 different rows?
Good afternoon could someone help me with this query: I have the following values | users | Age | user1 | 99 user2 | 99 How can I compare that if the user user1 of age 99 is equal to the user of...
View Article