How to compare values from 2 different rows?
Good afternoon could someone help me with this query: I have the following values | users | Age | Â user1 | 99 Â user2 | 99 How can I compare that if the user user1 of age 99 is equal to the user of...
View ArticleLookup csv file not producing correct results
Hello, I have a lookup file called fs_src_mac_tg.csv has two columns: src_mac and exists src_mac = a list of mac addresses exists = yes search: index=myindex | stats count by src_mac signature | lookup...
View ArticleSplunk Add-On Builder: Pre-Request Script
In order to hit the endpoint needed to get data from an external API, I need to make a call to get a valid access token from the external API. I use that access token to make subsequent calls to the...
View ArticleStatus indicator icon does not appear
I'm using Splunk 7.2.6 and I've installed the Status Indicator app. The problem is I cannot get any icons to how up. The value appears just fine, but no icons? TIA Mark
View ArticleSEP 14.2 RU1 MP1 Working Dashboards
Does anyone have working example of Symantec Endpoint Protection Dashboards along with Working TA. I have gone through https://answers.splunk.com/answers/745774/sep-142-ru1-log-format-change.html which...
View ArticleDoes anyone have working example of Symantec Endpoint Protection Dashboards...
Does anyone have working example of Symantec Endpoint Protection Dashboards along with Working TA. SEP 14.2 RU1 MP1 Working Dashboards I have gone through...
View Articleall data is indexing as sophos:xg:IDP
I have configured our XG to push all syslog data to a syslog-ng collector, from there I have the splunk forwarder set to forward all data from the log to my indexer as sourcetype = sophos:xg:syslog...
View ArticleERROR TailingProcessor - Invalid value '0' for parameter 'time_before_close'...
When we are trying to take Exchange logs using the below inputs.conf its getting an error, Any body help me on this 10-03-2019 15:44:09.088 +0400 ERROR TailingProcessor - Invalid value '0' for...
View ArticleTA-pfsense: Application is missing lookups and CVS files
The application is missing the lookups folder and the csv files. I was getting lookup errors. Best regards Tiago
View Articleinputs.conf blacklist with BOOLEAN
Hi there, I want to create a blacklist in the universal forwarder or in my heavy forwarder with the following conditions: 1)EventCode=4688 2)splunk*.exe so I want the regex to be something like...
View ArticleIncomplete Index List on Role Creation (Splunk 7.3.1.1)
Hi All, We recently upgraded to Splunk Enterprise vesion 7.3.1.1 and we're trying to add new roles to the instance. However, we noticed that on the index restriction section that not every index is...
View ArticleRegular expression in log message
I'm struggling now. Could you please help me? There are two hosts. they have same log data. the host name is different but the same data is indexed. host 1 is the master. If host 1 fails, 2 becomes the...
View ArticleRolewise dashboard display
Dear All, I have an app and in that app i have 2 dashboards: dashboard1 and dashboard2. and i have 2 roles : role1 and role2 I want only the user with role1 to see the dashboard1 and user with role2 to...
View ArticleAvoid indexing same file multiple times batch input
I have batch input [batch://C:\abc\*.zip] move_policy = sinkhole index = xyz host_segment = 2 crcSalt = sourcetype = pqr disabled = false for testing I added one zip file in monitored folder after...
View ArticleCan we forward the data using forwarder to indexer in splunk trail version?
I have installled the Splunk free trail version and want to forward data from other server using splunk forwarder. Is it possible in Splunk trail version?
View ArticleSchedule report with variable field
First and foremost: maybe what I'm looking for isn't possible or I'm going down the wrong road, in which case, please enlighten me. So say we have search: index=my_index my_field1=* | timechart...
View ArticleHow to send Nutch "crawl" script logs to splunk with some logger like Log4J
Apache Nutch crawl script generates logs. How do I configure Log4J on it so that it matches Splunk format of timestamp and log content in JSON format so that Splunk can index the data?
View ArticleAdvanced filtering on |inputlookup command
A large kv lookup table (>2M entries and growing) holds metadata and is processed on a regular schedule to solve some complex correlations. The task at hand is to make accessing the last 5k entries...
View ArticleSplunk query not giving me results
HI All, Could any one help me in this on urgent basis: My query is malfunctioning : index=auto_prod_okta eventType="user.session.start" outcome.result="SUCCESS" OR outcome.result="FAILURE" NOT...
View ArticleSplunk - Cosmos dB Connectivity
Hi, I need to connect to Cosmos dB using Splunk DB Connect, Is there any procedure to do so? Thanks.
View Article