Need to renew trail license once again to same trail version for 60 more days ??
Hello- i have been using my trail version of 60 days in splunk enterprise version. need to renew the same license for another 60 days ? because i have made some some dashboards and loaded some data in...
View ArticleEvents not appearing
I configured the sourcetype to fml:log according to the details but no events appear. When the sourcetype is changed to syslog events start to appear. Switching back to fml:log stops events again. Any...
View ArticleHow can I Splunk my training credit data?
All, I want to Splunk my Splunk educational credit status to build a custom report for my management chain. Has anyone hit the Splunk API or scraped the Splunk site for this use before? thanks -Daniel
View ArticleHow to share same HEC token for two Heavy forwarders?
Hello All , I have a Heavy forwarder where I created a HEC token and data comes from that token.But we want to use another HF in case if the other HF is down and so that data streaming wont stop .What...
View ArticleSplunkFundamentals Module 5
Hello, I've been following the free course for Splunk Fundamentals 1 and now I'm on lab 5. I have completed everything successfully up to this point. It is on basic searching and asks me to search...
View ArticleDNS Server NOT Forwarding Windows Security Events
One of our DNS servers running a UF, suddenly stopped sending Windows Event logs to our indexers. DNS events are still being forwarded.
View Article_internal index replication causes inaccurate license reports
All, We noticed something very strange with our reporting. We have recently transitioned to an indexer cluster. We have always had a report that is sent out with yesterdays license usage totals....
View ArticleCreating pie chart with nested data
Hello. We have tabular data formatted like this: "CollectionName" "CollectionSize" "PercentageUsed" "FOO" "36" "50" "BAR" "14" "36" (The first row is the column headers, translated into field names.)...
View ArticleHow to create inputs.conf blacklist with BOOLEAN
Hi there, I want to create a blacklist in the universal forwarder or in my heavy forwarder with the following conditions: 1)EventCode=4688 2)splunk*.exe so I want the regex to be something like...
View ArticleRex command returns null despte the regular expression being correct
Hello there, I am attempting to write a rex command that pulls the distinguished name from a windows event log. My regular expression claims to be working according to regex101.com, however, in Splunk...
View ArticlePhantom integration giving the ssl error, how to disable them?
I am seeing the below issue, Httpsconnectionpool(host='phantomdev..com', port=XXX): max retries exceeded with url: /rest/ph_user?include_automation=true&_filter_token__key='' (caused by...
View ArticleLookup Tables - Dedup
Hello, I Googled and checked several answer posts, but perhaps I am not wording it correctly in the search engines. I have a lookup table and I want to remove duplicates from the table itself. Not just...
View ArticleReturn only those events who exist in consecutive time bins
So I'm working on a search that returns standard network stuff and using a `bin` to bucket the data by a day. Something like this: base search earliest=-7d | bin _time span=1d as window | stats...
View ArticleProblem with optimization of the regex: limits.conf
Hi I have a problem with the error message of the Splunk: Error in 'rex' command: regex="(?ms)\]+[^\s](?P.*?)\" has exceeded configured match_limit, consider raising the value in limits.conf The...
View ArticleITSI 4.3.0 Backfill Exception during startup
Hi, I have been using ITSI 4.3.0 for some time now, A few months ago had a KV Store issue which seemed to resolve itself by doing a ITSI restore, not sure if thats related. For 1 month now ITSI takes a...
View ArticleHow to use Splunk ODBC driver to import an excel report to splunk?
Hi All, I want to import a scheduled excel report generated from one prod system to splunk. When I manually imported it, it showed me encoded as shown below ![alt text][1] [1]:...
View Articlesaved_search.py both python 2 and 3?
try: import utils .... opts = utils.parse(argv, RULES, ".splunkrc", usage=usage) I am confused as both python3 and python2 does not seem to have an utils module with a parse method? Could someone explain?
View ArticleCall custom command on drilldown from a dashboard.
Hello Splunk Developers I need to call a custom command on click of a drilldown on a table cell in dashboard. The action should call the custom command behind the screen and upon completion of command...
View ArticleFiltering Events
Hi, I would want to know the current event and the after event of that particular current event. 1.First i would want to search for a particular number sequence 12345. 2.Then find the event that occurs...
View Article